commit 41b67d8f304f0c414b41eee2ede98caf897012a8 Author: Greg Kroah-Hartman Date: Mon Jun 16 13:44:27 2014 -0700 Linux 3.15.1 commit a6543e29682bfdf11b3fe36162b8226e7e9f90fb Author: Andreas Schrägle Date: Sat May 24 16:35:43 2014 +0200 ahci: add PCI ID for Marvell 88SE91A0 SATA Controller commit 754a292fe6b08196cb135c03b404444e17de520a upstream. Add support for Marvell Technology Group Ltd. 88SE91A0 SATA 6Gb/s Controller by adding its PCI ID. Signed-off-by: Andreas Schrägle Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman commit 72591c3023fa2da2a1bee182c97637bb4740e043 Author: Jérôme Carretero Date: Tue Jun 3 14:56:25 2014 -0400 ahci: Add Device ID for HighPoint RocketRaid 642L commit d251836508fb26cd1a22b41381739835ee23728d upstream. This device normally comes with a proprietary driver, using a web GUI to configure RAID: http://www.highpoint-tech.com/USA_new/series_rr600-download.htm But thankfully it also works out of the box with the AHCI driver, being just a Marvell 88SE9235. Devices 640L, 644L, 644LS should also be supported but not tested here. Signed-off-by: Jérôme Carretero Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman commit 6dcfd1f5d42e1b5f33d45f55186b961270420f00 Author: Alessandro Miceli Date: Sun May 4 07:50:31 2014 -0300 rtl28xxu: add [1b80:d3af] Sveon STV27 commit 74a86272f05c3dae40f2d7b17ff09a0608cf3304 upstream. Added support for Sveon STV27 device (rtl2832u + FC0013 tuner) Signed-off-by: Alessandro Miceli Signed-off-by: Antti Palosaari Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit 8bc4154c9a32eef14220cfaecd641dfc156b7988 Author: Alessandro Miceli Date: Sun May 4 07:37:15 2014 -0300 rtl28xxu: add [1b80:d39d] Sveon STV20 commit f27f5b0ee4967babfb8b03511f5e76b79d781014 upstream. Added Sveon STV20 device based on Realtek RTL2832U and FC0012 tuner Signed-off-by: Alessandro Miceli Signed-off-by: Antti Palosaari Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit b1947d698fa8899f31c26ab1de8c732c0d053781 Author: Brian Healy Date: Sun May 4 18:43:39 2014 -0300 rtl28xxu: add 1b80:d395 Peak DVB-T USB commit 9ca24ae4083665bda38da45f4b5dc9bbaf936bc0 upstream. Add USB ID for Peak DVB-T USB. [crope@iki.fi: fix Brian email address and indentation] Signed-off-by: Brian Healy Signed-off-by: Antti Palosaari Signed-off-by: Greg Kroah-Hartman Signed-off-by: Mauro Carvalho Chehab commit 0cb62c9a241d67bf555971224757e11f0e2da294 Author: Tomas Winkler Date: Mon May 12 12:19:41 2014 +0300 mei: me: read H_CSR after asserting reset commit c40765d919d25d2d44d99c4ce39e48808f137e1e upstream. According the spec the host should read H_CSR again after asserting reset H_RST to ensure that reset was read by the firmware Signed-off-by: Tomas Winkler Signed-off-by: Alexander Usyskin Signed-off-by: Greg Kroah-Hartman commit 4f104ed166d1039950a6fbebcffbde92543bd2eb Author: Tomas Winkler Date: Mon May 12 12:19:40 2014 +0300 mei: me: drop harmful wait optimization commit 07cd7be3d92eeeae1f92a017f2cfe4fdd9256526 upstream. It my take time till ME_RDY will be cleared after the reset, so we cannot check the bit before we got the interrupt Signed-off-by: Tomas Winkler Signed-off-by: Alexander Usyskin Signed-off-by: Greg Kroah-Hartman commit b1b94ac553e0ab8182d63e5b36f7633c4c3c20a7 Author: Tomas Winkler Date: Mon May 12 12:19:39 2014 +0300 mei: me: fix hw ready reset flow commit b04ada92ffaabb868497a1fce8e4f6bf74e5488f upstream. We cleared H_RST for H_CSR on spurious interrupt generated when ME_RDY while cleared and not while ME_RDY is set. The spurious interrupt is not delivered on all platforms in this case the driver may fail to initialize. Signed-off-by: Tomas Winkler Signed-off-by: Alexander Usyskin Signed-off-by: Greg Kroah-Hartman commit f15e38fc0fc5bacc0b983d762364ecc78758c4d0 Author: Alexei Starovoitov Date: Wed Jun 4 15:49:50 2014 -0700 PCI/MSI: Fix memory leak in free_msi_irqs() commit b701c0b1fe819a2083fc6ec5332e0e4492b9516d upstream. free_msi_irqs() is leaking memory, since list_for_each_entry(entry, &dev->msi_list, list) {...} is never executed, because dev->msi_list is made empty by the loop just above this one. Fix it by relying on zero termination of attribute array like populate_msi_sysfs() does. Fixes: 1c51b50c2995 ("PCI/MSI: Export MSI mode using attributes, not kobjects") Signed-off-by: Alexei Starovoitov Signed-off-by: Bjorn Helgaas Acked-by: Neil Horman Acked-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman commit e015cef70226c6b94ee575895fde595d925b42c0 Author: Andy Lutomirski Date: Wed May 28 23:09:58 2014 -0400 auditsc: audit_krule mask accesses need bounds checking commit a3c54931199565930d6d84f4c3456f6440aefd41 upstream. Fixes an easy DoS and possible information disclosure. This does nothing about the broken state of x32 auditing. eparis: If the admin has enabled auditd and has specifically loaded audit rules. This bug has been around since before git. Wow... Signed-off-by: Andy Lutomirski Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 4e358517b2810788777196f038f5a0b3b9936a6a Author: Al Viro Date: Thu Jun 12 00:29:13 2014 -0400 lock_parent: don't step on stale ->d_parent of all-but-freed one commit c2338f2dc7c1e9f6202f370c64ffd7f44f3d4b51 upstream. Dentry that had been through (or into) __dentry_kill() might be seen by shrink_dentry_list(); that's normal, it'll be taken off the shrink list and freed if __dentry_kill() has already finished. The problem is, its ->d_parent might be pointing to already freed dentry, so lock_parent() needs to be careful. We need to check that dentry hasn't already gone into __dentry_kill() *and* grab rcu_read_lock() before dropping ->d_lock - the latter makes sure that whatever we see in ->d_parent after dropping ->d_lock it won't be freed until we drop rcu_read_lock(). Signed-off-by: Al Viro Cc: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit d3c8656bc29be81894dc78a300c37b84d281ec03 Author: Andy Lutomirski Date: Tue Jun 10 12:45:42 2014 -0700 fs,userns: Change inode_capable to capable_wrt_inode_uidgid commit 23adbe12ef7d3d4195e80800ab36b37bee28cd03 upstream. The kernel has no concept of capabilities with respect to inodes; inodes exist independently of namespaces. For example, inode_capable(inode, CAP_LINUX_IMMUTABLE) would be nonsense. This patch changes inode_capable to check for uid and gid mappings and renames it to capable_wrt_inode_uidgid, which should make it more obvious what it does. Fixes CVE-2014-4014. Cc: Theodore Ts'o Cc: Serge Hallyn Cc: "Eric W. Biederman" Cc: Dave Chinner Signed-off-by: Andy Lutomirski Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman