)]}'
{
  "log": [
    {
      "commit": "478e9a72b5e0cc9ecd8b787db90dec01d283123c",
      "tree": "f64155ef7f2967e06a105074cb668da0294d62ae",
      "parents": [
        "2b5f6d110ee835cba1742c999cabd30a54c10b76"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Tue Oct 22 00:07:47 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 04 04:23:41 2013 -0800"
      },
      "message": "inet: fix possible memory corruption with UDP_CORK and UFO\n\n[ This is a simplified -stable version of a set of upstream commits. ]\n\nThis is a replacement patch only for stable which does fix the problems\nhandled by the following two commits in -net:\n\n\"ip_output: do skb ufo init for peeked non ufo skb as well\" (e93b7d748be887cd7639b113ba7d7ef792a7efb9)\n\"ip6_output: do skb ufo init for peeked non ufo skb as well\" (c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b)\n\nThree frames are written on a corked udp socket for which the output\nnetdevice has UFO enabled.  If the first and third frame are smaller than\nthe mtu and the second one is bigger, we enqueue the second frame with\nskb_append_datato_frags without initializing the gso fields. This leads\nto the third frame appended regulary and thus constructing an invalid skb.\n\nThis fixes the problem by always using skb_append_datato_frags as soon\nas the first frag got enqueued to the skb without marking the packet\nas SKB_GSO_UDP.\n\nThe problem with only two frames for ipv6 was fixed by \"ipv6: udp\npackets following an UFO enqueued packet need also be handled by UFO\"\n(2811ebac2521ceac84f2bdae402455baa6a7fb47).\n\nCc: Jiri Pirko \u003cjiri@resnulli.us\u003e\nCc: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "2b5f6d110ee835cba1742c999cabd30a54c10b76",
      "tree": "4e10f90603b71437153e18c38cd356b569fdb98c",
      "parents": [
        "4dde1cb060276e93a2ed22e4a167fc260a9d8c23"
      ],
      "author": {
        "name": "Seif Mazareeb",
        "email": "seif@marvell.com",
        "time": "Thu Oct 17 20:33:21 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 04 04:23:41 2013 -0800"
      },
      "message": "net: fix cipso packet validation when !NETLABEL\n\n[ Upstream commit f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b ]\n\nWhen CONFIG_NETLABEL is disabled, the cipso_v4_validate() function could loop\nforever in the main loop if opt[opt_iter +1] \u003d\u003d 0, this will causing a kernel\ncrash in an SMP system, since the CPU executing this function will\nstall /not respond to IPIs.\n\nThis problem can be reproduced by running the IP Stack Integrity Checker\n(http://isic.sourceforge.net) using the following command on a Linux machine\nconnected to DUT:\n\n\"icmpsic -s rand -d \u003cDUT IP address\u003e -r 123456\"\nwait (1-2 min)\n\nSigned-off-by: Seif Mazareeb \u003cseif@marvell.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "3e5d72cd013a30bbd3a835243b635f0b85c4dd0a",
      "tree": "79b48fb112d98c9631a7e2a1ff1b5428fb1cf1db",
      "parents": [
        "225be57bbaf2c104f339b1a21efc25ff6b6bd9cb"
      ],
      "author": {
        "name": "Vlad Yasevich",
        "email": "vyasevich@gmail.com",
        "time": "Tue Oct 15 22:01:29 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 04 04:23:41 2013 -0800"
      },
      "message": "net: dst: provide accessor function to dst-\u003exfrm\n\n[ Upstream commit e87b3998d795123b4139bc3f25490dd236f68212 ]\n\ndst-\u003exfrm is conditionally defined.  Provide accessor funtion that\nis always available.\n\nSigned-off-by: Vlad Yasevich \u003cvyasevich@gmail.com\u003e\nAcked-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "11db1e4cee071defc371d0fc7f1740024fbe5b06",
      "tree": "3f31e7f8abf5be8eee3c2bd2de3306d1b41c233a",
      "parents": [
        "3cebd7931a6f3007c3eb53942934772cc3b6ee08"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Tue Oct 15 11:54:30 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 04 04:23:40 2013 -0800"
      },
      "message": "tcp: must unclone packets before mangling them\n\n[ Upstream commit c52e2421f7368fd36cbe330d2cf41b10452e39a9 ]\n\nTCP stack should make sure it owns skbs before mangling them.\n\nWe had various crashes using bnx2x, and it turned out gso_size\nwas cleared right before bnx2x driver was populating TC descriptor\nof the _previous_ packet send. TCP stack can sometime retransmit\npackets that are still in Qdisc.\n\nOf course we could make bnx2x driver more robust (using\nACCESS_ONCE(shinfo-\u003egso_size) for example), but the bug is TCP stack.\n\nWe have identified two points where skb_unclone() was needed.\n\nThis patch adds a WARN_ON_ONCE() to warn us if we missed another\nfix of this kind.\n\nKudos to Neal for finding the root cause of this bug. Its visible\nusing small MSS.\n\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nSigned-off-by: Neal Cardwell \u003cncardwell@google.com\u003e\nCc: Yuchung Cheng \u003cycheng@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "c2f271001295e9d4b1cca3a01502795e4f0d1639",
      "tree": "d977bfe72c4f54eaa65ac1a315bc6f4ce820eaea",
      "parents": [
        "dad61bad4267b922a9386d9772f80fbac496c05e"
      ],
      "author": {
        "name": "Theodore Ts\u0027o",
        "email": "tytso@mit.edu",
        "time": "Tue Sep 10 10:52:35 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue Oct 22 09:02:25 2013 +0100"
      },
      "message": "random: run random_int_secret_init() run after all late_initcalls\n\ncommit 47d06e532e95b71c0db3839ebdef3fe8812fca2c upstream.\n\nThe some platforms (e.g., ARM) initializes their clocks as\nlate_initcalls for some unknown reason.  So make sure\nrandom_int_secret_init() is run after all of the late_initcalls are\nrun.\n\nSigned-off-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "022a41db8aa1bc0b4ff4c013f889292324a1c465",
      "tree": "11f00ef8d0aa584b956a194de5ee4c3be5fc5120",
      "parents": [
        "9712612a91e92824349ce9fece31dba6d2fbde70"
      ],
      "author": {
        "name": "David Rientjes",
        "email": "rientjes@google.com",
        "time": "Mon Apr 29 15:06:11 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Oct 13 15:42:49 2013 -0700"
      },
      "message": "mm, show_mem: suppress page counts in non-blockable contexts\n\ncommit 4b59e6c4730978679b414a8da61514a2518da512 upstream.\n\nOn large systems with a lot of memory, walking all RAM to determine page\ntypes may take a half second or even more.\n\nIn non-blockable contexts, the page allocator will emit a page allocation\nfailure warning unless __GFP_NOWARN is specified.  In such contexts, irqs\nare typically disabled and such a lengthy delay may even result in NMI\nwatchdog timeouts.\n\nTo fix this, suppress the page walk in such contexts when printing the\npage allocation failure warning.\n\nSigned-off-by: David Rientjes \u003crientjes@google.com\u003e\nCc: Mel Gorman \u003cmgorman@suse.de\u003e\nAcked-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nCc: Dave Hansen \u003cdave@linux.vnet.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCc: Xishi Qiu \u003cqiuxishi@huawei.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "f72299da3e1a010a3d77fbed0b9ee6abd0a19911",
      "tree": "7ea60bcfbe30a8b48fe9e3a5d2af5c08d2f115a9",
      "parents": [
        "832ae42a43dd7ea2a39d7cc0687363d0039da850"
      ],
      "author": {
        "name": "Ansis Atteka",
        "email": "aatteka@nicira.com",
        "time": "Wed Sep 18 15:29:53 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Oct 13 15:42:48 2013 -0700"
      },
      "message": "ip: generate unique IP identificator if local fragmentation is allowed\n\n[ Upstream commit 703133de331a7a7df47f31fb9de51dc6f68a9de8 ]\n\nIf local fragmentation is allowed, then ip_select_ident() and\nip_select_ident_more() need to generate unique IDs to ensure\ncorrect defragmentation on the peer.\n\nFor example, if IPsec (tunnel mode) has to encrypt large skbs\nthat have local_df bit set, then all IP fragments that belonged\nto different ESP datagrams would have used the same identificator.\nIf one of these IP fragments would get lost or reordered, then\npeer could possibly stitch together wrong IP fragments that did\nnot belong to the same datagram. This would lead to a packet loss\nor data corruption.\n\nSigned-off-by: Ansis Atteka \u003caatteka@nicira.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "2cd21fa1b54efaf6b5912ef2833fa474fdcf92b7",
      "tree": "17a056e20c3937a5af97acd45ac7792a420d78ab",
      "parents": [
        "2927937899b958de968119856ba659d8a4eff037"
      ],
      "author": {
        "name": "Peter Zijlstra",
        "email": "a.p.zijlstra@chello.nl",
        "time": "Tue Oct 02 15:38:52 2012 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue Oct 01 09:10:52 2013 -0700"
      },
      "message": "perf: Clarify perf_cpu_context::active_pmu usage by renaming it to ::unique_pmu\n\ncommit 3f1f33206c16c7b3839d71372bc2ac3f305aa802 upstream.\n\nStephane thought the perf_cpu_context::active_pmu name confusing and\nsuggested using \u0027unique_pmu\u0027 instead.\n\nThis pointer is a pointer to a \u0027random\u0027 pmu sharing the cpuctx\ninstance, therefore limiting a for_each_pmu loop to those where\ncpuctx-\u003eunique_pmu matches the pmu we get a loop over unique cpuctx\ninstances.\n\nSuggested-by: Stephane Eranian \u003ceranian@google.com\u003e\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nLink: http://lkml.kernel.org/n/tip-kxyjqpfj2fn9gt7kwu5ag9ks@git.kernel.org\nSigned-off-by: Ingo Molnar \u003cmingo@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "0049b62c9efc4ef23492976512d4722b3e63de45",
      "tree": "a098aec5808beb0937fdf3964e23742dd30066b2",
      "parents": [
        "62875332eafea9ee150a6037c0a1a20669e02aa1"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Wed Sep 11 21:56:50 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue Oct 01 09:10:51 2013 -0700"
      },
      "message": "HID: provide a helper for validating hid reports\n\ncommit 331415ff16a12147d57d5c953f3a961b7ede348b upstream.\n\nMany drivers need to validate the characteristics of their HID report\nduring initialization to avoid misusing the reports. This adds a common\nhelper to perform validation of the report exisitng, the field existing,\nand the expected number of values within the field.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nReviewed-by: Benjamin Tissoires \u003cbenjamin.tissoires@redhat.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "28f9d084175a2e0df088f5d1d9159819762e8534",
      "tree": "c48da7a3766d04e91832b8cf9ec820f019a019d9",
      "parents": [
        "3fb6304439680cd10ae221f5ddfc531147f6a6cd"
      ],
      "author": {
        "name": "Andrzej Hajda",
        "email": "a.hajda@samsung.com",
        "time": "Fri Jun 28 05:44:22 2013 -0300"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Sep 26 17:15:49 2013 -0700"
      },
      "message": "media: v4l2: added missing mutex.h include to v4l2-ctrls.h\n\ncommit a19dec6ea94c036af68c31930c1c92681f55af41 upstream.\n\nThis patch fixes following error:\ninclude/media/v4l2-ctrls.h:193:15: error: field ‘_lock’ has incomplete type\ninclude/media/v4l2-ctrls.h: In function ‘v4l2_ctrl_lock’:\ninclude/media/v4l2-ctrls.h:570:2: error: implicit declaration of\n\tfunction ‘mutex_lock’ [-Werror\u003dimplicit-function-declaration]\ninclude/media/v4l2-ctrls.h: In function ‘v4l2_ctrl_unlock’:\ninclude/media/v4l2-ctrls.h:579:2: error: implicit declaration of\n\tfunction ‘mutex_unlock’ [-Werror\u003dimplicit-function-declaration]\n\nSigned-off-by: Andrzej Hajda \u003ca.hajda@samsung.com\u003e\nSigned-off-by: Kyungmin Park \u003ckyungmin.park@samsung.com\u003e\nSigned-off-by: Hans Verkuil \u003chans.verkuil@cisco.com\u003e\nSigned-off-by: Mauro Carvalho Chehab \u003cm.chehab@samsung.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "676bb9a417ceec66576daeb24aed2184a82ef544",
      "tree": "0fe1e2fc2906db54dd98ffd118a4dd94be056a2e",
      "parents": [
        "355c557b3e0164eaf75aded30e92da5a3a818c5f"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Wed Aug 28 22:29:55 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Sep 26 17:15:34 2013 -0700"
      },
      "message": "HID: validate HID report id size\n\ncommit 43622021d2e2b82ea03d883926605bdd0525e1d1 upstream.\n\nThe \"Report ID\" field of a HID report is used to build indexes of\nreports. The kernel\u0027s index of these is limited to 256 entries, so any\nmalicious device that sets a Report ID greater than 255 will trigger\nmemory corruption on the host:\n\n[ 1347.156239] BUG: unable to handle kernel paging request at ffff88094958a878\n[ 1347.156261] IP: [\u003cffffffff813e4da0\u003e] hid_register_report+0x2a/0x8b\n\nCVE-2013-2888\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "a7179b89a68c7cb6f8623cedcce02b98d9e072a1",
      "tree": "7518b03360ce858e94f7bf57dbe855ca54847d65",
      "parents": [
        "38a0864499c5a2b092e3ef065d9333acf2600e82"
      ],
      "author": {
        "name": "Tejun Heo",
        "email": "tj@kernel.org",
        "time": "Fri Jun 28 10:34:48 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Sep 26 17:15:32 2013 -0700"
      },
      "message": "rculist: list_first_or_null_rcu() should use list_entry_rcu()\n\ncommit c34ac00caefbe49d40058ae7200bd58725cebb45 upstream.\n\nlist_first_or_null() should test whether the list is empty and return\npointer to the first entry if not in a RCU safe manner.  It\u0027s broken\nin several ways.\n\n* It compares __kernel @__ptr with __rcu @__next triggering the\n  following sparse warning.\n\n  net/core/dev.c:4331:17: error: incompatible types in comparison expression (different address spaces)\n\n* It doesn\u0027t perform rcu_dereference*() and computes the entry address\n  using container_of() directly from the __rcu pointer which is\n  inconsitent with other rculist interface.  As a result, all three\n  in-kernel users - net/core/dev.c, macvlan, cgroup - are buggy.  They\n  dereference the pointer w/o going through read barrier.\n\n* While -\u003enext dereference passes through list_next_rcu(), the\n  compiler is still free to fetch -\u003enext more than once and thus\n  nullify the \"__ptr !\u003d __next\" condition check.\n\nFix it by making list_first_or_null_rcu() dereference -\u003enext directly\nusing ACCESS_ONCE() and then use list_entry_rcu() on it like other\nrculist accessors.\n\nv2: Paul pointed out that the compiler may fetch the pointer more than\n    once nullifying the condition check.  ACCESS_ONCE() added on\n    -\u003enext dereference.\n\nv3: Restored () around macro param which was accidentally removed.\n    Spotted by Paul.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nReported-by: Fengguang Wu \u003cfengguang.wu@intel.com\u003e\nCc: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "8708ea2b682963ce30dfd638771e7e4022094a90",
      "tree": "7b9614ba8229bf836c376efb599ee9d7dc5af233",
      "parents": [
        "98fadc18d23f40203ff154d0220692834e0de8f1"
      ],
      "author": {
        "name": "Jiri Bohac",
        "email": "jbohac@suse.cz",
        "time": "Fri Aug 30 11:18:45 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sat Sep 14 06:02:10 2013 -0700"
      },
      "message": "ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO\n\n[ Upstream commit 61e76b178dbe7145e8d6afa84bb4ccea71918994 ]\n\nRFC 4443 has defined two additional codes for ICMPv6 type 1 (destination\nunreachable) messages:\n        5 - Source address failed ingress/egress policy\n\t6 - Reject route to destination\n\nNow they are treated as protocol error and icmpv6_err_convert() converts them\nto EPROTO.\n\nRFC 4443 says:\n\t\"Codes 5 and 6 are more informative subsets of code 1.\"\n\nTreat codes 5 and 6 as code 1 (EACCES)\n\nBtw, connect() returning -EPROTO confuses firefox, so that fallback to\nother/IPv4 addresses does not work:\nhttps://bugzilla.mozilla.org/show_bug.cgi?id\u003d910773\n\nSigned-off-by: Jiri Bohac \u003cjbohac@suse.cz\u003e\nAcked-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "055c396300ee15d990777841278ba94d2bc7868a",
      "tree": "7160fdb3700a540dd58fa7c01d1930df13749a02",
      "parents": [
        "f4cb837d1bdb6e1592523ce76c3f45188d120b4e"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Fri Aug 16 13:30:07 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sat Sep 14 06:02:10 2013 -0700"
      },
      "message": "ipv6: drop packets with multiple fragmentation headers\n\n[ Upstream commit f46078cfcd77fa5165bf849f5e568a7ac5fa569c ]\n\nIt is not allowed for an ipv6 packet to contain multiple fragmentation\nheaders. So discard packets which were already reassembled by\nfragmentation logic and send back a parameter problem icmp.\n\nThe updates for RFC 6980 will come in later, I have to do a bit more\nresearch here.\n\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "09c756513ab486569683c6496e3285892a4e5ea0",
      "tree": "12d8f2da129db2ed1c2994c73a11f0557c58ae08",
      "parents": [
        "41f2be6744087bbcf8444499ac2bb36af1ae8316"
      ],
      "author": {
        "name": "Martin Peschke",
        "email": "mpeschke@linux.vnet.ibm.com",
        "time": "Thu Aug 22 17:45:36 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Aug 29 09:50:13 2013 -0700"
      },
      "message": "SCSI: zfcp: fix lock imbalance by reworking request queue locking\n\ncommit d79ff142624e1be080ad8d09101f7004d79c36e1 upstream.\n\nThis patch adds wait_event_interruptible_lock_irq_timeout(), which is a\nstraight-forward descendant of wait_event_interruptible_timeout() and\nwait_event_interruptible_lock_irq().\n\nThe zfcp driver used to call wait_event_interruptible_timeout()\nin combination with some intricate and error-prone locking. Using\nwait_event_interruptible_lock_irq_timeout() as a replacement\nnicely cleans up that locking.\n\nThis rework removes a situation that resulted in a locking imbalance\nin zfcp_qdio_sbal_get():\n\nBUG: workqueue leaked lock or atomic: events/1/0xffffff00/10\n    last function: zfcp_fc_wka_port_offline+0x0/0xa0 [zfcp]\n\nIt was introduced by commit c2af7545aaff3495d9bf9a7608c52f0af86fb194\n\"[SCSI] zfcp: Do not wait for SBALs on stopped queue\", which had a new\ncode path related to ZFCP_STATUS_ADAPTER_QDIOUP that took an early exit\nwithout a required lock being held. The problem occured when a\nspecial, non-SCSI I/O request was being submitted in process context,\nwhen the adapter\u0027s queues had been torn down. In this case the bug\nsurfaced when the Fibre Channel port connection for a well-known address\nwas closed during a concurrent adapter shut-down procedure, which is a\nrare constellation.\n\nThis patch also fixes these warnings from the sparse tool (make C\u003d1):\n\ndrivers/s390/scsi/zfcp_qdio.c:224:12: warning: context imbalance in\n \u0027zfcp_qdio_sbal_check\u0027 - wrong count at exit\ndrivers/s390/scsi/zfcp_qdio.c:244:5: warning: context imbalance in\n \u0027zfcp_qdio_sbal_get\u0027 - unexpected unlock\n\nLast but not least, we get rid of that crappy lock-unlock-lock\nsequence at the beginning of the critical section.\n\nIt is okay to call zfcp_erp_adapter_reopen() with req_q_lock held.\n\nReported-by: Mikulas Patocka \u003cmpatocka@redhat.com\u003e\nReported-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\nSigned-off-by: Martin Peschke \u003cmpeschke@linux.vnet.ibm.com\u003e\nSigned-off-by: Steffen Maier \u003cmaier@linux.vnet.ibm.com\u003e\nSigned-off-by: James Bottomley \u003cJBottomley@Parallels.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "a42efb79d54d9a13c8f68df122c832bca08b74ae",
      "tree": "b49010c84b42ccc5407766471bc94c95efe63d83",
      "parents": [
        "4d5b24dd453b4ff44f69756106b029e8961dcb55"
      ],
      "author": {
        "name": "Zhang Yi",
        "email": "wetpzy@gmail.com",
        "time": "Tue Jun 25 21:19:31 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue Aug 20 08:26:28 2013 -0700"
      },
      "message": "futex: Take hugepages into account when generating futex_key\n\ncommit 13d60f4b6ab5b702dc8d2ee20999f98a93728aec upstream.\n\nThe futex_keys of process shared futexes are generated from the page\noffset, the mapping host and the mapping index of the futex user space\naddress. This should result in an unique identifier for each futex.\n\nThough this is not true when futexes are located in different subpages\nof an hugepage. The reason is, that the mapping index for all those\nfutexes evaluates to the index of the base page of the hugetlbfs\nmapping. So a futex at offset 0 of the hugepage mapping and another\none at offset PAGE_SIZE of the same hugepage mapping have identical\nfutex_keys. This happens because the futex code blindly uses\npage-\u003eindex.\n\nSteps to reproduce the bug:\n\n1. Map a file from hugetlbfs. Initialize pthread_mutex1 at offset 0\n   and pthread_mutex2 at offset PAGE_SIZE of the hugetlbfs\n   mapping.\n\n   The mutexes must be initialized as PTHREAD_PROCESS_SHARED because\n   PTHREAD_PROCESS_PRIVATE mutexes are not affected by this issue as\n   their keys solely depend on the user space address.\n\n2. Lock mutex1 and mutex2\n\n3. Create thread1 and in the thread function lock mutex1, which\n   results in thread1 blocking on the locked mutex1.\n\n4. Create thread2 and in the thread function lock mutex2, which\n   results in thread2 blocking on the locked mutex2.\n\n5. Unlock mutex2. Despite the fact that mutex2 got unlocked, thread2\n   still blocks on mutex2 because the futex_key points to mutex1.\n\nTo solve this issue we need to take the normal page index of the page\nwhich contains the futex into account, if the futex is in an hugetlbfs\nmapping. In other words, we calculate the normal page mapping index of\nthe subpage in the hugetlbfs mapping.\n\nMappings which are not based on hugetlbfs are not affected and still\nuse page-\u003eindex.\n\nThanks to Mel Gorman who provided a patch for adding proper evaluation\nfunctions to the hugetlbfs code to avoid exposing hugetlbfs specific\ndetails to the futex code.\n\n[ tglx: Massaged changelog ]\n\nSigned-off-by: Zhang Yi \u003czhang.yi20@zte.com.cn\u003e\nReviewed-by: Jiang Biao \u003cjiang.biao2@zte.com.cn\u003e\nTested-by: Ma Chenggong \u003cma.chenggong@zte.com.cn\u003e\nReviewed-by: \u0027Mel Gorman\u0027 \u003cmgorman@suse.de\u003e\nAcked-by: \u0027Darren Hart\u0027 \u003cdvhart@linux.intel.com\u003e\nCc: \u0027Peter Zijlstra\u0027 \u003cpeterz@infradead.org\u003e\nLink: http://lkml.kernel.org/r/000101ce71a6%24a83c5880%24f8b50980%24@com\nSigned-off-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Mike Galbraith \u003cmgalbraith@suse.de\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n\n"
    },
    {
      "commit": "99593eb7ca1dd9bfaa431d96e009eda23f001ace",
      "tree": "b1412f07fda67143bc2454bbb6f81e124cae3617",
      "parents": [
        "65280b8ed1cca78ff7fe63ecfdb0fff87fe184a3"
      ],
      "author": {
        "name": "Andrew Vagin",
        "email": "avagin@openvz.org",
        "time": "Fri Aug 02 21:16:43 2013 +0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Aug 14 22:57:08 2013 -0700"
      },
      "message": "tracing: Fix fields of struct trace_iterator that are zeroed by mistake\n\ncommit ed5467da0e369e65b247b99eb6403cb79172bcda upstream.\n\ntracing_read_pipe zeros all fields bellow \"seq\". The declaration contains\na comment about that, but it doesn\u0027t help.\n\nThe first field is \"snapshot\", it\u0027s true when current open file is\nsnapshot. Looks obvious, that it should not be zeroed.\n\nThe second field is \"started\". It was converted from cpumask_t to\ncpumask_var_t (v2.6.28-4983-g4462344), in other words it was\nconverted from cpumask to pointer on cpumask.\n\nCurrently the reference on \"started\" memory is lost after the first read\nfrom tracing_read_pipe and a proper object will never be freed.\n\nThe \"started\" is never dereferenced for trace_pipe, because trace_pipe\ncan\u0027t have the TRACE_FILE_ANNOTATE options.\n\nLink: http://lkml.kernel.org/r/1375463803-3085183-1-git-send-email-avagin@openvz.org\n\nSigned-off-by: Andrew Vagin \u003cavagin@openvz.org\u003e\nSigned-off-by: Steven Rostedt \u003crostedt@goodmis.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "2010fa31f8f5c5fa8385459dff03cb844cf79dd1",
      "tree": "f43541e0f5a5169293e2094c5a722f289a96a33d",
      "parents": [
        "c733e1a2c459c09fe2510bfa49e2571b532be97c"
      ],
      "author": {
        "name": "Michael S. Tsirkin",
        "email": "mst@redhat.com",
        "time": "Tue Jul 09 13:19:18 2013 +0300"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Aug 04 16:26:03 2013 +0800"
      },
      "message": "virtio: support unlocked queue poll\n\ncommit cc229884d3f77ec3b1240e467e0236c3e0647c0c upstream.\n\nThis adds a way to check ring empty state after enable_cb outside any\nlocks. Will be used by virtio_net.\n\nNote: there\u0027s room for more optimization: caller is likely to have a\nmemory barrier already, which means we might be able to get rid of a\nbarrier here.  Deferring this optimization until we do some\nbenchmarking.\n\nSigned-off-by: Michael S. Tsirkin \u003cmst@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[wg: Backported to 3.2]\nSigned-off-by: Wolfram Gloger \u003cwmglo@dent.med.uni-muenchen.de\u003e\n[bwh: Backported to 3.4: adjust context]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "a90a3adeda28c4b701b11770817cf86d92db3228",
      "tree": "4443439c0d4ea52b0cb411b4069286afeea3f170",
      "parents": [
        "8924588cf02036c239cfec4302f8b44ca6e2c6bb"
      ],
      "author": {
        "name": "Clemens Ladisch",
        "email": "clemens@ladisch.de",
        "time": "Mon Jul 22 21:32:09 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Aug 04 16:26:02 2013 +0800"
      },
      "message": "firewire: fix libdc1394/FlyCap2 iso event regression\n\ncommit 0699a73af3811b66b1ab5650575acee5eea841ab upstream.\n\nCommit 18d627113b83 (firewire: prevent dropping of completed iso packet\nheader data) was intended to be an obvious bug fix, but libdc1394 and\nFlyCap2 depend on the old behaviour by ignoring all returned information\nand thus not noticing that not all packets have been received yet.  The\nresult was that the video frame buffers would be saved before they\ncontained the correct data.\n\nReintroduce the old behaviour for old clients.\n\nTested-by: Stepan Salenikovich \u003cstepan.salenikovich@gmail.com\u003e\nTested-by: Josep Bosch \u003cjep250@gmail.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e # 3.4+\nSigned-off-by: Clemens Ladisch \u003cclemens@ladisch.de\u003e\nSigned-off-by: Stefan Richter \u003cstefanr@s5r6.in-berlin.de\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "eeddd9177a67b743868e09742d58f574b2b9a497",
      "tree": "6f78ff2f6a6cc08cf59d4ceeece5e9601f4e135e",
      "parents": [
        "589acc586e0f12e0c46bc98e79ff2a008e8c6c11"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Mon Jul 01 20:21:30 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Jul 28 16:26:02 2013 -0700"
      },
      "message": "ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data\n\n[ Upstream commit 8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1 ]\n\nWe accidentally call down to ip6_push_pending_frames when uncorking\npending AF_INET data on a ipv6 socket. This results in the following\nsplat (from Dave Jones):\n\nskbuff: skb_under_panic: text:ffffffff816765f6 len:48 put:40 head:ffff88013deb6df0 data:ffff88013deb6dec tail:0x2c end:0xc0 dev:\u003cNULL\u003e\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:126!\ninvalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC\nModules linked in: dccp_ipv4 dccp 8021q garp bridge stp dlci mpoa snd_seq_dummy sctp fuse hidp tun bnep nfnetlink scsi_transport_iscsi rfcomm can_raw can_bcm af_802154 appletalk caif_socket can caif ipt_ULOG x25 rose af_key pppoe pppox ipx phonet irda llc2 ppp_generic slhc p8023 psnap p8022 llc crc_ccitt atm bluetooth\n+netrom ax25 nfc rfkill rds af_rxrpc coretemp hwmon kvm_intel kvm crc32c_intel snd_hda_codec_realtek ghash_clmulni_intel microcode pcspkr snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep usb_debug snd_seq snd_seq_device snd_pcm e1000e snd_page_alloc snd_timer ptp snd pps_core soundcore xfs libcrc32c\nCPU: 2 PID: 8095 Comm: trinity-child2 Not tainted 3.10.0-rc7+ #37\ntask: ffff8801f52c2520 ti: ffff8801e6430000 task.ti: ffff8801e6430000\nRIP: 0010:[\u003cffffffff816e759c\u003e]  [\u003cffffffff816e759c\u003e] skb_panic+0x63/0x65\nRSP: 0018:ffff8801e6431de8  EFLAGS: 00010282\nRAX: 0000000000000086 RBX: ffff8802353d3cc0 RCX: 0000000000000006\nRDX: 0000000000003b90 RSI: ffff8801f52c2ca0 RDI: ffff8801f52c2520\nRBP: ffff8801e6431e08 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff88022ea0c800\nR13: ffff88022ea0cdf8 R14: ffff8802353ecb40 R15: ffffffff81cc7800\nFS:  00007f5720a10740(0000) GS:ffff880244c00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000005862000 CR3: 000000022843c000 CR4: 00000000001407e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nStack:\n ffff88013deb6dec 000000000000002c 00000000000000c0 ffffffff81a3f6e4\n ffff8801e6431e18 ffffffff8159a9aa ffff8801e6431e90 ffffffff816765f6\n ffffffff810b756b 0000000700000002 ffff8801e6431e40 0000fea9292aa8c0\nCall Trace:\n [\u003cffffffff8159a9aa\u003e] skb_push+0x3a/0x40\n [\u003cffffffff816765f6\u003e] ip6_push_pending_frames+0x1f6/0x4d0\n [\u003cffffffff810b756b\u003e] ? mark_held_locks+0xbb/0x140\n [\u003cffffffff81694919\u003e] udp_v6_push_pending_frames+0x2b9/0x3d0\n [\u003cffffffff81694660\u003e] ? udplite_getfrag+0x20/0x20\n [\u003cffffffff8162092a\u003e] udp_lib_setsockopt+0x1aa/0x1f0\n [\u003cffffffff811cc5e7\u003e] ? fget_light+0x387/0x4f0\n [\u003cffffffff816958a4\u003e] udpv6_setsockopt+0x34/0x40\n [\u003cffffffff815949f4\u003e] sock_common_setsockopt+0x14/0x20\n [\u003cffffffff81593c31\u003e] SyS_setsockopt+0x71/0xd0\n [\u003cffffffff816f5d54\u003e] tracesys+0xdd/0xe2\nCode: 00 00 48 89 44 24 10 8b 87 d8 00 00 00 48 89 44 24 08 48 8b 87 e8 00 00 00 48 c7 c7 c0 04 aa 81 48 89 04 24 31 c0 e8 e1 7e ff ff \u003c0f\u003e 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 55\nRIP  [\u003cffffffff816e759c\u003e] skb_panic+0x63/0x65\n RSP \u003cffff8801e6431de8\u003e\n\nThis patch adds a check if the pending data is of address family AF_INET\nand directly calls udp_push_ending_frames from udp_v6_push_pending_frames\nif that is the case.\n\nThis bug was found by Dave Jones with trinity.\n\n(Also move the initialization of fl6 below the AF_INET check, even if\nnot strictly necessary.)\n\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "3ef208a71f18b128e318294af3f7ee8081fe0ac1",
      "tree": "7c6094a3e8003f9532b6e935121bb36a3dc98a2f",
      "parents": [
        "d11ff32e52d86dfc6d3f100653ad88b83b6ead0e"
      ],
      "author": {
        "name": "Amerigo Wang",
        "email": "amwang@redhat.com",
        "time": "Sat Jun 29 21:30:49 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Jul 28 16:26:02 2013 -0700"
      },
      "message": "ipv6,mcast: always hold idev-\u003elock before mca_lock\n\n[ Upstream commit 8965779d2c0e6ab246c82a405236b1fb2adae6b2, with\n  some bits from commit b7b1bfce0bb68bd8f6e62a28295922785cc63781\n  (\"ipv6: split duplicate address detection and router solicitation timer\")\n  to get the __ipv6_get_lladdr() used by this patch. ]\n\ndingtianhong reported the following deadlock detected by lockdep:\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: possible circular locking dependency detected ]\n 3.4.24.05-0.1-default #1 Not tainted\n -------------------------------------------------------\n ksoftirqd/0/3 is trying to acquire lock:\n  (\u0026ndev-\u003elock){+.+...}, at: [\u003cffffffff8147f804\u003e] ipv6_get_lladdr+0x74/0x120\n\n but task is already holding lock:\n  (\u0026mc-\u003emca_lock){+.+...}, at: [\u003cffffffff8149d130\u003e] mld_send_report+0x40/0x150\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (\u0026mc-\u003emca_lock){+.+...}:\n        [\u003cffffffff810a8027\u003e] validate_chain+0x637/0x730\n        [\u003cffffffff810a8417\u003e] __lock_acquire+0x2f7/0x500\n        [\u003cffffffff810a8734\u003e] lock_acquire+0x114/0x150\n        [\u003cffffffff814f691a\u003e] rt_spin_lock+0x4a/0x60\n        [\u003cffffffff8149e4bb\u003e] igmp6_group_added+0x3b/0x120\n        [\u003cffffffff8149e5d8\u003e] ipv6_mc_up+0x38/0x60\n        [\u003cffffffff81480a4d\u003e] ipv6_find_idev+0x3d/0x80\n        [\u003cffffffff81483175\u003e] addrconf_notify+0x3d5/0x4b0\n        [\u003cffffffff814fae3f\u003e] notifier_call_chain+0x3f/0x80\n        [\u003cffffffff81073471\u003e] raw_notifier_call_chain+0x11/0x20\n        [\u003cffffffff813d8722\u003e] call_netdevice_notifiers+0x32/0x60\n        [\u003cffffffff813d92d4\u003e] __dev_notify_flags+0x34/0x80\n        [\u003cffffffff813d9360\u003e] dev_change_flags+0x40/0x70\n        [\u003cffffffff813ea627\u003e] do_setlink+0x237/0x8a0\n        [\u003cffffffff813ebb6c\u003e] rtnl_newlink+0x3ec/0x600\n        [\u003cffffffff813eb4d0\u003e] rtnetlink_rcv_msg+0x160/0x310\n        [\u003cffffffff814040b9\u003e] netlink_rcv_skb+0x89/0xb0\n        [\u003cffffffff813eb357\u003e] rtnetlink_rcv+0x27/0x40\n        [\u003cffffffff81403e20\u003e] netlink_unicast+0x140/0x180\n        [\u003cffffffff81404a9e\u003e] netlink_sendmsg+0x33e/0x380\n        [\u003cffffffff813c4252\u003e] sock_sendmsg+0x112/0x130\n        [\u003cffffffff813c537e\u003e] __sys_sendmsg+0x44e/0x460\n        [\u003cffffffff813c5544\u003e] sys_sendmsg+0x44/0x70\n        [\u003cffffffff814feab9\u003e] system_call_fastpath+0x16/0x1b\n\n -\u003e #0 (\u0026ndev-\u003elock){+.+...}:\n        [\u003cffffffff810a798e\u003e] check_prev_add+0x3de/0x440\n        [\u003cffffffff810a8027\u003e] validate_chain+0x637/0x730\n        [\u003cffffffff810a8417\u003e] __lock_acquire+0x2f7/0x500\n        [\u003cffffffff810a8734\u003e] lock_acquire+0x114/0x150\n        [\u003cffffffff814f6c82\u003e] rt_read_lock+0x42/0x60\n        [\u003cffffffff8147f804\u003e] ipv6_get_lladdr+0x74/0x120\n        [\u003cffffffff8149b036\u003e] mld_newpack+0xb6/0x160\n        [\u003cffffffff8149b18b\u003e] add_grhead+0xab/0xc0\n        [\u003cffffffff8149d03b\u003e] add_grec+0x3ab/0x460\n        [\u003cffffffff8149d14a\u003e] mld_send_report+0x5a/0x150\n        [\u003cffffffff8149f99e\u003e] igmp6_timer_handler+0x4e/0xb0\n        [\u003cffffffff8105705a\u003e] call_timer_fn+0xca/0x1d0\n        [\u003cffffffff81057b9f\u003e] run_timer_softirq+0x1df/0x2e0\n        [\u003cffffffff8104e8c7\u003e] handle_pending_softirqs+0xf7/0x1f0\n        [\u003cffffffff8104ea3b\u003e] __do_softirq_common+0x7b/0xf0\n        [\u003cffffffff8104f07f\u003e] __thread_do_softirq+0x1af/0x210\n        [\u003cffffffff8104f1c1\u003e] run_ksoftirqd+0xe1/0x1f0\n        [\u003cffffffff8106c7de\u003e] kthread+0xae/0xc0\n        [\u003cffffffff814fff74\u003e] kernel_thread_helper+0x4/0x10\n\nactually we can just hold idev-\u003elock before taking pmc-\u003emca_lock,\nand avoid taking idev-\u003elock again when iterating idev-\u003eaddr_list,\nsince the upper callers of mld_newpack() already take\nread_lock_bh(\u0026idev-\u003elock).\n\nReported-by: dingtianhong \u003cdingtianhong@huawei.com\u003e\nCc: dingtianhong \u003cdingtianhong@huawei.com\u003e\nCc: Hideaki YOSHIFUJI \u003cyoshfuji@linux-ipv6.org\u003e\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nCc: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nTested-by: Ding Tianhong \u003cdingtianhong@huawei.com\u003e\nTested-by: Chen Weilong \u003cchenweilong@huawei.com\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nAcked-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "d11ff32e52d86dfc6d3f100653ad88b83b6ead0e",
      "tree": "77823b56eb1a60cedf52ec4dfa68a465c3d78b27",
      "parents": [
        "d710304c889be7c6320fec4accaee1413efc90ed"
      ],
      "author": {
        "name": "Changli Gao",
        "email": "xiaosuo@gmail.com",
        "time": "Sat Jun 29 00:15:51 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Jul 28 16:25:59 2013 -0700"
      },
      "message": "net: Swap ver and type in pppoe_hdr\n\n[ Upstream commit b1a5a34bd0b8767ea689e68f8ea513e9710b671e ]\n\nVer and type in pppoe_hdr should be swapped as defined by RFC2516\nsection-4.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "535fad87e86d33ea41d4b8580fadf62f5865ae6b",
      "tree": "144c7d400374a57142d4e176c6f0ac34ba926028",
      "parents": [
        "5d2a2c717306c11672aef8ca6a1535ff78f57fa8"
      ],
      "author": {
        "name": "Peter Zijlstra",
        "email": "peterz@infradead.org",
        "time": "Tue May 28 10:55:48 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Jul 03 10:59:06 2013 -0700"
      },
      "message": "perf: Fix perf mmap bugs\n\ncommit 26cb63ad11e04047a64309362674bcbbd6a6f246 upstream.\n\nVince reported a problem found by his perf specific trinity\nfuzzer.\n\nAl noticed 2 problems with perf\u0027s mmap():\n\n - it has issues against fork() since we use vma-\u003evm_mm for accounting.\n - it has an rb refcount leak on double mmap().\n\nWe fix the issues against fork() by using VM_DONTCOPY; I don\u0027t\nthink there\u0027s code out there that uses this; we didn\u0027t hear\nabout weird accounting problems/crashes. If we do need this to\nwork, the previously proposed VM_PINNED could make this work.\n\nAside from the rb reference leak spotted by Al, Vince\u0027s example\nprog was indeed doing a double mmap() through the use of\nperf_event_set_output().\n\nThis exposes another problem, since we now have 2 events with\none buffer, the accounting gets screwy because we account per\nevent. Fix this by making the buffer responsible for its own\naccounting.\n\n[Backporting for 3.4-stable.\nVM_RESERVED flag was replaced with pair \u0027VM_DONTEXPAND | VM_DONTDUMP\u0027 in\n314e51b9 since 3.7.0-rc1, and 314e51b9 comes from a big patchset, we didn\u0027t\nbackport the patchset, so I restored \u0027VM_DNOTEXPAND | VM_DONTDUMP\u0027 as before:\n-       vma-\u003evm_flags |\u003d VM_DONTCOPY | VM_DONTEXPAND | VM_DONTDUMP;\n+       vma-\u003evm_flags |\u003d VM_DONTCOPY | VM_RESERVED;\n -- zliu]\n\nReported-by: Vince Weaver \u003cvincent.weaver@maine.edu\u003e\nSigned-off-by: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Arnaldo Carvalho de Melo \u003cacme@ghostprotocols.net\u003e\nLink: http://lkml.kernel.org/r/20130528085548.GA12193@twins.programming.kicks-ass.net\nSigned-off-by: Ingo Molnar \u003cmingo@kernel.org\u003e\nSigned-off-by: Zhouping Liu \u003czliu@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "689ec1227270c5b3f009b82fb32d902717a0a03e",
      "tree": "e0c01085c8d7c1d8f5168b5f2af7931076fb76cd",
      "parents": [
        "c0cc94f2f65a682827cca2a79a4d045a20f8897f"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Wed May 29 09:06:27 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 27 11:27:32 2013 -0700"
      },
      "message": "net: force a reload of first item in hlist_nulls_for_each_entry_rcu\n\n[ Upstream commit c87a124a5d5e8cf8e21c4363c3372bcaf53ea190 ]\n\nRoman Gushchin discovered that udp4_lib_lookup2() was not reloading\nfirst item in the rcu protected list, in case the loop was restarted.\n\nThis produced soft lockups as in https://lkml.org/lkml/2013/4/16/37\n\nrcu_dereference(X)/ACCESS_ONCE(X) seem to not work as intended if X is\nptr-\u003efield :\n\nIn some cases, gcc caches the value or ptr-\u003efield in a register.\n\nUse a barrier() to disallow such caching, as documented in\nDocumentation/atomic_ops.txt line 114\n\nThanks a lot to Roman for providing analysis and numerous patches.\n\nDiagnosed-by: Roman Gushchin \u003cklamm@yandex-team.ru\u003e\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nReported-by: Boris Zhmurov \u003czhmurov@yandex-team.ru\u003e\nSigned-off-by: Roman Gushchin \u003cklamm@yandex-team.ru\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "c0cc94f2f65a682827cca2a79a4d045a20f8897f",
      "tree": "5f5ec066b0c72524ccd349861b17666dd49a06e1",
      "parents": [
        "3c353df4ca0f8f6912e103ca6d8d593ff4563b68"
      ],
      "author": {
        "name": "Andy Lutomirski",
        "email": "luto@amacapital.net",
        "time": "Wed May 22 14:07:44 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 27 11:27:32 2013 -0700"
      },
      "message": "net: Block MSG_CMSG_COMPAT in send(m)msg and recv(m)msg\n\n[ Upstream commits 1be374a0518a288147c6a7398792583200a67261 and\n  a7526eb5d06b0084ef12d7b168d008fcf516caab ]\n\nMSG_CMSG_COMPAT is (AFAIK) not intended to be part of the API --\nit\u0027s a hack that steals a bit to indicate to other networking code\nthat a compat entry was used.  So don\u0027t allow it from a non-compat\nsyscall.\n\nThis prevents an oops when running this code:\n\nint main()\n{\n\tint s;\n\tstruct sockaddr_in addr;\n\tstruct msghdr *hdr;\n\n\tchar *highpage \u003d mmap((void*)(TASK_SIZE_MAX - 4096), 4096,\n\t                      PROT_READ | PROT_WRITE,\n\t                      MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);\n\tif (highpage \u003d\u003d MAP_FAILED)\n\t\terr(1, \"mmap\");\n\n\ts \u003d socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\n\tif (s \u003d\u003d -1)\n\t\terr(1, \"socket\");\n\n        addr.sin_family \u003d AF_INET;\n        addr.sin_port \u003d htons(1);\n        addr.sin_addr.s_addr \u003d htonl(INADDR_LOOPBACK);\n\tif (connect(s, (struct sockaddr*)\u0026addr, sizeof(addr)) !\u003d 0)\n\t\terr(1, \"connect\");\n\n\tvoid *evil \u003d highpage + 4096 - COMPAT_MSGHDR_SIZE;\n\tprintf(\"Evil address is %p\\n\", evil);\n\n\tif (syscall(__NR_sendmmsg, s, evil, 1, MSG_CMSG_COMPAT) \u003c 0)\n\t\terr(1, \"sendmmsg\");\n\n\treturn 0;\n}\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "7f259658b1f320b35040a14d7ace371b5cc15fbb",
      "tree": "22b82fc7ded6e3e7ba868dbf2dbab13c2881ffcc",
      "parents": [
        "aa80dd9dbe86743ae6e52c836f6ab1472c469927"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Mon Mar 25 10:26:30 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 20 11:58:47 2013 -0700"
      },
      "message": "libceph: wrap auth methods in a mutex\n\ncommit e9966076cdd952e19f2dd4854cd719be0d7cbebc upstream.\n\nThe auth code is called from a variety of contexts, include the mon_client\n(protected by the monc\u0027s mutex) and the messenger callbacks (currently\nprotected by nothing).  Avoid chaos by protecting all auth state with a\nmutex.  Nothing is blocking, so this should be simple and lightweight.\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nReviewed-by: Alex Elder \u003celder@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "aa80dd9dbe86743ae6e52c836f6ab1472c469927",
      "tree": "1b5a77428bc53dd4cf0988c6328bbea34adaee1f",
      "parents": [
        "29c65a277a64645af853e8c9a9b3dda0ddc421e0"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Mon Mar 25 10:26:14 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 20 11:58:47 2013 -0700"
      },
      "message": "libceph: wrap auth ops in wrapper functions\n\ncommit 27859f9773e4a0b2042435b13400ee2c891a61f4 upstream.\n\nUse wrapper functions that check whether the auth op exists so that callers\ndo not need a bunch of conditional checks.  Simplifies the external\ninterface.\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nReviewed-by: Alex Elder \u003celder@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "29c65a277a64645af853e8c9a9b3dda0ddc421e0",
      "tree": "c2dac081d3aed9b11ece51c4edc5664d963fb536",
      "parents": [
        "aacd9c3626bac2960bbecd35cc6f032f8529d90b"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Mon Mar 25 10:26:01 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 20 11:58:46 2013 -0700"
      },
      "message": "libceph: add update_authorizer auth method\n\ncommit 0bed9b5c523d577378b6f83eab5835fe30c27208 upstream.\n\nCurrently the messenger calls out to a get_authorizer con op, which will\ncreate a new authorizer if it doesn\u0027t yet have one.  In the meantime, when\nwe rotate our service keys, the authorizer doesn\u0027t get updated.  Eventually\nit will be rejected by the server on a new connection attempt and get\ninvalidated, and we will then rebuild a new authorizer, but this is not\nideal.\n\nInstead, if we do have an authorizer, call a new update_authorizer op that\nwill verify that the current authorizer is using the latest secret.  If it\nis not, we will build a new one that does.  This avoids the transient\nfailure.\n\nThis fixes one of the sorry sequence of events for bug\n\n\thttp://tracker.ceph.com/issues/4282\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nReviewed-by: Alex Elder \u003celder@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "f517dfe6d161bf37a9355c86ea5cb605b06d5963",
      "tree": "610e29e1cbcd1f50888bcf131390d900f51f82b9",
      "parents": [
        "0938e135aa8513f9bc379a408d3c6c1fd24eb46a"
      ],
      "author": {
        "name": "Naoya Horiguchi",
        "email": "n-horiguchi@ah.jp.nec.com",
        "time": "Wed Jun 12 14:05:04 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 20 11:58:46 2013 -0700"
      },
      "message": "mm: migration: add migrate_entry_wait_huge()\n\ncommit 30dad30922ccc733cfdbfe232090cf674dc374dc upstream.\n\nWhen we have a page fault for the address which is backed by a hugepage\nunder migration, the kernel can\u0027t wait correctly and do busy looping on\nhugepage fault until the migration finishes.  As a result, users who try\nto kick hugepage migration (via soft offlining, for example) occasionally\nexperience long delay or soft lockup.\n\nThis is because pte_offset_map_lock() can\u0027t get a correct migration entry\nor a correct page table lock for hugepage.  This patch introduces\nmigration_entry_wait_huge() to solve this.\n\nSigned-off-by: Naoya Horiguchi \u003cn-horiguchi@ah.jp.nec.com\u003e\nReviewed-by: Rik van Riel \u003criel@redhat.com\u003e\nReviewed-by: Wanpeng Li \u003cliwanp@linux.vnet.ibm.com\u003e\nReviewed-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nCc: Mel Gorman \u003cmgorman@suse.de\u003e\nCc: Andi Kleen \u003candi@firstfloor.org\u003e\nCc: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "b3cba474228862814480d40554f77e98483f41ed",
      "tree": "ac70cc8e20df21d9f64b27bd5f2318964b204cd1",
      "parents": [
        "91c930674642f4b849d64398db261ad13c3ab354"
      ],
      "author": {
        "name": "Srivatsa S. Bhat",
        "email": "srivatsa.bhat@linux.vnet.ibm.com",
        "time": "Wed Jun 12 14:04:36 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 20 11:58:44 2013 -0700"
      },
      "message": "CPU hotplug: provide a generic helper to disable/enable CPU hotplug\n\ncommit 16e53dbf10a2d7e228709a7286310e629ede5e45 upstream.\n\nThere are instances in the kernel where we would like to disable CPU\nhotplug (from sysfs) during some important operation.  Today the freezer\ncode depends on this and the code to do it was kinda tailor-made for\nthat.\n\nRestructure the code and make it generic enough to be useful for other\nusecases too.\n\nSigned-off-by: Srivatsa S. Bhat \u003csrivatsa.bhat@linux.vnet.ibm.com\u003e\nSigned-off-by: Robin Holt \u003cholt@sgi.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Russ Anderson \u003crja@sgi.com\u003e\nCc: Robin Holt \u003cholt@sgi.com\u003e\nCc: Russell King \u003clinux@arm.linux.org.uk\u003e\nCc: Guan Xuetao \u003cgxt@mprc.pku.edu.cn\u003e\nCc: Shawn Guo \u003cshawn.guo@linaro.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "2147439889d33148785d20cdff01491f5617965f",
      "tree": "1f2504a3535c3e534b040cc66f002bb43e41c7e3",
      "parents": [
        "b507d034be0418dd2dee4fe3d40f389b1818b37a"
      ],
      "author": {
        "name": "Johan Hedberg",
        "email": "johan.hedberg@intel.com",
        "time": "Wed May 29 09:51:29 2013 +0300"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 20 11:58:44 2013 -0700"
      },
      "message": "Bluetooth: Fix mgmt handling of power on failures\n\ncommit 96570ffcca0b872dc8626e97569d2697f374d868 upstream.\n\nIf hci_dev_open fails we need to ensure that the corresponding\nmgmt_set_powered command gets an appropriate response. This patch fixes\nthe missing response by adding a new mgmt_set_powered_failed function\nthat\u0027s used to indicate a power on failure to mgmt. Since a situation\nwith the device being rfkilled may require special handling in user\nspace the patch uses a new dedicated mgmt status code for this.\n\nSigned-off-by: Johan Hedberg \u003cjohan.hedberg@intel.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo Padovan \u003cgustavo.padovan@collabora.co.uk\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "bc4d36c41f16a66c320fd0282110ddc82aa1eb09",
      "tree": "4d15ef32790902916c0b92b33b299dfeb2834b5d",
      "parents": [
        "3a22cc7f184b77731816e55662cd12f0c3d24d56"
      ],
      "author": {
        "name": "Steven Rostedt",
        "email": "rostedt@goodmis.org",
        "time": "Fri Jun 07 17:02:08 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 13 09:45:03 2013 -0700"
      },
      "message": "ftrace: Move ftrace_filter_lseek out of CONFIG_DYNAMIC_FTRACE section\n\ncommit 7f49ef69db6bbf756c0abca7e9b65b32e999eec8 upstream.\n\nAs ftrace_filter_lseek is now used with ftrace_pid_fops, it needs to\nbe moved out of the #ifdef CONFIG_DYNAMIC_FTRACE section as the\nftrace_pid_fops is defined when DYNAMIC_FTRACE is not.\n\nSigned-off-by: Steven Rostedt \u003crostedt@goodmis.org\u003e\nCc: Namhyung Kim \u003cnamhyung@kernel.org\u003e\n[ lizf: adjust context ]\nSigned-off-by: Li Zefan \u003clizefan@huawei.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "3a22cc7f184b77731816e55662cd12f0c3d24d56",
      "tree": "ce3612a4ea2ec1ed53d5c98a24b88aa80067129c",
      "parents": [
        "ce840e2f7825bfd240782dc209c2f2b8db514287"
      ],
      "author": {
        "name": "Namhyung Kim",
        "email": "namhyung.kim@lge.com",
        "time": "Fri Jun 07 17:01:16 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 13 09:45:03 2013 -0700"
      },
      "message": "tracing: Fix possible NULL pointer dereferences\n\ncommit 6a76f8c0ab19f215af2a3442870eeb5f0e81998d upstream.\n\nCurrently set_ftrace_pid and set_graph_function files use seq_lseek\nfor their fops.  However seq_open() is called only for FMODE_READ in\nthe fops-\u003eopen() so that if an user tries to seek one of those file\nwhen she open it for writing, it sees NULL seq_file and then panic.\n\nIt can be easily reproduced with following command:\n\n  $ cd /sys/kernel/debug/tracing\n  $ echo 1234 | sudo tee -a set_ftrace_pid\n\nIn this example, GNU coreutils\u0027 tee opens the file with fopen(, \"a\")\nand then the fopen() internally calls lseek().\n\nLink:\nhttp://lkml.kernel.org/r/1365663302-2170-1-git-send-email-namhyung@kernel.org\n\nSigned-off-by: Namhyung Kim \u003cnamhyung@kernel.org\u003e\nCc: Frederic Weisbecker \u003cfweisbec@gmail.com\u003e\nCc: Ingo Molnar \u003cmingo@kernel.org\u003e\nCc: Namhyung Kim \u003cnamhyung.kim@lge.com\u003e\nSigned-off-by: Steven Rostedt \u003crostedt@goodmis.org\u003e\n[ lizf: adjust context ]\nSigned-off-by: Li Zefan \u003clizefan@huawei.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "954dc41937054d91766387ea2af400c185a1e96a",
      "tree": "451921b8a4b9e8ae9d18ef4845d256e440f362df",
      "parents": [
        "b6a526aa935210e5a292cd7919fdecf14e240fac"
      ],
      "author": {
        "name": "Imre Deak",
        "email": "imre.deak@intel.com",
        "time": "Fri May 24 15:55:09 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jun 07 12:49:14 2013 -0700"
      },
      "message": "wait: fix false timeouts when using wait_event_timeout()\n\ncommit 4c663cfc523a88d97a8309b04a089c27dc57fd7e upstream.\n\nMany callers of the wait_event_timeout() and\nwait_event_interruptible_timeout() expect that the return value will be\npositive if the specified condition becomes true before the timeout\nelapses.  However, at the moment this isn\u0027t guaranteed.  If the wake-up\nhandler is delayed enough, the time remaining until timeout will be\ncalculated as 0 - and passed back as a return value - even if the\ncondition became true before the timeout has passed.\n\nFix this by returning at least 1 if the condition becomes true.  This\nsemantic is in line with what wait_for_condition_timeout() does; see\ncommit bb10ed09 (\"sched: fix wait_for_completion_timeout() spurious\nfailure under heavy load\").\n\nDaniel said \"We have 3 instances of this bug in drm/i915.  One case even\nwhere we switch between the interruptible and not interruptible\nwait_event_timeout variants, foolishly presuming they have the same\nsemantics.  I very much like this.\"\n\nOne such bug is reported at\n  https://bugs.freedesktop.org/show_bug.cgi?id\u003d64133\n\nSigned-off-by: Imre Deak \u003cimre.deak@intel.com\u003e\nAcked-by: Daniel Vetter \u003cdaniel.vetter@ffwll.ch\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jens Axboe \u003caxboe@kernel.dk\u003e\nCc: \"Paul E.  McKenney\" \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Lukas Czerner \u003clczerner@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "dab2d3dc45ae7343216635d981d43637e1cb7d45",
      "tree": "a79004a3fcee0ada81f9dd12ed77caf5807edc58",
      "parents": [
        "dd77cf8cc7aca5902e759c26049730c151bc885f"
      ],
      "author": {
        "name": "Naoya Horiguchi",
        "email": "n-horiguchi@ah.jp.nec.com",
        "time": "Tue May 07 16:18:13 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun May 19 10:54:48 2013 -0700"
      },
      "message": "hugetlbfs: fix mmap failure in unaligned size request\n\ncommit af73e4d9506d3b797509f3c030e7dcd554f7d9c4 upstream.\n\nThe current kernel returns -EINVAL unless a given mmap length is\n\"almost\" hugepage aligned.  This is because in sys_mmap_pgoff() the\ngiven length is passed to vm_mmap_pgoff() as it is without being aligned\nwith hugepage boundary.\n\nThis is a regression introduced in commit 40716e29243d (\"hugetlbfs: fix\nalignment of huge page requests\"), where alignment code is pushed into\nhugetlb_file_setup() and the variable len in caller side is not changed.\n\nTo fix this, this patch partially reverts that commit, and adds\nalignment code in caller side.  And it also introduces hstate_sizelog()\nin order to get proper hstate to specified hugepage size.\n\nAddresses https://bugzilla.kernel.org/show_bug.cgi?id\u003d56881\n\n[akpm@linux-foundation.org: fix warning when CONFIG_HUGETLB_PAGE\u003dn]\nSigned-off-by: Naoya Horiguchi \u003cn-horiguchi@ah.jp.nec.com\u003e\nSigned-off-by: Johannes Weiner \u003channes@cmpxchg.org\u003e\nReported-by: \u003ciceman_dvd@yahoo.com\u003e\nCc: Steven Truelove \u003csteven.truelove@utoronto.ca\u003e\nCc: Jianguo Wu \u003cwujianguo@huawei.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Jianguo Wu \u003cwujianguo@huawei.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "7d9577d0b2d7958c821236064d995a995e1c4256",
      "tree": "a69a1229b1f5c8fc15e9ae683ad665ec16e17eb8",
      "parents": [
        "f2f17ef7c7a9ac2a9ed1160c768c67d2cf86b8d5"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Thu May 09 10:28:16 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun May 19 10:54:47 2013 -0700"
      },
      "message": "ipv6: do not clear pinet6 field\n\n[ Upstream commit f77d602124d865c38705df7fa25c03de9c284ad2 ]\n\nWe have seen multiple NULL dereferences in __inet6_lookup_established()\n\nAfter analysis, I found that inet6_sk() could be NULL while the\ncheck for sk_family \u003d\u003d AF_INET6 was true.\n\nBug was added in linux-2.6.29 when RCU lookups were introduced in UDP\nand TCP stacks.\n\nOnce an IPv6 socket, using SLAB_DESTROY_BY_RCU is inserted in a hash\ntable, we no longer can clear pinet6 field.\n\nThis patch extends logic used in commit fcbdf09d9652c891\n(\"net: fix nulls list corruptions in sk_prot_alloc\")\n\nTCP/UDP/UDPLite IPv6 protocols provide their own .clear_sk() method\nto make sure we do not clear pinet6 field.\n\nAt socket clone phase, we do not really care, as cloning the parent (non\nNULL) pinet6 is not adding a fatal race.\n\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "f2f17ef7c7a9ac2a9ed1160c768c67d2cf86b8d5",
      "tree": "d30412dc090b30800365582acba0f0f11924b2b4",
      "parents": [
        "e52507b9069411a0a770d49daa246f8cb2fbcde4"
      ],
      "author": {
        "name": "Jiri Pirko",
        "email": "jiri@resnulli.us",
        "time": "Thu May 09 04:23:40 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun May 19 10:54:47 2013 -0700"
      },
      "message": "macvlan: fix passthru mode race between dev removal and rx path\n\n[ Upstream commit 233c7df0821c4190e2d3f4be0f2ca0ab40a5ed8c, note\n  that I had to add list_first_or_null_rcu to rculist.h in order\n  to accomodate this fix. ]\n\nCurrently, if macvlan in passthru mode is created and data are rxed and\nyou remove this device, following panic happens:\n\nNULL pointer dereference at 0000000000000198\nIP: [\u003cffffffffa0196058\u003e] macvlan_handle_frame+0x153/0x1f7 [macvlan]\n\nI\u0027m using following script to trigger this:\n\u003cscript\u003e\nwhile [ 1 ]\ndo\n\tip link add link e1 name macvtap0 type macvtap mode passthru\n\tip link set e1 up\n\tip link set macvtap0 up\n\tIFINDEX\u003d`ip link |grep macvtap0 | cut -f 1 -d \u0027:\u0027`\n\tcat /dev/tap$IFINDEX  \u003e/dev/null \u0026\n\tip link del dev macvtap0\ndone\n\u003c/script\u003e\n\nI run this script while \"ping -f\" is running on another machine to send\npackets to e1 rx.\n\nReason of the panic is that list_first_entry() is blindly called in\nmacvlan_handle_frame() even if the list was empty. vlan is set to\nincorrect pointer which leads to the crash.\n\nI\u0027m fixing this by protecting port-\u003evlans list by rcu and by preventing\nfrom getting incorrect pointer in case the list is empty.\n\nIntroduced by: commit eb06acdc85585f2 \"macvlan: Introduce \u0027passthru\u0027 mode to takeover the underlying device\"\n\nSigned-off-by: Jiri Pirko \u003cjiri@resnulli.us\u003e\nAcked-by: Eric Dumazet \u003cedumazet@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "e52507b9069411a0a770d49daa246f8cb2fbcde4",
      "tree": "8bfea237f8984d26400320ba32456d50ddce9db8",
      "parents": [
        "9faef35be7ff4fbaeb6ed86ca5a3fdcf46d630be"
      ],
      "author": {
        "name": "Josh Boyer",
        "email": "jwboyer@redhat.com",
        "time": "Wed May 08 09:45:47 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun May 19 10:54:47 2013 -0700"
      },
      "message": "if_cablemodem.h: Add parenthesis around ioctl macros\n\n[ Upstream commit 4f924b2aa4d3cb30f07e57d6b608838edcbc0d88 ]\n\nProtect the SIOCGCM* ioctl macros with parenthesis.\n\nReported-by: Paul Wouters \u003cpwouters@redhat.com\u003e\nSigned-off-by: Josh Boyer \u003cjwboyer@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "8e1546d7e14ef043ff74070cea0aff55ba2f600c",
      "tree": "c595d2a41d374eb4d57366553cd3f628583d6697",
      "parents": [
        "1203d9c66e6b892bd8043eea51c5cd510d097266"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Wed Apr 24 18:34:55 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun May 19 10:54:43 2013 -0700"
      },
      "message": "tcp: force a dst refcount when prequeue packet\n\n[ Upstream commit 093162553c33e9479283e107b4431378271c735d ]\n\nBefore escaping RCU protected section and adding packet into\nprequeue, make sure the dst is refcounted.\n\nReported-by: Mike Galbraith \u003cbitbucket@online.de\u003e\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "ad86524f948c1914dbd5bc460a5c6fd131ec054a",
      "tree": "e123d937b7d8e6871bc161a6233f850c236e8d49",
      "parents": [
        "7c8b65e18db43c918ec3491e2712432d2a33f8a5"
      ],
      "author": {
        "name": "Anton Blanchard",
        "email": "anton@samba.org",
        "time": "Wed Jan 09 10:46:17 2013 +1100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun May 19 10:54:39 2013 -0700"
      },
      "message": "audit: Syscall rules are not applied to existing processes on non-x86\n\ncommit cdee3904b4ce7c03d1013ed6dd704b43ae7fc2e9 upstream.\n\nCommit b05d8447e782 (audit: inline audit_syscall_entry to reduce\nburden on archs) changed audit_syscall_entry to check for a dummy\ncontext before calling __audit_syscall_entry. Unfortunately the dummy\ncontext state is maintained in __audit_syscall_entry so once set it\nnever gets cleared, even if the audit rules change.\n\nAs a result, if there are no auditing rules when a process starts\nthen it will never be subject to any rules added later. x86 doesn\u0027t\nsee this because it has an assembly fast path that calls directly into\n__audit_syscall_entry.\n\nI noticed this issue when working on audit performance optimisations.\nI wrote a set of simple test cases available at:\n\nhttp://ozlabs.org/~anton/junkcode/audit_tests.tar.gz\n\n02_new_rule.py fails without the patch and passes with it. The\ntest case clears all rules, starts a process, adds a rule then\nverifies the process produces a syscall audit record.\n\nSigned-off-by: Anton Blanchard \u003canton@samba.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "0c98574b6a4bdcf84b6b61804cb1f68fb1d390a4",
      "tree": "8fe74f4a2812813efde1912a879a1227424ff456",
      "parents": [
        "3fe09e770fb1e5007af981a1eef4c3667e3e55f0"
      ],
      "author": {
        "name": "Alex Deucher",
        "email": "alexander.deucher@amd.com",
        "time": "Thu Apr 25 14:06:05 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sat May 11 13:48:14 2013 -0700"
      },
      "message": "drm/radeon: add new richland pci ids\n\ncommit 62d1f92e06aef9665d71ca7e986b3047ecf0b3c7 upstream.\n\nSigned-off-by: Alex Deucher \u003calexander.deucher@amd.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "6e98eded75064b5121ce759d1b0fb8568c598b1f",
      "tree": "155524133c571ea0819ed71d6e4ae3564155072a",
      "parents": [
        "10939f3f94637c3f243ef9f876b545b9839faf2a"
      ],
      "author": {
        "name": "Alex Deucher",
        "email": "alexander.deucher@amd.com",
        "time": "Thu Apr 25 13:55:15 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sat May 11 13:48:12 2013 -0700"
      },
      "message": "drm/radeon: add some new SI PCI ids\n\ncommit 18932a28419596bc9403770f5d8a108c5433fe59 upstream.\n\nSigned-off-by: Alex Deucher \u003calexander.deucher@amd.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "213116e53f9fde7896be9958e73d4e59bfea980b",
      "tree": "83050e644c69f12e6a3eaf5271a3ac7d87b33c1f",
      "parents": [
        "e99e7562943ded071fbd77066b1e4aee1e3815c2"
      ],
      "author": {
        "name": "Dmitry Monakhov",
        "email": "dmonakhov@openvz.org",
        "time": "Wed Apr 03 22:06:52 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue May 07 19:51:57 2013 -0700"
      },
      "message": "jbd2: fix race between jbd2_journal_remove_checkpoint and -\u003ej_commit_callback\n\ncommit 794446c6946513c684d448205fbd76fa35f38b72 upstream.\n\nThe following race is possible:\n\n[kjournald2]                              other_task\njbd2_journal_commit_transaction()\n  j_state \u003d T_FINISHED;\n  spin_unlock(\u0026journal-\u003ej_list_lock);\n                                         -\u003ejbd2_journal_remove_checkpoint()\n\t\t\t\t\t   -\u003ejbd2_journal_free_transaction();\n\t\t\t\t\t     -\u003ekmem_cache_free(transaction)\n  -\u003ej_commit_callback(journal, transaction);\n    -\u003e USE_AFTER_FREE\n\nWARNING: at lib/list_debug.c:62 __list_del_entry+0x1c0/0x250()\nHardware name:\nlist_del corruption. prev-\u003enext should be ffff88019a4ec198, but was 6b6b6b6b6b6b6b6b\nModules linked in: cpufreq_ondemand acpi_cpufreq freq_table mperf coretemp kvm_intel kvm crc32c_intel ghash_clmulni_intel microcode sg xhci_hcd button sd_mod crc_t10dif aesni_intel ablk_helper cryptd lrw aes_x86_64 xts gf128mul ahci libahci pata_acpi ata_generic dm_mirror dm_region_hash dm_log dm_mod\nPid: 16400, comm: jbd2/dm-1-8 Tainted: G        W    3.8.0-rc3+ #107\nCall Trace:\n [\u003cffffffff8106fb0d\u003e] warn_slowpath_common+0xad/0xf0\n [\u003cffffffff8106fc06\u003e] warn_slowpath_fmt+0x46/0x50\n [\u003cffffffff813637e9\u003e] ? ext4_journal_commit_callback+0x99/0xc0\n [\u003cffffffff8148cae0\u003e] __list_del_entry+0x1c0/0x250\n [\u003cffffffff813637bf\u003e] ext4_journal_commit_callback+0x6f/0xc0\n [\u003cffffffff813ca336\u003e] jbd2_journal_commit_transaction+0x23a6/0x2570\n [\u003cffffffff8108aa42\u003e] ? try_to_del_timer_sync+0x82/0xa0\n [\u003cffffffff8108b491\u003e] ? del_timer_sync+0x91/0x1e0\n [\u003cffffffff813d3ecf\u003e] kjournald2+0x19f/0x6a0\n [\u003cffffffff810ad630\u003e] ? wake_up_bit+0x40/0x40\n [\u003cffffffff813d3d30\u003e] ? bit_spin_lock+0x80/0x80\n [\u003cffffffff810ac6be\u003e] kthread+0x10e/0x120\n [\u003cffffffff810ac5b0\u003e] ? __init_kthread_worker+0x70/0x70\n [\u003cffffffff818ff6ac\u003e] ret_from_fork+0x7c/0xb0\n [\u003cffffffff810ac5b0\u003e] ? __init_kthread_worker+0x70/0x70\n\nIn order to demonstrace this issue one should mount ext4 with mount -o\ndiscard option on SSD disk.  This makes callback longer and race\nwindow becomes wider.\n\nIn order to fix this we should mark transaction as finished only after\ncallbacks have completed\n\nSigned-off-by: Dmitry Monakhov \u003cdmonakhov@openvz.org\u003e\nSigned-off-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "b7d885f21da64b75066f42246da6968e3769b951",
      "tree": "65d90fc56637f12d65a981e65cb94011191e695b",
      "parents": [
        "131e3afd38ede147ad56179d352a9d7b8b3d966f"
      ],
      "author": {
        "name": "Robin Holt",
        "email": "holt@sgi.com",
        "time": "Tue Apr 30 19:15:54 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue May 07 19:51:56 2013 -0700"
      },
      "message": "ipc: sysv shared memory limited to 8TiB\n\ncommit d69f3bad4675ac519d41ca2b11e1c00ca115cecd upstream.\n\nTrying to run an application which was trying to put data into half of\nmemory using shmget(), we found that having a shmall value below 8EiB-8TiB\nwould prevent us from using anything more than 8TiB.  By setting\nkernel.shmall greater than 8EiB-8TiB would make the job work.\n\nIn the newseg() function, ns-\u003eshm_tot which, at 8TiB is INT_MAX.\n\nipc/shm.c:\n 458 static int newseg(struct ipc_namespace *ns, struct ipc_params *params)\n 459 {\n...\n 465         int numpages \u003d (size + PAGE_SIZE -1) \u003e\u003e PAGE_SHIFT;\n...\n 474         if (ns-\u003eshm_tot + numpages \u003e ns-\u003eshm_ctlall)\n 475                 return -ENOSPC;\n\n[akpm@linux-foundation.org: make ipc/shm.c:newseg()\u0027s numpages size_t, not int]\nSigned-off-by: Robin Holt \u003cholt@sgi.com\u003e\nReported-by: Alex Thorlton \u003cathorlton@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "273a82bee94d42ba58b264bc427cd75df65b81fc",
      "tree": "29c58f1e1b209f4e6ab09fb0ea8188e52501d6db",
      "parents": [
        "ede49f3642cce1fe60ac81cb1953e7a8fd91e8ce"
      ],
      "author": {
        "name": "Hugh Dickins",
        "email": "hughd@google.com",
        "time": "Mon Apr 29 15:07:44 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue May 07 19:51:55 2013 -0700"
      },
      "message": "mm: allow arch code to control the user page table ceiling\n\ncommit 6ee8630e02be6dd89926ca0fbc21af68b23dc087 upstream.\n\nOn architectures where a pgd entry may be shared between user and kernel\n(e.g.  ARM+LPAE), freeing page tables needs a ceiling other than 0.\nThis patch introduces a generic USER_PGTABLES_CEILING that arch code can\noverride.  It is the responsibility of the arch code setting the ceiling\nto ensure the complete freeing of the page tables (usually in\npgd_free()).\n\n[catalin.marinas@arm.com: commit log; shift_arg_pages(), asm-generic/pgtables.h changes]\nSigned-off-by: Hugh Dickins \u003chughd@google.com\u003e\nSigned-off-by: Catalin Marinas \u003ccatalin.marinas@arm.com\u003e\nCc: Russell King \u003clinux@arm.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "ca4bf7c6970aee586c4b6b642e011e3847ac5f93",
      "tree": "5a09c1404e30b8647502300f19516bc6720df17a",
      "parents": [
        "4087320fd8d0164c4b53fe5f9c26c0d3eaba7d2d"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Apr 19 15:32:32 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed May 01 09:41:16 2013 -0700"
      },
      "message": "net: fix incorrect credentials passing\n\n[ Upstream commit 83f1b4ba917db5dc5a061a44b3403ddb6e783494 ]\n\nCommit 257b5358b32f (\"scm: Capture the full credentials of the scm\nsender\") changed the credentials passing code to pass in the effective\nuid/gid instead of the real uid/gid.\n\nObviously this doesn\u0027t matter most of the time (since normally they are\nthe same), but it results in differences for suid binaries when the wrong\nuid/gid ends up being used.\n\nThis just undoes that (presumably unintentional) part of the commit.\n\nReported-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "1ab6b2a5a0970c887166b732fd3ad347979f2cec",
      "tree": "816c2b7f42d8a6779bb48adba53ec461560937e8",
      "parents": [
        "ba12001651d677a8742aa465d3996885d2568f98"
      ],
      "author": {
        "name": "Patrick McHardy",
        "email": "kaber@trash.net",
        "time": "Fri Apr 05 20:42:05 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed May 01 09:41:07 2013 -0700"
      },
      "message": "netfilter: don\u0027t reset nf_trace in nf_reset()\n\n[ Upstream commit 124dff01afbdbff251f0385beca84ba1b9adda68 ]\n\nCommit 130549fe (\"netfilter: reset nf_trace in nf_reset\") added code\nto reset nf_trace in nf_reset(). This is wrong and unnecessary.\n\nnf_reset() is used in the following cases:\n\n- when passing packets up the the socket layer, at which point we want to\n  release all netfilter references that might keep modules pinned while\n  the packet is queued. nf_trace doesn\u0027t matter anymore at this point.\n\n- when encapsulating or decapsulating IPsec packets. We want to continue\n  tracing these packets after IPsec processing.\n\n- when passing packets through virtual network devices. Only devices on\n  that encapsulate in IPv4/v6 matter since otherwise nf_trace is not\n  used anymore. Its not entirely clear whether those packets should\n  be traced after that, however we\u0027ve always done that.\n\n- when passing packets through virtual network devices that make the\n  packet cross network namespace boundaries. This is the only cases\n  where we clearly want to reset nf_trace and is also what the\n  original patch intended to fix.\n\nAdd a new function nf_reset_trace() and use it in dev_forward_skb() to\nfix this properly.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "617f13b4194b6aad612733a932bc89d883d9325e",
      "tree": "ab3ae7170a72801d5b9cca9092abc09d05b02747",
      "parents": [
        "ef95e3d5d7325b87ca22c4aa72710ac152315559"
      ],
      "author": {
        "name": "Vlad Yasevich",
        "email": "vyasevic@redhat.com",
        "time": "Tue Apr 02 17:10:07 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed May 01 09:41:06 2013 -0700"
      },
      "message": "net: count hw_addr syncs so that unsync works properly.\n\n[ Upstream commit 4543fbefe6e06a9e40d9f2b28d688393a299f079 ]\n\nA few drivers use dev_uc_sync/unsync to synchronize the\naddress lists from master down to slave/lower devices.  In\nsome cases (bond/team) a single address list is synched down\nto multiple devices.  At the time of unsync, we have a leak\nin these lower devices, because \"synced\" is treated as a\nboolean and the address will not be unsynced for anything after\nthe first device/call.\n\nTreat \"synced\" as a count (same as refcount) and allow all\nunsync calls to work.\n\nSigned-off-by: Vlad Yasevich \u003cvyasevic@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "c420060e7b21368c21972e8a29e4ff56abb9d219",
      "tree": "069e6e4afb23f00817a7daf0bec549435359ab27",
      "parents": [
        "726cc91ed26521f3e678346e5745203a70edd456"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Tue Apr 16 13:45:37 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Apr 25 21:19:56 2013 -0700"
      },
      "message": "vm: add vm_iomap_memory() helper function\n\ncommit b4cbb197c7e7a68dbad0d491242e3ca67420c13e upstream.\n\nVarious drivers end up replicating the code to mmap() their memory\nbuffers into user space, and our core memory remapping function may be\nvery flexible but it is unnecessarily complicated for the common cases\nto use.\n\nOur internal VM uses pfn\u0027s (\"page frame numbers\") which simplifies\nthings for the VM, and allows us to pass physical addresses around in a\ndenser and more efficient format than passing a \"phys_addr_t\" around,\nand having to shift it up and down by the page size.  But it just means\nthat drivers end up doing that shifting instead at the interface level.\n\nIt also means that drivers end up mucking around with internal VM things\nlike the vma details (vm_pgoff, vm_start/end) way more than they really\nneed to.\n\nSo this just exports a function to map a certain physical memory range\ninto user space (using a phys_addr_t based interface that is much more\nnatural for a driver) and hides all the complexity from the driver.\nSome drivers will still end up tweaking the vm_page_prot details for\nthings like prefetching or cacheability etc, but that\u0027s actually\nrelevant to the driver, rather than caring about what the page offset of\nthe mapping is into the particular IO memory region.\n\nAcked-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n\n"
    },
    {
      "commit": "d6b8c333ca71eba35911fc4460ca37568ccfa9c0",
      "tree": "da26dfb9cb9e1e4b672dd22bea47f4486bf6d75b",
      "parents": [
        "f4ec6e0f475dd23157042a150c8f3dcfa528a8ca"
      ],
      "author": {
        "name": "Rafał Miłecki",
        "email": "zajec5@gmail.com",
        "time": "Tue Apr 02 15:57:26 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Apr 25 21:19:55 2013 -0700"
      },
      "message": "ssb: implement spurious tone avoidance\n\ncommit 46fc4c909339f5a84d1679045297d9d2fb596987 upstream.\n\nAnd make use of it in b43. This fixes a regression introduced with\n49d55cef5b1925a5c1efb6aaddaa40fc7c693335\nb43: N-PHY: implement spurious tone avoidance\nThis commit made BCM4322 use only MCS 0 on channel 13, which of course\nresulted in performance drop (down to 0.7Mb/s).\n\nReported-by: Stefan Brüns \u003cstefan.bruens@rwth-aachen.de\u003e\nSigned-off-by: Rafał Miłecki \u003czajec5@gmail.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "2a6b0247eee46f424e032fb7431cc4700ad19ea5",
      "tree": "99660b47a9ccc8e1123f4363ca0a95875a7f7ea6",
      "parents": [
        "f56d137aa68f8edadac247aa48b335f2776954ff"
      ],
      "author": {
        "name": "Andrew Honig",
        "email": "ahonig@google.com",
        "time": "Fri Mar 29 09:35:21 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Apr 25 21:19:55 2013 -0700"
      },
      "message": "KVM: Allow cross page reads and writes from cached translations.\n\ncommit 8f964525a121f2ff2df948dac908dcc65be21b5b upstream.\n\nThis patch adds support for kvm_gfn_to_hva_cache_init functions for\nreads and writes that will cross a page.  If the range falls within\nthe same memslot, then this will be a fast operation.  If the range\nis split between two memslots, then the slower kvm_read_guest and\nkvm_write_guest are used.\n\nTested: Test against kvm_clock unit tests.\n\nSigned-off-by: Andrew Honig \u003cahonig@google.com\u003e\nSigned-off-by: Gleb Natapov \u003cgleb@redhat.com\u003e\nCc: Ben Hutchings \u003cben@decadent.org.uk\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "e3a55052f4773105dbd23f72dec4aeac82dea871",
      "tree": "287ba056309faab0f819fa03b74f6770430d5b49",
      "parents": [
        "7077c66b3ab3a1d336648cf88f54df43709ebac3"
      ],
      "author": {
        "name": "Thomas Hellstrom",
        "email": "thellstrom@vmware.com",
        "time": "Tue Nov 06 11:31:49 2012 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue Apr 16 21:27:26 2013 -0700"
      },
      "message": "kref: Implement kref_get_unless_zero v3\n\ncommit 4b20db3de8dab005b07c74161cb041db8c5ff3a7 upstream.\n\nThis function is intended to simplify locking around refcounting for\nobjects that can be looked up from a lookup structure, and which are\nremoved from that lookup structure in the object destructor.\nOperations on such objects require at least a read lock around\nlookup + kref_get, and a write lock around kref_put + remove from lookup\nstructure. Furthermore, RCU implementations become extremely tricky.\nWith a lookup followed by a kref_get_unless_zero *with return value check*\nlocking in the kref_put path can be deferred to the actual removal from\nthe lookup structure and RCU lookups become trivial.\n\nv2: Formatting fixes.\nv3: Invert the return value.\n\nSigned-off-by: Thomas Hellstrom \u003cthellstrom@vmware.com\u003e\nSigned-off-by: Dave Airlie \u003cairlied@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "a227904b82c591bf9531b9deac1e60fbe96abfed",
      "tree": "b8842e19626ce583e64546b9ae20fabee91a53e8",
      "parents": [
        "261c874090bde0efb5040608d8123d5f0fadcac8"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Tue Apr 09 10:48:33 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 12 09:38:46 2013 -0700"
      },
      "message": "spinlocks and preemption points need to be at least compiler barriers\n\ncommit 386afc91144b36b42117b0092893f15bc8798a80 upstream.\n\nIn UP and non-preempt respectively, the spinlocks and preemption\ndisable/enable points are stubbed out entirely, because there is no\nregular code that can ever hit the kind of concurrency they are meant to\nprotect against.\n\nHowever, while there is no regular code that can cause scheduling, we\n_do_ end up having some exceptional (literally!) code that can do so,\nand that we need to make sure does not ever get moved into the critical\nregion by the compiler.\n\nIn particular, get_user() and put_user() is generally implemented as\ninline asm statements (even if the inline asm may then make a call\ninstruction to call out-of-line), and can obviously cause a page fault\nand IO as a result.  If that inline asm has been scheduled into the\nmiddle of a preemption-safe (or spinlock-protected) code region, we\nobviously lose.\n\nNow, admittedly this is *very* unlikely to actually ever happen, and\nwe\u0027ve not seen examples of actual bugs related to this.  But partly\nexactly because it\u0027s so hard to trigger and the resulting bug is so\nsubtle, we should be extra careful to get this right.\n\nSo make sure that even when preemption is disabled, and we don\u0027t have to\ngenerate any actual *code* to explicitly tell the system that we are in\na preemption-disabled region, we need to at least tell the compiler not\nto move things around the critical region.\n\nThis patch grew out of the same discussion that caused commits\n79e5f05edcbf (\"ARC: Add implicit compiler barrier to raw_local_irq*\nfunctions\") and 3e2e0d2c222b (\"tile: comment assumption about\n__insn_mtspr for \u003casm/irqflags.h\u003e\") to come about.\n\nNote for stable: use discretion when/if applying this.  As mentioned,\nthis bug may never have actually bitten anybody, and gcc may never have\ndone the required code motion for it to possibly ever trigger in\npractice.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCc: Steven Rostedt \u003csrostedt@redhat.com\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "284aeebb312c2b2464673bf68b9a32e415b5145a",
      "tree": "71fbc5fdade725cba28c6fe25da459cdd7a5d4b8",
      "parents": [
        "57b41f6193014b2a4a67c270dd77d801fd337d98"
      ],
      "author": {
        "name": "Shan Hai",
        "email": "shan.hai@windriver.com",
        "time": "Mon Mar 18 10:30:44 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 12 09:38:44 2013 -0700"
      },
      "message": "libata: Set max sector to 65535 for Slimtype DVD A DS8A8SH drive\n\ncommit a32450e127fc6e5ca6d958ceb3cfea4d30a00846 upstream.\n\nThe Slimtype DVD A  DS8A8SH drive locks up when max sector is smaller than\n65535, and the blow backtrace is observed on locking up:\n\nINFO: task flush-8:32:1130 blocked for more than 120 seconds.\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\nflush-8:32      D ffffffff8180cf60     0  1130      2 0x00000000\n ffff880273aef618 0000000000000046 0000000000000005 ffff880273aee000\n ffff880273aee000 ffff880273aeffd8 ffff880273aee010 ffff880273aee000\n ffff880273aeffd8 ffff880273aee000 ffff88026e842ea0 ffff880274a10000\nCall Trace:\n [\u003cffffffff8168fc2d\u003e] schedule+0x5d/0x70\n [\u003cffffffff8168fccc\u003e] io_schedule+0x8c/0xd0\n [\u003cffffffff81324461\u003e] get_request+0x731/0x7d0\n [\u003cffffffff8133dc60\u003e] ? cfq_allow_merge+0x50/0x90\n [\u003cffffffff81083aa0\u003e] ? wake_up_bit+0x40/0x40\n [\u003cffffffff81320443\u003e] ? bio_attempt_back_merge+0x33/0x110\n [\u003cffffffff813248ea\u003e] blk_queue_bio+0x23a/0x3f0\n [\u003cffffffff81322176\u003e] generic_make_request+0xc6/0x120\n [\u003cffffffff81322308\u003e] submit_bio+0x138/0x160\n [\u003cffffffff811d7596\u003e] ? bio_alloc_bioset+0x96/0x120\n [\u003cffffffff811d1f61\u003e] submit_bh+0x1f1/0x220\n [\u003cffffffff811d48b8\u003e] __block_write_full_page+0x228/0x340\n [\u003cffffffff811d3650\u003e] ? attach_nobh_buffers+0xc0/0xc0\n [\u003cffffffff811d8960\u003e] ? I_BDEV+0x10/0x10\n [\u003cffffffff811d8960\u003e] ? I_BDEV+0x10/0x10\n [\u003cffffffff811d4ab6\u003e] block_write_full_page_endio+0xe6/0x100\n [\u003cffffffff811d4ae5\u003e] block_write_full_page+0x15/0x20\n [\u003cffffffff811d9268\u003e] blkdev_writepage+0x18/0x20\n [\u003cffffffff81142527\u003e] __writepage+0x17/0x40\n [\u003cffffffff811438ba\u003e] write_cache_pages+0x34a/0x4a0\n [\u003cffffffff81142510\u003e] ? set_page_dirty+0x70/0x70\n [\u003cffffffff81143a61\u003e] generic_writepages+0x51/0x80\n [\u003cffffffff81143ab0\u003e] do_writepages+0x20/0x50\n [\u003cffffffff811c9ed6\u003e] __writeback_single_inode+0xa6/0x2b0\n [\u003cffffffff811ca861\u003e] writeback_sb_inodes+0x311/0x4d0\n [\u003cffffffff811caaa6\u003e] __writeback_inodes_wb+0x86/0xd0\n [\u003cffffffff811cad43\u003e] wb_writeback+0x1a3/0x330\n [\u003cffffffff816916cf\u003e] ? _raw_spin_lock_irqsave+0x3f/0x50\n [\u003cffffffff811b8362\u003e] ? get_nr_inodes+0x52/0x70\n [\u003cffffffff811cb0ac\u003e] wb_do_writeback+0x1dc/0x260\n [\u003cffffffff8168dd34\u003e] ? schedule_timeout+0x204/0x240\n [\u003cffffffff811cb232\u003e] bdi_writeback_thread+0x102/0x2b0\n [\u003cffffffff811cb130\u003e] ? wb_do_writeback+0x260/0x260\n [\u003cffffffff81083550\u003e] kthread+0xc0/0xd0\n [\u003cffffffff81083490\u003e] ? kthread_worker_fn+0x1b0/0x1b0\n [\u003cffffffff8169a3ec\u003e] ret_from_fork+0x7c/0xb0\n [\u003cffffffff81083490\u003e] ? kthread_worker_fn+0x1b0/0x1b0\n\n The above trace was triggered by\n   \"dd if\u003d/dev/zero of\u003d/dev/sr0 bs\u003d2048 count\u003d32768\"\n\n It was previously working by accident, since another bug introduced\n by 4dce8ba94c7 (libata: Use \u0027bool\u0027 return value for ata_id_XXX) caused\n all drives to use maxsect\u003d65535.\n\nSigned-off-by: Shan Hai \u003cshan.hai@windriver.com\u003e\nSigned-off-by: Jeff Garzik \u003cjgarzik@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "57b41f6193014b2a4a67c270dd77d801fd337d98",
      "tree": "e7ba3d038511ab08027428518796f3edeaf8dc92",
      "parents": [
        "91777f102bc6c5d72bf637281b74ba96c1447850"
      ],
      "author": {
        "name": "Shan Hai",
        "email": "shan.hai@windriver.com",
        "time": "Mon Mar 18 10:30:43 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 12 09:38:44 2013 -0700"
      },
      "message": "libata: Use integer return value for atapi_command_packet_set\n\ncommit d8668fcb0b257d9fdcfbe5c172a99b8d85e1cd82 upstream.\n\nThe function returns type of ATAPI drives so it should return integer value.\nThe commit 4dce8ba94c7 (libata: Use \u0027bool\u0027 return value for ata_id_XXX) since\nv2.6.39 changed the type of return value from int to bool, the change would\ncause all of the ATAPI class drives to be treated as TYPE_TAPE and the\nmax_sectors of the drives to be set to 65535 because of the commit\nf8d8e5799b7(libata: increase 128 KB / cmd limit for ATAPI tape drives), for the\nfunction would return true for all ATAPI class drives and the TYPE_TAPE is\ndefined as 0x01.\n\nSigned-off-by: Shan Hai \u003cshan.hai@windriver.com\u003e\nSigned-off-by: Jeff Garzik \u003cjgarzik@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "a9304844277ca08288b54df5ee9201c5ce3e4cbf",
      "tree": "1bca8c782dbd681644066a6f512beacc8f41801c",
      "parents": [
        "71ec40e8f0a5eefca7b318f133f90dc4f2302c4f"
      ],
      "author": {
        "name": "Andrey Vagin",
        "email": "avagin@openvz.org",
        "time": "Thu Mar 21 20:33:46 2013 +0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 05 10:04:40 2013 -0700"
      },
      "message": "net: fix *_DIAG_MAX constants\n\n[ Upstream commit ae5fc98728c8bbbd6d7cab0b9781671fc4419c1b ]\n\nFollow the common pattern and define *_DIAG_MAX like:\n\n        [...]\n        __XXX_DIAG_MAX,\n};\n\nBecause everyone is used to do:\n\n        struct nlattr *attrs[XXX_DIAG_MAX+1];\n\n        nla_parse([...], XXX_DIAG_MAX, [...]\n\nReported-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nCc: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrey Vagin \u003cavagin@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "b9f3bf1d0fe1e9ef11d1d607906138e9f84f7616",
      "tree": "34b9e1f7679eb5f563c0e506ff811d736878774c",
      "parents": [
        "a83417946df6c57fbb4d4383c992c5ffd59b56c2"
      ],
      "author": {
        "name": "Masatake YAMATO",
        "email": "yamato@redhat.com",
        "time": "Mon Apr 01 14:50:40 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 05 10:04:38 2013 -0700"
      },
      "message": "thermal: shorten too long mcast group name\n\n[ Upstream commits 73214f5d9f33b79918b1f7babddd5c8af28dd23d\n  and f1e79e208076ffe7bad97158275f1c572c04f5c7, the latter\n  adds an assertion to genetlink to prevent this from happening\n  again in the future. ]\n\nThe original name is too long.\n\nSigned-off-by: Masatake YAMATO \u003cyamato@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "119016c59b6a83cf168f0f1202f2251122f0d5b3",
      "tree": "8a9ccdc968b15db1a845276aaa9be4492c8b2986",
      "parents": [
        "2c0260b234031e0dd0266baafbc4d8e1eb580bb6"
      ],
      "author": {
        "name": "David Vrabel",
        "email": "david.vrabel@citrix.com",
        "time": "Thu Mar 07 17:32:01 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 05 10:04:18 2013 -0700"
      },
      "message": "xen/blkback: correctly respond to unknown, non-native requests\n\ncommit 0e367ae46503cfe7791460c8ba8434a5d60b2bd5 upstream.\n\nIf the frontend is using a non-native protocol (e.g., a 64-bit\nfrontend with a 32-bit backend) and it sent an unrecognized request,\nthe request was not translated and the response would have the\nincorrect ID.  This may cause the frontend driver to behave\nincorrectly or crash.\n\nSince the ID field in the request is always in the same place,\nregardless of the request type we can get the correct ID and make a\nvalid response (which will report BLKIF_RSP_EOPNOTSUPP).\n\nThis bug affected 64-bit SLES 11 guests when using a 32-bit backend.\nThis guest does a BLKIF_OP_RESERVED_1 (BLKIF_OP_PACKET in the SLES\nsource) and would crash in blkif_int() as the ID in the response would\nbe invalid.\n\nSigned-off-by: David Vrabel \u003cdavid.vrabel@citrix.com\u003e\nSigned-off-by: Konrad Rzeszutek Wilk \u003ckonrad.wilk@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "556ba7075b9b95a0439cd7b52a1284b88b8fa755",
      "tree": "83030591531a58bc4419a77e30123aedaaf5a33f",
      "parents": [
        "f3b5af9a6e2a873110bb8546b42ae7c51f2213b3"
      ],
      "author": {
        "name": "Ben Hutchings",
        "email": "ben@decadent.org.uk",
        "time": "Sun Nov 25 22:24:19 2012 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Apr 05 10:04:14 2013 -0700"
      },
      "message": "signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer\n\nVaguely based on upstream commit 574c4866e33d \u0027consolidate kernel-side\nstruct sigaction declarations\u0027.\n\nflush_signal_handlers() needs to know whether sigaction::sa_restorer\nis defined, not whether SA_RESTORER is defined.  Define the\n__ARCH_HAS_SA_RESTORER macro to indicate this.\n\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "023eae6de094c527f85c5fc3e9a8a364af56b1af",
      "tree": "899b193a9ba356d2ac6b404a93b1c2545407d709",
      "parents": [
        "2f7dea37d1b0b3a26fb3c2bd97bbf836dfd04def"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Mon Dec 17 16:03:20 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 28 12:12:28 2013 -0700"
      },
      "message": "exec: use -ELOOP for max recursion depth\n\ncommit d740269867021faf4ce38a449353d2b986c34a67 upstream.\n\nTo avoid an explosion of request_module calls on a chain of abusive\nscripts, fail maximum recursion with -ELOOP instead of -ENOEXEC. As soon\nas maximum recursion depth is hit, the error will fail all the way back\nup the chain, aborting immediately.\n\nThis also has the side-effect of stopping the user\u0027s shell from attempting\nto reexecute the top-level file as a shell script. As seen in the\ndash source:\n\n        if (cmd !\u003d path_bshell \u0026\u0026 errno \u003d\u003d ENOEXEC) {\n                *argv-- \u003d cmd;\n                *argv \u003d cmd \u003d path_bshell;\n                goto repeat;\n        }\n\nThe above logic was designed for running scripts automatically that lacked\nthe \"#!\" header, not to re-try failed recursion. On a legitimate -ENOEXEC,\nthings continue to behave as the shell expects.\n\nAdditionally, when tracking recursion, the binfmt handlers should not be\ninvolved. The recursion being tracked is the depth of calls through\nsearch_binary_handler(), so that function should be exclusively responsible\nfor tracking the depth.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: halfdog \u003cme@halfdog.net\u003e\nCc: P J P \u003cppandit@redhat.com\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCc: Ben Hutchings \u003cben@decadent.org.uk\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "2cf470d198f3bf272910dff8f039ee77fc61db0c",
      "tree": "a066dce503e92cda81afdea687cd2e29e0a19a87",
      "parents": [
        "6e8d94de159e7520e6ff1ecaf8419844b93631e7"
      ],
      "author": {
        "name": "Alex Deucher",
        "email": "alexander.deucher@amd.com",
        "time": "Fri Mar 08 13:36:54 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 28 12:12:13 2013 -0700"
      },
      "message": "drm/radeon: add Richland pci ids\n\ncommit b75bbaa038ffc426e88ea3df6c4ae11834fc3e4f upstream.\n\nReviewed-by: Jerome Glisse \u003cjglisse@redhat.com\u003e\nSigned-off-by: Alex Deucher \u003calexander.deucher@amd.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "1280938465132080915aef414a1f40f62831bab9",
      "tree": "a2055fce3874fea9ddec94d17658e7d3ec18dc66",
      "parents": [
        "05bec9da3978124bde3b40bfa0404760f45aa399"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Fri Mar 15 11:32:30 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 28 12:11:54 2013 -0700"
      },
      "message": "inet: limit length of fragment queue hash table bucket lists\n\n[ Upstream commit 5a3da1fe9561828d0ca7eca664b16ec2b9bf0055 ]\n\nThis patch introduces a constant limit of the fragment queue hash\ntable bucket list lengths. Currently the limit 128 is choosen somewhat\narbitrary and just ensures that we can fill up the fragment cache with\nempty packets up to the default ip_frag_high_thresh limits. It should\njust protect from list iteration eating considerable amounts of cpu.\n\nIf we reach the maximum length in one hash bucket a warning is printed.\nThis is implemented on the caller side of inet_frag_find to distinguish\nbetween the different users of inet_fragment.c.\n\nI dropped the out of memory warning in the ipv4 fragment lookup path,\nbecause we already get a warning by the slab allocator.\n\nCc: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: Jesper Dangaard Brouer \u003cjbrouer@redhat.com\u003e\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nAcked-by: Eric Dumazet \u003cedumazet@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "b6da578e2a610a64e89f2a983f7675eb301c5d35",
      "tree": "e9a01ac902578dcb3c0cca6b9126e294d02942a7",
      "parents": [
        "6a2d122cdd939e33279baf351c7cbf12c50eaeb5"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Thu Mar 14 05:40:32 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 28 12:11:53 2013 -0700"
      },
      "message": "tcp: fix skb_availroom()\n\n[ Upstream commit 16fad69cfe4adbbfa813de516757b87bcae36d93 ]\n\nChrome OS team reported a crash on a Pixel ChromeBook in TCP stack :\n\nhttps://code.google.com/p/chromium/issues/detail?id\u003d182056\n\ncommit a21d45726acac (tcp: avoid order-1 allocations on wifi and tx\npath) did a poor choice adding an \u0027avail_size\u0027 field to skb, while\nwhat we really needed was a \u0027reserved_tailroom\u0027 one.\n\nIt would have avoided commit 22b4a4f22da (tcp: fix retransmit of\npartially acked frames) and this commit.\n\nCrash occurs because skb_split() is not aware of the \u0027avail_size\u0027\nmanagement (and should not be aware)\n\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nReported-by: Mukesh Agrawal \u003cquiche@chromium.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "6a2d122cdd939e33279baf351c7cbf12c50eaeb5",
      "tree": "d33d3ae99144bd170bd0453016fa85b2eae75ad6",
      "parents": [
        "ca42fad953eab535f12b04cea9622b253faebb0b"
      ],
      "author": {
        "name": "Denis V. Lunev",
        "email": "den@openvz.org",
        "time": "Wed Mar 13 00:24:15 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 28 12:11:53 2013 -0700"
      },
      "message": "ipv4: fix definition of FIB_TABLE_HASHSZ\n\n[ Upstream commit 5b9e12dbf92b441b37136ea71dac59f05f2673a9 ]\n\na long time ago by the commit\n\n  commit 93456b6d7753def8760b423ac6b986eb9d5a4a95\n  Author: Denis V. Lunev \u003cden@openvz.org\u003e\n  Date:   Thu Jan 10 03:23:38 2008 -0800\n\n    [IPV4]: Unify access to the routing tables.\n\nthe defenition of FIB_HASH_TABLE size has obtained wrong dependency:\nit should depend upon CONFIG_IP_MULTIPLE_TABLES (as was in the original\ncode) but it was depended from CONFIG_IP_ROUTE_MULTIPATH\n\nThis patch returns the situation to the original state.\n\nThe problem was spotted by Tingwei Liu.\n\nSigned-off-by: Denis V. Lunev \u003cden@openvz.org\u003e\nCC: Tingwei Liu \u003ctingw.liu@gmail.com\u003e\nCC: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "cb505e2eb68fe9e22afa220bf172f6aa090b7dca",
      "tree": "d1b25dcc977afffedbca41ee63b331c6f49f1f00",
      "parents": [
        "a40a945f829a2b95d5460491d81061166817e3cb"
      ],
      "author": {
        "name": "Johan Hovold",
        "email": "jhovold@gmail.com",
        "time": "Tue Feb 05 14:35:11 2013 +0100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Mar 20 13:05:00 2013 -0700"
      },
      "message": "atmel_lcdfb: fix 16-bpp modes on older SOCs\n\ncommit a79eac7165ed62114e6ca197195aa5060a54f137 upstream.\n\nFix regression introduced by commit 787f9fd23283 (\"atmel_lcdfb: support\n16bit BGR:565 mode, remove unsupported 15bit modes\") which broke 16-bpp\nmodes for older SOCs which use IBGR:555 (msb is intensity) rather\nthan BGR:565.\n\nUse SOC-type to determine the pixel layout.\n\nTested on at91sam9263 and at91sam9g45.\n\nAcked-by: Peter Korsgaard \u003cjacmet@sunsite.dk\u003e\nSigned-off-by: Johan Hovold \u003cjhovold@gmail.com\u003e\nSigned-off-by: Nicolas Ferre \u003cnicolas.ferre@atmel.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "6bf083ffc825244992274a23017655caee8e4c58",
      "tree": "e74f39428f6ed033b83b5e1e227d9883669fee7c",
      "parents": [
        "d7805638b85ce978f7c0cf1ac49204d4288084f6"
      ],
      "author": {
        "name": "David Rientjes",
        "email": "rientjes@google.com",
        "time": "Sun Mar 17 15:49:10 2013 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Mar 20 13:05:00 2013 -0700"
      },
      "message": "perf,x86: fix link failure for non-Intel configs\n\ncommit 6c4d3bc99b3341067775efd4d9d13cc8e655fd7c upstream.\n\nCommit 1d9d8639c063 (\"perf,x86: fix kernel crash with PEBS/BTS after\nsuspend/resume\") introduces a link failure since\nperf_restore_debug_store() is only defined for CONFIG_CPU_SUP_INTEL:\n\n\tarch/x86/power/built-in.o: In function `restore_processor_state\u0027:\n\t(.text+0x45c): undefined reference to `perf_restore_debug_store\u0027\n\nFix it by defining the dummy function appropriately.\n\nSigned-off-by: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "9a9b01c04ef4b844f64bbf36987f918e64e304a2",
      "tree": "12cd294a8b45e518c2083f399ef67b22348039df",
      "parents": [
        "75750fc43320a6b2ef9852b3437fa25104add6f6"
      ],
      "author": {
        "name": "Stephane Eranian",
        "email": "eranian@google.com",
        "time": "Fri Mar 15 14:26:07 2013 +0100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Mar 20 13:04:59 2013 -0700"
      },
      "message": "perf,x86: fix kernel crash with PEBS/BTS after suspend/resume\n\ncommit 1d9d8639c063caf6efc2447f5f26aa637f844ff6 upstream.\n\nThis patch fixes a kernel crash when using precise sampling (PEBS)\nafter a suspend/resume. Turns out the CPU notifier code is not invoked\non CPU0 (BP). Therefore, the DS_AREA (used by PEBS) is not restored properly\nby the kernel and keeps it power-on/resume value of 0 causing any PEBS\nmeasurement to crash when running on CPU0.\n\nThe workaround is to add a hook in the actual resume code to restore\nthe DS Area MSR value. It is invoked for all CPUS. So for all but CPU0,\nthe DS_AREA will be restored twice but this is harmless.\n\nReported-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Stephane Eranian \u003ceranian@google.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "68412b1718c488e58783d1c576d0aeb34012092d",
      "tree": "369e927a49f4b7a3e652783d83d8660fc7eca529",
      "parents": [
        "06f924f163e4426ce6a8d4cf61b45f2fc8eaeecc"
      ],
      "author": {
        "name": "Seiji Aguchi",
        "email": "seiji.aguchi@hds.com",
        "time": "Fri Jan 11 18:09:41 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Mar 04 06:06:43 2013 +0800"
      },
      "message": "pstore: Avoid deadlock in panic and emergency-restart path\n\ncommit 9f244e9cfd70c7c0f82d3c92ce772ab2a92d9f64 upstream.\n\n[Issue]\n\nWhen pstore is in panic and emergency-restart paths, it may be blocked\nin those paths because it simply takes spin_lock.\n\nThis is an example scenario which pstore may hang up in a panic path:\n\n - cpuA grabs psinfo-\u003ebuf_lock\n - cpuB panics and calls smp_send_stop\n - smp_send_stop sends IRQ to cpuA\n - after 1 second, cpuB gives up on cpuA and sends an NMI instead\n - cpuA is now in an NMI handler while still holding buf_lock\n - cpuB is deadlocked\n\nThis case may happen if a firmware has a bug and\ncpuA is stuck talking with it more than one second.\n\nAlso, this is a similar scenario in an emergency-restart path:\n\n - cpuA grabs psinfo-\u003ebuf_lock and stucks in a firmware\n - cpuB kicks emergency-restart via either sysrq-b or hangcheck timer.\n   And then, cpuB is deadlocked by taking psinfo-\u003ebuf_lock again.\n\n[Solution]\n\nThis patch avoids the deadlocking issues in both panic and emergency_restart\npaths by introducing a function, is_non_blocking_path(), to check if a cpu\ncan be blocked in current path.\n\nWith this patch, pstore is not blocked even if another cpu has\ntaken a spin_lock, in those paths by changing from spin_lock_irqsave\nto spin_trylock_irqsave.\n\nIn addition, according to a comment of emergency_restart() in kernel/sys.c,\nspin_lock shouldn\u0027t be taken in an emergency_restart path to avoid\ndeadlock. This patch fits the comment below.\n\n\u003csnip\u003e\n/**\n *      emergency_restart - reboot the system\n *\n *      Without shutting down any hardware or taking any locks\n *      reboot the system.  This is called when we know we are in\n *      trouble so this is our best effort to reboot.  This is\n *      safe to call in interrupt context.\n */\nvoid emergency_restart(void)\n\u003csnip\u003e\n\nSigned-off-by: Seiji Aguchi \u003cseiji.aguchi@hds.com\u003e\nAcked-by: Don Zickus \u003cdzickus@redhat.com\u003e\nSigned-off-by: Tony Luck \u003ctony.luck@intel.com\u003e\nCc: CAI Qian \u003ccaiqian@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "57ef0d83d393b0f1f378a6b18a7394c62caadafa",
      "tree": "ff6a2a11496d63cad0d9a0a5a2f9ead1e894c1fb",
      "parents": [
        "146207bbadeb4578334d6e26b9b690df8aeb1a3d"
      ],
      "author": {
        "name": "Helge Deller",
        "email": "deller@gmx.de",
        "time": "Mon Feb 04 19:39:52 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Mar 04 06:06:43 2013 +0800"
      },
      "message": "unbreak automounter support on 64-bit kernel with 32-bit userspace (v2)\n\ncommit 4f4ffc3a5398ef9bdbb32db04756d7d34e356fcf upstream.\n\nautomount-support is broken on the parisc architecture, because the existing\n#if list does not include a check for defined(__hppa__). The HPPA (parisc)\narchitecture is similiar to other 64bit Linux targets where we have to define\nautofs_wqt_t (which is passed back and forth to user space) as int type which\nhas a size of 32bit across 32 and 64bit kernels.\n\nDuring the discussion on the mailing list, H. Peter Anvin suggested to invert\nthe #if list since only specific platforms (specifically those who do not have\na 32bit userspace, like IA64 and Alpha) should have autofs_wqt_t as unsigned\nlong type.\n\nThis suggestion is probably the best way to go, since Arm64 (and maybe others?)\nseems to have a non-working automounter. So in the long run even for other new\nupcoming architectures this inverted check seem to be the best solution, since\nit will not require them to change this #if again (unless they are 64bit only).\n\nSigned-off-by: Helge Deller \u003cdeller@gmx.de\u003e\nAcked-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nAcked-by: Ian Kent \u003craven@themaw.net\u003e\nAcked-by: Catalin Marinas \u003ccatalin.marinas@arm.com\u003e\nCC: James Bottomley \u003cJames.Bottomley@HansenPartnership.com\u003e\nCC: Rolf Eike Beer \u003ceike-kernel@sf-tec.de\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "db6154ead40e0a568982ec4885cfa3fa89e67324",
      "tree": "3603b25bad619e22def94ba2205afdbe8e4415bf",
      "parents": [
        "dd54ec4067a23236736afecbda120030d7ce8fe9"
      ],
      "author": {
        "name": "Theodore Ts\u0027o",
        "email": "tytso@mit.edu",
        "time": "Thu Jan 24 23:24:56 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Mar 04 06:06:37 2013 +0800"
      },
      "message": "quota: autoload the quota_v2 module for QFMT_VFS_V1 quota format\n\ncommit c3ad83d9efdfe6a86efd44945a781f00c879b7b4 upstream.\n\nOtherwise, ext4 file systems with the quota featured enable will get a\nvery confusing \"No such process\" error message if the quota code is\nbuilt as a module and the quota_v2 module has not been loaded.\n\nSigned-off-by: \"Theodore Ts\u0027o\" \u003ctytso@mit.edu\u003e\nReviewed-by: Carlos Maiolino \u003ccmaiolino@redhat.com\u003e\nAcked-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "b9bf60ac3e3779d4ffa03daceebf59df7b46c224",
      "tree": "92b29a20a04ca4aab9b8cf52fd4b3b99371add87",
      "parents": [
        "8c2223fc19032e7b8761e46c15e1ed167a252285"
      ],
      "author": {
        "name": "Cong Wang",
        "email": "amwang@redhat.com",
        "time": "Thu Feb 21 23:32:27 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:06 2013 -0800"
      },
      "message": "vlan: adjust vlan_set_encap_proto() for its callers\n\n[ Upstream commit da8c87241c26aac81a64c7e4d21d438a33018f4e ]\n\nThere are two places to call vlan_set_encap_proto():\nvlan_untag() and __pop_vlan_tci().\n\nvlan_untag() assumes skb-\u003edata points after mac addr, otherwise\nthe following code\n\n        vhdr \u003d (struct vlan_hdr *) skb-\u003edata;\n        vlan_tci \u003d ntohs(vhdr-\u003eh_vlan_TCI);\n        __vlan_hwaccel_put_tag(skb, vlan_tci);\n\n        skb_pull_rcsum(skb, VLAN_HLEN);\n\nwon\u0027t be correct. But __pop_vlan_tci() assumes points _before_\nmac addr.\n\nIn vlan_set_encap_proto(), it looks for some magic L2 value\nafter mac addr:\n\n        rawp \u003d skb-\u003edata;\n        if (*(unsigned short *) rawp \u003d\u003d 0xFFFF)\n\t...\n\nTherefore __pop_vlan_tci() is obviously wrong.\n\nA quick fix is avoiding using skb-\u003edata in vlan_set_encap_proto(),\nuse \u0027vhdr+1\u0027 is always correct in both cases.\n\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nCc: Jesse Gross \u003cjesse@nicira.com\u003e\nAcked-by: Jesse Gross \u003cjesse@nicira.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "e5a096aa0aeb1fc8ad8b3d6bd70d322a0d65edc4",
      "tree": "d5055028b4ac0b56b49b6d65237038c5c7f46778",
      "parents": [
        "785e5dce256ea5bdf4871af13f9908b74264b515"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Thu Feb 21 12:18:52 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:06 2013 -0800"
      },
      "message": "ipv6: use a stronger hash for tcp\n\n[ Upstream commit 08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664 ]\n\nIt looks like its possible to open thousands of TCP IPv6\nsessions on a server, all landing in a single slot of TCP hash\ntable. Incoming packets have to lookup sockets in a very\nlong list.\n\nWe should hash all bits from foreign IPv6 addresses, using\na salt and hash mix, not a simple XOR.\n\ninet6_ehashfn() can also separately use the ports, instead\nof xoring them.\n\nReported-by: Neal Cardwell \u003cncardwell@google.com\u003e\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: Yuchung Cheng \u003cycheng@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "1e6b5fb5ce92028f6c87864712ed7290446a4c11",
      "tree": "0426fe2c4e1f79732c2957659a0adc6e4476cdcb",
      "parents": [
        "29b3bb0be43fea0a49e5235894e1dcbc0ac299dc"
      ],
      "author": {
        "name": "Ying Xue",
        "email": "ying.xue@windriver.com",
        "time": "Fri Feb 15 22:28:25 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:06 2013 -0800"
      },
      "message": "net: fix a compile error when SOCK_REFCNT_DEBUG is enabled\n\n[ Upstream commit dec34fb0f5b7873de45132a84a3af29e61084a6b ]\n\nWhen SOCK_REFCNT_DEBUG is enabled, below build error is met:\n\nkernel/sysctl_binary.o: In function `sk_refcnt_debug_release\u0027:\ninclude/net/sock.h:1025: multiple definition of `sk_refcnt_debug_release\u0027\nkernel/sysctl.o:include/net/sock.h:1025: first defined here\nkernel/audit.o: In function `sk_refcnt_debug_release\u0027:\ninclude/net/sock.h:1025: multiple definition of `sk_refcnt_debug_release\u0027\nkernel/sysctl.o:include/net/sock.h:1025: first defined here\nmake[1]: *** [kernel/built-in.o] Error 1\nmake: *** [kernel] Error 2\n\nSo we decide to make sk_refcnt_debug_release static to eliminate\nthe error.\n\nSigned-off-by: Ying Xue \u003cying.xue@windriver.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "f515e1d59602f8eafaad39b6842bd823ad34654e",
      "tree": "48d183d9d59e79c35719953ef85b489641f4e598",
      "parents": [
        "c30b55c385288be48f7accd16a6929ad4d983311"
      ],
      "author": {
        "name": "Takashi Iwai",
        "email": "tiwai@suse.de",
        "time": "Fri Jan 25 10:28:18 2013 +1000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:05 2013 -0800"
      },
      "message": "fb: Yet another band-aid for fixing lockdep mess\n\ncommit e93a9a868792ad71cdd09d75e5a02d8067473c4e upstream.\n\nI\u0027ve still got lockdep warnings even after Alan\u0027s patch, and it seems that\nyet more band aids are required to paper over similar paths for\nunbind_con_driver() and unregister_con_driver().  After this hack, lockdep\nwarnings are finally gone.\n\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nCc: Alan Cox \u003calan@linux.intel.com\u003e\nCc: Florian Tobias Schandinat \u003cFlorianSchandinat@gmx.de\u003e\nCc: Jiri Kosina \u003cjkosina@suse.cz\u003e\nTested-by: Sedat Dilek \u003csedat.dilek@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Dave Airlie \u003cairlied@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "c30b55c385288be48f7accd16a6929ad4d983311",
      "tree": "1588731963ecab2c47c3999d7691a095ab591d0e",
      "parents": [
        "62a3dcc78d04dcd84276eaa7a40dec1066054532"
      ],
      "author": {
        "name": "Alan Cox",
        "email": "alan@linux.intel.com",
        "time": "Fri Jan 25 10:28:15 2013 +1000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:05 2013 -0800"
      },
      "message": "fb: rework locking to fix lock ordering on takeover\n\ncommit 50e244cc793d511b86adea24972f3a7264cae114 upstream.\n\nAdjust the console layer to allow a take over call where the caller\nalready holds the locks.  Make the fb layer lock in order.\n\nThis is partly a band aid, the fb layer is terminally confused about the\nlocking rules it uses for its notifiers it seems.\n\n[akpm@linux-foundation.org: remove stray non-ascii char, tidy comment]\n[akpm@linux-foundation.org: export do_take_over_console()]\n[airlied: cleanup another non-ascii char]\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nCc: Florian Tobias Schandinat \u003cFlorianSchandinat@gmx.de\u003e\nCc: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nCc: Jiri Kosina \u003cjkosina@suse.cz\u003e\nTested-by: Sedat Dilek \u003csedat.dilek@gmail.com\u003e\nReviewed-by: Daniel Vetter \u003cdaniel.vetter@ffwll.ch\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Dave Airlie \u003cairlied@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "df28f4890263a0540b395402b43b57f047ccf7d5",
      "tree": "4b8430b47afc77c27f42b094ddebd03b93982974",
      "parents": [
        "ae4c05e0232e869cf2418ac6c0c862bb5287d672"
      ],
      "author": {
        "name": "Dave Airlie",
        "email": "airlied@redhat.com",
        "time": "Thu Jan 24 14:14:19 2013 +1000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:03 2013 -0800"
      },
      "message": "vgacon/vt: clear buffer attributes when we load a 512 character font (v2)\n\ncommit 2a2483072393b27f4336ab068a1f48ca19ff1c1e upstream.\n\nWhen we switch from 256-\u003e512 byte font rendering mode, it means the\ncurrent contents of the screen is being reinterpreted. The bit that holds\nthe high bit of the 9-bit font, may have been previously set, and thus\nthe new font misrenders.\n\nThe problem case we see is grub2 writes spaces with the bit set, so it\nends up with data like 0x820, which gets reinterpreted into 0x120 char\nwhich the font translates into G with a circumflex. This flashes up on\nscreen at boot and is quite ugly.\n\nA current side effect of this patch though is that any rendering on the\nscreen changes color to a slightly darker color, but at least the screen\nno longer corrupts.\n\nv2: as suggested by hpa, always clear the attribute space, whether we\nare are going to or from 512 chars.\n\nSigned-off-by: Dave Airlie \u003cairlied@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "e32afc122e3a808944a9f7af5612bf2a3cbea89a",
      "tree": "8718795508df5c4fa7fa206900fc918b50cdd294",
      "parents": [
        "e3fc3cb2a03623b48250dd3a12378a42d276f20e"
      ],
      "author": {
        "name": "Pawel Moll",
        "email": "mail@pawelmoll.com",
        "time": "Thu Feb 21 01:55:50 2013 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:02 2013 -0800"
      },
      "message": "ALSA: usb: Fix Processing Unit Descriptor parsers\n\ncommit b531f81b0d70ffbe8d70500512483227cc532608 upstream.\n\nCommit 99fc86450c439039d2ef88d06b222fd51a779176 \"ALSA: usb-mixer:\nparse descriptors with structs\" introduced a set of useful parsers\nfor descriptors. Unfortunately the parses for the Processing Unit\nDescriptor came with a very subtle bug...\n\nFunctions uac_processing_unit_iProcessing() and\nuac_processing_unit_specific() were indexing the baSourceID array\nforgetting the fields before the iProcessing and process-specific\ndescriptors.\n\nThe problem was observed with Sound Blaster Extigy mixer,\nwhere nNrModes in Up/Down-mix Processing Unit Descriptor\nwas accessed at offset 10 of the descriptor (value 0)\ninstead of offset 15 (value 7). In result the resulting\ncontrol had interesting limit values:\n\nSimple mixer control \u0027Channel Routing Mode Select\u0027,0\n  Capabilities: volume volume-joined penum\n  Playback channels: Mono\n  Capture channels: Mono\n  Limits: 0 - -1\n  Mono: -1 [100%]\n\nFixed by starting from the bmControls, which was calculated\ncorrectly, instead of baSourceID.\n\nNow the mentioned control is fine:\n\nSimple mixer control \u0027Channel Routing Mode Select\u0027,0\n  Capabilities: volume volume-joined penum\n  Playback channels: Mono\n  Capture channels: Mono\n  Limits: 0 - 6\n  Mono: 0 [0%]\n\nSigned-off-by: Pawel Moll \u003cmail@pawelmoll.com\u003e\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "4209ee0d3f7992af3903b5f9a3359f6d2f597c4b",
      "tree": "5009887555ccf68907acf7ff9b14c9acfed6ee00",
      "parents": [
        "362efcc9b0ba020f9124c70c56381ed64491aeca"
      ],
      "author": {
        "name": "Sagi Grimberg",
        "email": "sagig@mellanox.co.il",
        "time": "Mon Oct 08 16:29:24 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 28 06:59:00 2013 -0800"
      },
      "message": "mm: mmu_notifier: have mmu_notifiers use a global SRCU so they may safely schedule\n\ncommit 21a92735f660eaecf69a6f2e777f18463760ec32 upstream.\n\nWith an RCU based mmu_notifier implementation, any callout to\nmmu_notifier_invalidate_range_{start,end}() or\nmmu_notifier_invalidate_page() would not be allowed to call schedule()\nas that could potentially allow a modification to the mmu_notifier\nstructure while it is currently being used.\n\nSince srcu allocs 4 machine words per instance per cpu, we may end up\nwith memory exhaustion if we use srcu per mm.  So all mms share a global\nsrcu.  Note that during large mmu_notifier activity exit \u0026 unregister\npaths might hang for longer periods, but it is tolerable for current\nmmu_notifier clients.\n\nSigned-off-by: Sagi Grimberg \u003csagig@mellanox.co.il\u003e\nSigned-off-by: Andrea Arcangeli \u003caarcange@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Haggai Eran \u003chaggaie@mellanox.com\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "ce0030c00f95cf9110d9cdcd41e901e1fb814417",
      "tree": "40b124b99205bd469ed156b682d7f0f4e5726e5a",
      "parents": [
        "9ad3bfb9e26197c378d6c239180ed7bcf7c29fd8"
      ],
      "author": {
        "name": "Alexandre SIMON",
        "email": "Alexandre.Simon@univ-lorraine.fr",
        "time": "Fri Feb 01 15:31:54 2013 +0100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 21 10:04:57 2013 -0800"
      },
      "message": "printk: fix buffer overflow when calling log_prefix function from call_console_drivers\n\nThis patch corrects a buffer overflow in kernels from 3.0 to 3.4 when calling\nlog_prefix() function from call_console_drivers().\n\nThis bug existed in previous releases but has been revealed with commit\n162a7e7500f9664636e649ba59defe541b7c2c60 (2.6.39 \u003d\u003e 3.0) that made changes\nabout how to allocate memory for early printk buffer (use of memblock_alloc).\nIt disappears with commit 7ff9554bb578ba02166071d2d487b7fc7d860d62 (3.4 \u003d\u003e 3.5)\nthat does a refactoring of printk buffer management.\n\nIn log_prefix(), the access to \"p[0]\", \"p[1]\", \"p[2]\" or\n\"simple_strtoul(\u0026p[1], \u0026endp, 10)\" may cause a buffer overflow as this\nfunction is called from call_console_drivers by passing \"\u0026LOG_BUF(cur_index)\"\nwhere the index must be masked to do not exceed the buffer\u0027s boundary.\n\nThe trick is to prepare in call_console_drivers() a buffer with the necessary\ndata (PRI field of syslog message) to be safely evaluated in log_prefix().\n\nThis patch can be applied to stable kernel branches 3.0.y, 3.2.y and 3.4.y.\n\nWithout this patch, one can freeze a server running this loop from shell :\n  $ export DUMMY\u003d`cat /dev/urandom | tr -dc \u002712345AZERTYUIOPQSDFGHJKLMWXCVBNazertyuiopqsdfghjklmwxcvbn\u0027 | head -c255`\n  $ while true do ; echo $DUMMY \u003e /dev/kmsg ; done\n\nThe \"server freeze\" depends on where memblock_alloc does allocate printk buffer :\nif the buffer overflow is inside another kernel allocation the problem may not\nbe revealed, else the server may hangs up.\n\nSigned-off-by: Alexandre SIMON \u003cAlexandre.Simon@univ-lorraine.fr\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "739230186fa9d6999f88c53f0cb6d07ed4234fb0",
      "tree": "38a80e1d83573df8e365b95d66ddd961c3abed4c",
      "parents": [
        "a256a4c2001293548f0851b66ea8f39b704bac72"
      ],
      "author": {
        "name": "Matt Fleming",
        "email": "matt.fleming@intel.com",
        "time": "Wed Nov 14 09:42:35 2012 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 14 10:48:53 2013 -0800"
      },
      "message": "efi: Make \u0027efi_enabled\u0027 a function to query EFI facilities\n\ncommit 83e68189745ad931c2afd45d8ee3303929233e7f upstream.\n\nOriginally \u0027efi_enabled\u0027 indicated whether a kernel was booted from\nEFI firmware. Over time its semantics have changed, and it now\nindicates whether or not we are booted on an EFI machine with\nbit-native firmware, e.g. 64-bit kernel with 64-bit firmware.\n\nThe immediate motivation for this patch is the bug report at,\n\n    https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557\n\nwhich details how running a platform driver on an EFI machine that is\ndesigned to run under BIOS can cause the machine to become\nbricked. Also, the following report,\n\n    https://bugzilla.kernel.org/show_bug.cgi?id\u003d47121\n\ndetails how running said driver can also cause Machine Check\nExceptions. Drivers need a new means of detecting whether they\u0027re\nrunning on an EFI machine, as sadly the expression,\n\n    if (!efi_enabled)\n\nhasn\u0027t been a sufficient condition for quite some time.\n\nUsers actually want to query \u0027efi_enabled\u0027 for different reasons -\nwhat they really want access to is the list of available EFI\nfacilities.\n\nFor instance, the x86 reboot code needs to know whether it can invoke\nthe ResetSystem() function provided by the EFI runtime services, while\nthe ACPI OSL code wants to know whether the EFI config tables were\nmapped successfully. There are also checks in some of the platform\ndriver code to simply see if they\u0027re running on an EFI machine (which\nwould make it a bad idea to do BIOS-y things).\n\nThis patch is a prereq for the samsung-laptop fix patch.\n\nSigned-off-by: Matt Fleming \u003cmatt.fleming@intel.com\u003e\nCc: David Airlie \u003cairlied@linux.ie\u003e\nCc: Corentin Chary \u003ccorentincj@iksaif.net\u003e\nCc: Matthew Garrett \u003cmjg59@srcf.ucam.org\u003e\nCc: Dave Jiang \u003cdave.jiang@intel.com\u003e\nCc: Olof Johansson \u003colof@lixom.net\u003e\nCc: Peter Jones \u003cpjones@redhat.com\u003e\nCc: Colin Ian King \u003ccolin.king@canonical.com\u003e\nCc: Steve Langasek \u003csteve.langasek@canonical.com\u003e\nCc: Tony Luck \u003ctony.luck@intel.com\u003e\nCc: Konrad Rzeszutek Wilk \u003ckonrad@kernel.org\u003e\nCc: Rafael J. Wysocki \u003crjw@sisk.pl\u003e\nSigned-off-by: H. Peter Anvin \u003chpa@linux.intel.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "7ad8ac9444d54af92c61c2fa7d02cbf96c990bc5",
      "tree": "3b9dea5b19ce92dba02b46f35ad35d6b7b896514",
      "parents": [
        "5b70af1c0b0088151a1e7a8917527e190ddd76d7"
      ],
      "author": {
        "name": "Lan Tianyu",
        "email": "tianyu.lan@intel.com",
        "time": "Thu Jan 24 10:31:28 2013 +0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Feb 11 08:47:20 2013 -0800"
      },
      "message": "usb: Using correct way to clear usb3.0 device\u0027s remote wakeup feature.\n\ncommit 54a3ac0c9e5b7213daa358ce74d154352657353a upstream.\n\nUsb3.0 device defines function remote wakeup which is only for interface\nrecipient rather than device recipient. This is different with usb2.0 device\u0027s\nremote wakeup feature which is defined for device recipient. According usb3.0\nspec 9.4.5, the function remote wakeup can be modified by the SetFeature()\nrequests using the FUNCTION_SUSPEND feature selector. This patch is to use\ncorrect way to disable usb3.0 device\u0027s function remote wakeup after suspend\nerror and resuming.\n\nThis should be backported to kernels as old as 3.4, that contain the\ncommit 623bef9e03a60adc623b09673297ca7a1cdfb367 \"USB/xhci: Enable remote\nwakeup for USB3 devices.\"\n\nSigned-off-by: Lan Tianyu \u003ctianyu.lan@intel.com\u003e\nSigned-off-by: Sarah Sharp \u003csarah.a.sharp@linux.intel.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "b08d81801e151fbcefa81a551eadf2beff554752",
      "tree": "0a4c2ea3acdf76c7ac6aa1c8d675314e04d42f1f",
      "parents": [
        "9c5f1b49341154b579851425dabb32cb3aa9b5db"
      ],
      "author": {
        "name": "Oleg Nesterov",
        "email": "oleg@redhat.com",
        "time": "Mon Jan 21 20:47:41 2013 +0100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Jan 27 20:47:43 2013 -0800"
      },
      "message": "ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()\n\ncommit 910ffdb18a6408e14febbb6e4b6840fd2c928c82 upstream.\n\nCleanup and preparation for the next change.\n\nsignal_wake_up(resume \u003d\u003e true) is overused. None of ptrace/jctl callers\nactually want to wakeup a TASK_WAKEKILL task, but they can\u0027t specify the\nnecessary mask.\n\nTurn signal_wake_up() into signal_wake_up_state(state), reintroduce\nsignal_wake_up() as a trivial helper, and add ptrace_signal_wake_up()\nwhich adds __TASK_TRACED.\n\nThis way ptrace_signal_wake_up() can work \"inside\" ptrace_request()\neven if the tracee doesn\u0027t have the TASK_WAKEKILL bit set.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "92a7389317838f3338466df0c0e3d23ad33cb1f4",
      "tree": "6ccd124313aa8d7abbf16fd5aab09af8d80b8acb",
      "parents": [
        "ced8dfbc6b44c7b14204a13ff95f22bdee52578f"
      ],
      "author": {
        "name": "Nicholas Bellinger",
        "email": "nab@linux-iscsi.org",
        "time": "Tue Dec 04 23:43:57 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Jan 21 11:45:24 2013 -0800"
      },
      "message": "target: Add link_magic for fabric allow_link destination target_items\n\ncommit 0ff8754981261a80f4b77db2536dfea92c2d4539 upstream.\n\nThis patch adds [dev,lun]_link_magic value assignment + checks within generic\ntarget_fabric_port_link() and target_fabric_mappedlun_link() code to ensure\ndestination config_item *target_item sent from configfs_symlink() -\u003e\nconfig_item_operations-\u003eallow_link() is the underlying se_device-\u003edev_group\nand se_lun-\u003elun_group that we expect to symlink.\n\nReported-by: Sebastian Andrzej Siewior \u003cbigeasy@linutronix.de\u003e\nCc: Sebastian Andrzej Siewior \u003cbigeasy@linutronix.de\u003e\nSigned-off-by: Nicholas Bellinger \u003cnab@linux-iscsi.org\u003e\nSigned-off-by: CAI Qian \u003ccaiqian@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "31c46473d6a31ac1948c189624b472f26a6365e9",
      "tree": "63c5f7fee9abeb70822af493e281ed331f0ebc13",
      "parents": [
        "87c7f759d1546a27d46d8cc2778ffecaa5f542c6"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Wed Nov 28 12:28:24 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jan 17 08:51:20 2013 -0800"
      },
      "message": "libceph: remove \u0027osdtimeout\u0027 option\n\nThis would reset a connection with any OSD that had an outstanding\nrequest that was taking more than N seconds.  The idea was that if the\nOSD was buggy, the client could compensate by resending the request.\n\nIn reality, this only served to hide server bugs, and we haven\u0027t\nactually seen such a bug in quite a while.  Moreover, the userspace\nclient code never did this.\n\nMore importantly, often the request is taking a long time because the\nOSD is trying to recover, or overloaded, and killing the connection\nand retrying would only make the situation worse by giving the OSD\nmore work to do.\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nReviewed-by: Alex Elder \u003celder@inktank.com\u003e\n(cherry picked from commit 83aff95eb9d60aff5497e9f44a2ae906b86d8e88)\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "b14d552774ed848ca1ca94d8adedcd743e3aa671",
      "tree": "36e3c23c3b3a2923a95b01583a48a31fccafff40",
      "parents": [
        "e0996e350216f727b0f0e6219e79c8da5b3d1416"
      ],
      "author": {
        "name": "Michal Hocko",
        "email": "mhocko@suse.cz",
        "time": "Fri Jan 04 15:35:12 2013 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:07:18 2013 -0800"
      },
      "message": "mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT\n\ncommit 53a59fc67f97374758e63a9c785891ec62324c81 upstream.\n\nSince commit e303297e6c3a (\"mm: extended batches for generic\nmmu_gather\") we are batching pages to be freed until either\ntlb_next_batch cannot allocate a new batch or we are done.\n\nThis works just fine most of the time but we can get in troubles with\nnon-preemptible kernel (CONFIG_PREEMPT_NONE or CONFIG_PREEMPT_VOLUNTARY)\non large machines where too aggressive batching might lead to soft\nlockups during process exit path (exit_mmap) because there are no\nscheduling points down the free_pages_and_swap_cache path and so the\nfreeing can take long enough to trigger the soft lockup.\n\nThe lockup is harmless except when the system is setup to panic on\nsoftlockup which is not that unusual.\n\nThe simplest way to work around this issue is to limit the maximum\nnumber of batches in a single mmu_gather.  10k of collected pages should\nbe safe to prevent from soft lockups (we would have 2ms for one) even if\nthey are all freed without an explicit scheduling point.\n\nThis patch doesn\u0027t add any new explicit scheduling points because it\nrelies on zap_pmd_range during page tables zapping which calls\ncond_resched per PMD.\n\nThe following lockup has been reported for 3.0 kernel with a huge\nprocess (in order of hundreds gigs but I do know any more details).\n\n  BUG: soft lockup - CPU#56 stuck for 22s! [kernel:31053]\n  Modules linked in: af_packet nfs lockd fscache auth_rpcgss nfs_acl sunrpc mptctl mptbase autofs4 binfmt_misc dm_round_robin dm_multipath bonding cpufreq_conservative cpufreq_userspace cpufreq_powersave pcc_cpufreq mperf microcode fuse loop osst sg sd_mod crc_t10dif st qla2xxx scsi_transport_fc scsi_tgt netxen_nic i7core_edac iTCO_wdt joydev e1000e serio_raw pcspkr edac_core iTCO_vendor_support acpi_power_meter rtc_cmos hpwdt hpilo button container usbhid hid dm_mirror dm_region_hash dm_log linear uhci_hcd ehci_hcd usbcore usb_common scsi_dh_emc scsi_dh_alua scsi_dh_hp_sw scsi_dh_rdac scsi_dh dm_snapshot pcnet32 mii edd dm_mod raid1 ext3 mbcache jbd fan thermal processor thermal_sys hwmon cciss scsi_mod\n  Supported: Yes\n  CPU 56\n  Pid: 31053, comm: kernel Not tainted 3.0.31-0.9-default #1 HP ProLiant DL580 G7\n  RIP: 0010:  _raw_spin_unlock_irqrestore+0x8/0x10\n  RSP: 0018:ffff883ec1037af0  EFLAGS: 00000206\n  RAX: 0000000000000e00 RBX: ffffea01a0817e28 RCX: ffff88803ffd9e80\n  RDX: 0000000000000200 RSI: 0000000000000206 RDI: 0000000000000206\n  RBP: 0000000000000002 R08: 0000000000000001 R09: ffff887ec724a400\n  R10: 0000000000000000 R11: dead000000200200 R12: ffffffff8144c26e\n  R13: 0000000000000030 R14: 0000000000000297 R15: 000000000000000e\n  FS:  00007ed834282700(0000) GS:ffff88c03f200000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b\n  CR2: 000000000068b240 CR3: 0000003ec13c5000 CR4: 00000000000006e0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n  Process kernel (pid: 31053, threadinfo ffff883ec1036000, task ffff883ebd5d4100)\n  Call Trace:\n    release_pages+0xc5/0x260\n    free_pages_and_swap_cache+0x9d/0xc0\n    tlb_flush_mmu+0x5c/0x80\n    tlb_finish_mmu+0xe/0x50\n    exit_mmap+0xbd/0x120\n    mmput+0x49/0x120\n    exit_mm+0x122/0x160\n    do_exit+0x17a/0x430\n    do_group_exit+0x3d/0xb0\n    get_signal_to_deliver+0x247/0x480\n    do_signal+0x71/0x1b0\n    do_notify_resume+0x98/0xb0\n    int_signal+0x12/0x17\n  DWARF2 unwinder stuck at int_signal+0x12/0x17\n\nSigned-off-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nCc: Mel Gorman \u003cmgorman@suse.de\u003e\nCc: Rik van Riel \u003criel@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "7164ac211086207dc371e3b32165226e28e2dcfa",
      "tree": "e7dc397786bda21d8476ce0174433a34c5b99bee",
      "parents": [
        "fdbe6fecef94b6171de7a2ccfe543a694c9c41bc"
      ],
      "author": {
        "name": "Andy Lutomirski",
        "email": "luto@amacapital.net",
        "time": "Sat Dec 01 12:37:20 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:07:16 2013 -0800"
      },
      "message": "PCI: Reduce Ricoh 0xe822 SD card reader base clock frequency to 50MHz\n\ncommit 812089e01b9f65f90fc8fc670d8cce72a0e01fbb upstream.\n\nOtherwise it fails like this on cards like the Transcend 16GB SDHC card:\n\n    mmc0: new SDHC card at address b368\n    mmcblk0: mmc0:b368 SDC   15.0 GiB\n    mmcblk0: error -110 sending status command, retrying\n    mmcblk0: error -84 transferring data, sector 0, nr 8, cmd response 0x900, card status 0xb0\n\nTested on my Lenovo x200 laptop.\n\n[bhelgaas: changelog]\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Bjorn Helgaas \u003cbhelgaas@google.com\u003e\nAcked-by: Chris Ball \u003ccjb@laptop.org\u003e\nCC: Manoj Iyer \u003cmanoj.iyer@canonical.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "d21383fcbb535f90b429279852988d675ed22d67",
      "tree": "7f395982de610bfc355082ae351deb01a19a5060",
      "parents": [
        "34fb350281ced2a72707a5c0064f69992d440edb"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Tue Jul 17 01:41:30 2012 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:07:15 2013 -0800"
      },
      "message": "tcp: implement RFC 5961 4.2\n\n[ Upstream commit 0c24604b68fc7810d429d6c3657b6f148270e528 ]\n\nImplement the RFC 5691 mitigation against Blind\nReset attack using SYN bit.\n\nSection 4.2 of RFC 5961 advises to send a Challenge ACK and drop\nincoming packet, instead of resetting the session.\n\nAdd a new SNMP counter to count number of challenge acks sent\nin response to SYN packets.\n(netstat -s | grep TCPSYNChallenge)\n\nRemove obsolete TCPAbortOnSyn, since we no longer abort a TCP session\nbecause of a SYN flag.\n\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: Kiran Kumar Kella \u003ckkiran@broadcom.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "34fb350281ced2a72707a5c0064f69992d440edb",
      "tree": "91f806c64e65601adf09564a83b4c44f4db080be",
      "parents": [
        "c87b45599a4e0d8741abeb85d1d8d5f0c1fb13be"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Tue Jul 17 10:13:05 2012 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:07:14 2013 -0800"
      },
      "message": "tcp: implement RFC 5961 3.2\n\n[ Upstream commit 282f23c6ee343126156dd41218b22ece96d747e3 ]\n\nImplement the RFC 5691 mitigation against Blind\nReset attack using RST bit.\n\nIdea is to validate incoming RST sequence,\nto match RCV.NXT value, instead of previouly accepted\nwindow : (RCV.NXT \u003c\u003d SEG.SEQ \u003c RCV.NXT+RCV.WND)\n\nIf sequence is in window but not an exact match, send\na \"challenge ACK\", so that the other part can resend an\nRST with the appropriate sequence.\n\nAdd a new sysctl, tcp_challenge_ack_limit, to limit\nnumber of challenge ACK sent per second.\n\nAdd a new SNMP counter to count number of challenge acks sent.\n(netstat -s | grep TCPChallengeACK)\n\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: Kiran Kumar Kella \u003ckkiran@broadcom.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "d46699a94ddf2dd4d83e986a759b64981b37fc5b",
      "tree": "c2de686ba7429ce5ac341c97ccdf673374c3f1be",
      "parents": [
        "6eec2413cb320bdd0139ba0db3888d27f746ea2b"
      ],
      "author": {
        "name": "Christoph Paasch",
        "email": "christoph.paasch@uclouvain.be",
        "time": "Fri Dec 14 04:07:58 2012 +0000"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:07:14 2013 -0800"
      },
      "message": "inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock\n\n[ Upstream commit e337e24d6624e74a558aa69071e112a65f7b5758 ]\n\nIf in either of the above functions inet_csk_route_child_sock() or\n__inet_inherit_port() fails, the newsk will not be freed:\n\nunreferenced object 0xffff88022e8a92c0 (size 1592):\n  comm \"softirq\", pid 0, jiffies 4294946244 (age 726.160s)\n  hex dump (first 32 bytes):\n    0a 01 01 01 0a 01 01 02 00 00 00 00 a7 cc 16 00  ................\n    02 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffff8153d190\u003e] kmemleak_alloc+0x21/0x3e\n    [\u003cffffffff810ab3e7\u003e] kmem_cache_alloc+0xb5/0xc5\n    [\u003cffffffff8149b65b\u003e] sk_prot_alloc.isra.53+0x2b/0xcd\n    [\u003cffffffff8149b784\u003e] sk_clone_lock+0x16/0x21e\n    [\u003cffffffff814d711a\u003e] inet_csk_clone_lock+0x10/0x7b\n    [\u003cffffffff814ebbc3\u003e] tcp_create_openreq_child+0x21/0x481\n    [\u003cffffffff814e8fa5\u003e] tcp_v4_syn_recv_sock+0x3a/0x23b\n    [\u003cffffffff814ec5ba\u003e] tcp_check_req+0x29f/0x416\n    [\u003cffffffff814e8e10\u003e] tcp_v4_do_rcv+0x161/0x2bc\n    [\u003cffffffff814eb917\u003e] tcp_v4_rcv+0x6c9/0x701\n    [\u003cffffffff814cea9f\u003e] ip_local_deliver_finish+0x70/0xc4\n    [\u003cffffffff814cec20\u003e] ip_local_deliver+0x4e/0x7f\n    [\u003cffffffff814ce9f8\u003e] ip_rcv_finish+0x1fc/0x233\n    [\u003cffffffff814cee68\u003e] ip_rcv+0x217/0x267\n    [\u003cffffffff814a7bbe\u003e] __netif_receive_skb+0x49e/0x553\n    [\u003cffffffff814a7cc3\u003e] netif_receive_skb+0x50/0x82\n\nThis happens, because sk_clone_lock initializes sk_refcnt to 2, and thus\na single sock_put() is not enough to free the memory. Additionally, things\nlike xfrm, memcg, cookie_values,... may have been initialized.\nWe have to free them properly.\n\nThis is fixed by forcing a call to tcp_done(), ending up in\ninet_csk_destroy_sock, doing the final sock_put(). tcp_done() is necessary,\nbecause it ends up doing all the cleanup on xfrm, memcg, cookie_values,\nxfrm,...\n\nBefore calling tcp_done, we have to set the socket to SOCK_DEAD, to\nforce it entering inet_csk_destroy_sock. To avoid the warning in\ninet_csk_destroy_sock, inet_num has to be set to 0.\nAs inet_csk_destroy_sock does a dec on orphan_count, we first have to\nincrease it.\n\nCalling tcp_done() allows us to remove the calls to\ntcp_clear_xmit_timer() and tcp_cleanup_congestion_control().\n\nA similar approach is taken for dccp by calling dccp_done().\n\nThis is in the kernel since 093d282321 (tproxy: fix hash locking issue\nwhen using port redirection in __inet_inherit_port()), thus since\nversion \u003e\u003d 2.6.37.\n\nSigned-off-by: Christoph Paasch \u003cchristoph.paasch@uclouvain.be\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "cd924e960d3c2ae1654109b5b9e88cec334f7126",
      "tree": "ed7bec78c3e2930df0c86d44aae32d2c4dddb23f",
      "parents": [
        "475261dbbf5d85e1a298886385d859ada787ae1f"
      ],
      "author": {
        "name": "Tejun Heo",
        "email": "tj@kernel.org",
        "time": "Tue Oct 16 15:03:14 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:06:58 2013 -0800"
      },
      "message": "freezer: add missing mb\u0027s to freezer_count() and freezer_should_skip()\n\ncommit dd67d32dbc5de299d70cc9e10c6c1e29ffa56b92 upstream.\n\nA task is considered frozen enough between freezer_do_not_count() and\nfreezer_count() and freezers use freezer_should_skip() to test this\ncondition.  This supposedly works because freezer_count() always calls\ntry_to_freezer() after clearing %PF_FREEZER_SKIP.\n\nHowever, there currently is nothing which guarantees that\nfreezer_count() sees %true freezing() after clearing %PF_FREEZER_SKIP\nwhen freezing is in progress, and vice-versa.  A task can escape the\nfreezing condition in effect by freezer_count() seeing !freezing() and\nfreezer_should_skip() seeing %PF_FREEZER_SKIP.\n\nThis patch adds smp_mb()\u0027s to freezer_count() and\nfreezer_should_skip() such that either %true freezing() is visible to\nfreezer_count() or !PF_FREEZER_SKIP is visible to\nfreezer_should_skip().\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Rafael J. Wysocki \u003crjw@sisk.pl\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "25747cc45825ffc0192779a224d3bb9bc4b9edbd",
      "tree": "eec6ef8ba6fcf4b5177efa110be793568dd8de02",
      "parents": [
        "711cf004f2148f1d1967bc5eca025019e5001212"
      ],
      "author": {
        "name": "Christoffer Dall",
        "email": "cdall@cs.columbia.edu",
        "time": "Fri Dec 21 13:03:50 2012 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:06:48 2013 -0800"
      },
      "message": "mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED\n\ncommit ad4b3fb7ff9940bcdb1e4cd62bd189d10fa636ba upstream.\n\nUnfortunately with !CONFIG_PAGEFLAGS_EXTENDED, (!PageHead) is false, and\n(PageHead) is true, for tail pages.  If this is indeed the intended\nbehavior, which I doubt because it breaks cache cleaning on some ARM\nsystems, then the nomenclature is highly problematic.\n\nThis patch makes sure PageHead is only true for head pages and PageTail\nis only true for tail pages, and neither is true for non-compound pages.\n\n[ This buglet seems ancient - seems to have been introduced back in Apr\n  2008 in commit 6a1e7f777f61: \"pageflags: convert to the use of new\n  macros\".  And the reason nobody noticed is because the PageHead()\n  tests are almost all about just sanity-checking, and only used on\n  pages that are actual page heads.  The fact that the old code returned\n  true for tail pages too was thus not really noticeable.   - Linus ]\n\nSigned-off-by: Christoffer Dall \u003ccdall@cs.columbia.edu\u003e\nAcked-by:  Andrea Arcangeli \u003caarcange@redhat.com\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nCc: Will Deacon \u003cWill.Deacon@arm.com\u003e\nCc: Steve Capper \u003cSteve.Capper@arm.com\u003e\nCc: Christoph Lameter \u003ccl@linux.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "7361a9019ff8d45dc835f987ccefbbeb4f560f09",
      "tree": "3744f41659abc558471e7c5ce040b230486f070e",
      "parents": [
        "5a76bf41fe85c0ebdf4fe1fcdf729697b11a5338"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Thu Dec 20 15:05:16 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jan 11 09:06:30 2013 -0800"
      },
      "message": "exec: do not leave bprm-\u003einterp on stack\n\ncommit b66c5984017533316fd1951770302649baf1aa33 upstream.\n\nIf a series of scripts are executed, each triggering module loading via\nunprintable bytes in the script header, kernel stack contents can leak\ninto the command line.\n\nNormally execution of binfmt_script and binfmt_misc happens recursively.\nHowever, when modules are enabled, and unprintable bytes exist in the\nbprm-\u003ebuf, execution will restart after attempting to load matching\nbinfmt modules.  Unfortunately, the logic in binfmt_script and\nbinfmt_misc does not expect to get restarted.  They leave bprm-\u003einterp\npointing to their local stack.  This means on restart bprm-\u003einterp is\nleft pointing into unused stack memory which can then be copied into the\nuserspace argv areas.\n\nAfter additional study, it seems that both recursion and restart remains\nthe desirable way to handle exec with scripts, misc, and modules.  As\nsuch, we need to protect the changes to interp.\n\nThis changes the logic to require allocation for any changes to the\nbprm-\u003einterp.  To avoid adding a new kmalloc to every exec, the default\nvalue is left as-is.  Only when passing through binfmt_script or\nbinfmt_misc does an allocation take place.\n\nFor a proof of concept, see DoTest.sh from:\n\n   http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: halfdog \u003cme@halfdog.net\u003e\nCc: P J P \u003cppandit@redhat.com\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "78a685beb044864de000a6f7339bce57513172bb",
      "tree": "768425b1ce982640ddc3f4690ca9cd43dd6b1bb5",
      "parents": [
        "b947fcbcca85da6ad3ec79f6aa86b550f458e049"
      ],
      "author": {
        "name": "Mel Gorman",
        "email": "mgorman@suse.de",
        "time": "Wed Dec 05 14:01:41 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Dec 17 10:37:42 2012 -0800"
      },
      "message": "tmpfs: fix shared mempolicy leak\n\ncommit 18a2f371f5edf41810f6469cb9be39931ef9deb9 upstream.\n\nThis fixes a regression in 3.7-rc, which has since gone into stable.\n\nCommit 00442ad04a5e (\"mempolicy: fix a memory corruption by refcount\nimbalance in alloc_pages_vma()\") changed get_vma_policy() to raise the\nrefcount on a shmem shared mempolicy; whereas shmem_alloc_page() went\non expecting alloc_page_vma() to drop the refcount it had acquired.\nThis deserves a rework: but for now fix the leak in shmem_alloc_page().\n\nHugh: shmem_swapin() did not need a fix, but surely it\u0027s clearer to use\nthe same refcounting there as in shmem_alloc_page(), delete its onstack\nmempolicy, and the strange mpol_cond_copy() and __mpol_cond_copy() -\nthose were invented to let swapin_readahead() make an unknown number of\ncalls to alloc_pages_vma() with one mempolicy; but since 00442ad04a5e,\nalloc_pages_vma() has kept refcount in balance, so now no problem.\n\nReported-and-tested-by: Tommi Rantala \u003ctt.rantala@gmail.com\u003e\nSigned-off-by: Mel Gorman \u003cmgorman@suse.de\u003e\nSigned-off-by: Hugh Dickins \u003chughd@google.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "9cbecb443503ba3dd6a620e8e43a0273e14dc204",
      "tree": "bb6aa7240a08b3da5c4edbd1e08d3a5151eea7d5",
      "parents": [
        "6417635908e7643800141fc1d6cf7fe43f4fb5e3"
      ],
      "author": {
        "name": "Alex Deucher",
        "email": "alexander.deucher@amd.com",
        "time": "Wed Nov 21 18:37:38 2012 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Dec 03 11:47:01 2012 -0800"
      },
      "message": "drm/radeon: add new SI pci id\n\ncommit 0181bd5dea2ed0696f84591a92da0b6a1f1a2e62 upstream.\n\nSigned-off-by: Alex Deucher \u003calexander.deucher@amd.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "d0e85e04fb57a65a6096a0b18c97ba5892d676d9",
      "tree": "7942daf6baa0d4d5ddf9015523059cc07e972996",
      "parents": [
        "51b8318a818623899f9eb24ce697d43301bbe349"
      ],
      "author": {
        "name": "Alex Elder",
        "email": "elder@inktank.com",
        "time": "Thu Jun 21 12:49:23 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:45 2012 -0800"
      },
      "message": "libceph: drop declaration of ceph_con_get()\n\ncommit 261030215d970c62f799e6e508e3c68fc7ec2aa9 upstream.\n\nFor some reason the declaration of ceph_con_get() and\nceph_con_put() did not get deleted in this commit:\n    d59315ca libceph: drop ceph_con_get/put helpers and nref member\n\nClean that up.\n\nSigned-off-by: Alex Elder \u003celder@inktank.com\u003e\nCc: Herton Ronaldo Krzesinski \u003cherton.krzesinski@canonical.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "dfae3b3451c6da14df1fa62d76c8a4345d21bdb2",
      "tree": "d674f1e1998b9ae902ab74f235e1bd39d31525d4",
      "parents": [
        "73bba6fc44591587254fec8e867a99b5a2a28ba7"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Mon Sep 24 20:59:48 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:44 2012 -0800"
      },
      "message": "libceph: check for invalid mapping\n\n(cherry picked from commit d63b77f4c552cc3a20506871046ab0fcbc332609)\n\nIf we encounter an invalid (e.g., zeroed) mapping, return an error\nand avoid a divide by zero.\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nReviewed-by: Alex Elder \u003celder@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "63c1362476141f4fb340e8236d41674be9fc1983",
      "tree": "13be911ab412f8e02ec6cdfa2688bc5b4296c0a2",
      "parents": [
        "265fb7c177f9db75d628b3479b6223c1c8110e67"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Fri Jul 20 17:29:55 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:41 2012 -0800"
      },
      "message": "libceph: clean up con flags\n\n(cherry picked from commit 4a8616920860920abaa51193146fe36b38ef09aa)\n\nRename flags with CON_FLAG prefix, move the definitions into the c file,\nand (better) document their meaning.\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "265fb7c177f9db75d628b3479b6223c1c8110e67",
      "tree": "85f85c837e89f7d09041a26bb60a5b35495afc93",
      "parents": [
        "cb9f8855591613dff0909c99d46a29e10eb39b25"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Fri Jul 20 17:24:40 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:41 2012 -0800"
      },
      "message": "libceph: replace connection state bits with states\n\n(cherry picked from commit 8dacc7da69a491c515851e68de6036f21b5663ce)\n\nUse a simple set of 6 enumerated values for the socket states (CON_STATE_*)\nand use those instead of the state bits.  All of the con-\u003estate checks are\nnow under the protection of the con mutex, so this is safe.  It also\nsimplifies many of the state checks because we can check for anything other\nthan the expected state instead of various bits for races we can think of.\n\nThis appears to hold up well to stress testing both with and without socket\nfailure injection on the server side.\n\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "59d02721bb2838893596d5617659fe907dd45518",
      "tree": "126ac6b7dba3ef26cb4c6e32b7bc2faf74c1c35d",
      "parents": [
        "9beb73fcb83317786226b4203d7e56c6b0f43adb"
      ],
      "author": {
        "name": "Guanjun He",
        "email": "gjhe@suse.com",
        "time": "Sun Jul 08 19:50:33 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:38 2012 -0800"
      },
      "message": "libceph: prevent the race of incoming work during teardown\n\n(cherry picked from commit a2a3258417eb6a1799cf893350771428875a8287)\n\nAdd an atomic variable \u0027stopping\u0027 as flag in struct ceph_messenger,\nset this flag to 1 in function ceph_destroy_client(), and add the condition code\nin function ceph_data_ready() to test the flag value, if true(1), just return.\n\nSigned-off-by: Guanjun He \u003cgjhe@suse.com\u003e\nReviewed-by: Sage Weil \u003csage@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    },
    {
      "commit": "9beb73fcb83317786226b4203d7e56c6b0f43adb",
      "tree": "625dd1aa57201317108b56b11ae83195655d7939",
      "parents": [
        "d92d11da1dd8531150823ff429ae29a0cf5e438d"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@inktank.com",
        "time": "Mon Jul 09 14:22:34 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:38 2012 -0800"
      },
      "message": "libceph: initialize msgpool message types\n\n(cherry picked from commit d50b409fb8698571d8209e5adfe122e287e31290)\n\nInitialize the type field for messages in a msgpool.  The caller was doing\nthis for osd ops, but not for the reply messages.\n\nReported-by: Alex Elder \u003celder@inktank.com\u003e\nSigned-off-by: Sage Weil \u003csage@inktank.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n"
    }
  ],
  "next": "638ba1765d03bdc3a972bfca69fd0a4a4eda717c"
}
