From 9263f3b4e778b6001a5f70641214a9c760c0876a Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@redhat.com>
Date: Wed, 4 Dec 2013 16:07:29 -0600
Subject: [PATCH] Linux v3.12.3

---
 ...k-to-vmalloc-for-client-event-buffer.patch | 67 ---------------
 drm-qxl-backport-fixes-for-Fedora.patch       | 13 ---
 ...memory-leak-in-release-list-handling.patch | 30 -------
 kernel.spec                                   | 19 ++---
 keys-x509-improv.patch                        | 81 -------------------
 ...ags-more-safely-in-md_check_recovery.patch | 43 ----------
 sources                                       |  2 +-
 7 files changed, 6 insertions(+), 249 deletions(-)
 delete mode 100644 Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
 delete mode 100644 drm-qxl-fix-memory-leak-in-release-list-handling.patch
 delete mode 100644 md-test-mddev-flags-more-safely-in-md_check_recovery.patch

diff --git a/Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch b/Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
deleted file mode 100644
index 1ac378a65..000000000
--- a/Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Bugzilla: N/A
-Upstream-status: 3.13
-
-From 92eb77d0ffbaa71b501a0a8dabf09a351bf4267f Mon Sep 17 00:00:00 2001
-From: Daniel Stone <daniel@fooishbar.org>
-Date: Thu, 31 Oct 2013 07:25:34 +0000
-Subject: Input: evdev - fall back to vmalloc for client event buffer
-
-evdev always tries to allocate the event buffer for clients using
-kzalloc rather than vmalloc, presumably to avoid mapping overhead where
-possible.  However, drivers like bcm5974, which claims support for
-reporting 16 fingers simultaneously, can have an extraordinarily large
-buffer.  The resultant contiguous order-4 allocation attempt fails due
-to fragmentation, and the device is thus unusable until reboot.
-
-Try kzalloc if we can to avoid the mapping overhead, but if that fails,
-fall back to vzalloc.
-
-Signed-off-by: Daniel Stone <daniels@collabora.com>
-Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
----
-diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
-index b6ded17..a06e125 100644
---- a/drivers/input/evdev.c
-+++ b/drivers/input/evdev.c
-@@ -18,6 +18,8 @@
- #include <linux/poll.h>
- #include <linux/sched.h>
- #include <linux/slab.h>
-+#include <linux/vmalloc.h>
-+#include <linux/mm.h>
- #include <linux/module.h>
- #include <linux/init.h>
- #include <linux/input/mt.h>
-@@ -369,7 +371,11 @@ static int evdev_release(struct inode *inode, struct file *file)
- 	mutex_unlock(&evdev->mutex);
- 
- 	evdev_detach_client(evdev, client);
--	kfree(client);
-+
-+	if (is_vmalloc_addr(client))
-+		vfree(client);
-+	else
-+		kfree(client);
- 
- 	evdev_close_device(evdev);
- 
-@@ -389,12 +395,14 @@ static int evdev_open(struct inode *inode, struct file *file)
- {
- 	struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
- 	unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
-+	unsigned int size = sizeof(struct evdev_client) +
-+					bufsize * sizeof(struct input_event);
- 	struct evdev_client *client;
- 	int error;
- 
--	client = kzalloc(sizeof(struct evdev_client) +
--				bufsize * sizeof(struct input_event),
--			 GFP_KERNEL);
-+	client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
-+	if (!client)
-+		client = vzalloc(size);
- 	if (!client)
- 		return -ENOMEM;
- 
---
-cgit v0.9.2
diff --git a/drm-qxl-backport-fixes-for-Fedora.patch b/drm-qxl-backport-fixes-for-Fedora.patch
index c46060d64..04848b529 100644
--- a/drm-qxl-backport-fixes-for-Fedora.patch
+++ b/drm-qxl-backport-fixes-for-Fedora.patch
@@ -150,19 +150,6 @@ index 7e96f4f..18c599d 100644
  };
  
  /* forward declaration for QXL_INFO_IO */
-diff --git a/drivers/gpu/drm/qxl/qxl_fb.c b/drivers/gpu/drm/qxl/qxl_fb.c
-index 88722f2..f437b30 100644
---- a/drivers/gpu/drm/qxl/qxl_fb.c
-+++ b/drivers/gpu/drm/qxl/qxl_fb.c
-@@ -108,7 +108,7 @@ static void qxl_fb_dirty_flush(struct fb_info *info)
- 	u32 x1, x2, y1, y2;
- 
- 	/* TODO: hard coding 32 bpp */
--	int stride = qfbdev->qfb.base.pitches[0] * 4;
-+	int stride = qfbdev->qfb.base.pitches[0];
- 
- 	x1 = qfbdev->dirty.x1;
- 	x2 = qfbdev->dirty.x2;
 diff --git a/drivers/gpu/drm/qxl/qxl_kms.c b/drivers/gpu/drm/qxl/qxl_kms.c
 index 9e8da9e..e0ddd5b 100644
 --- a/drivers/gpu/drm/qxl/qxl_kms.c
diff --git a/drm-qxl-fix-memory-leak-in-release-list-handling.patch b/drm-qxl-fix-memory-leak-in-release-list-handling.patch
deleted file mode 100644
index 8ed4819f2..000000000
--- a/drm-qxl-fix-memory-leak-in-release-list-handling.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Bugzilla: N/A
-Upstream-status: 3.13
-
-From 1b28c3e628315ac0d9ef2d3fac0403f05ae692db Mon Sep 17 00:00:00 2001
-From: Dave Airlie <airlied@redhat.com>
-Date: Thu, 28 Nov 2013 05:39:03 +0000
-Subject: drm/qxl: fix memory leak in release list handling
-
-wow no idea how I got this far without seeing this,
-leaking the entries in the list makes kmalloc-64 slab grow.
-
-References: https://bugzilla.kernel.org/show_bug.cgi?id=65121
-Cc: stable@vger.kernel.org
-Reported-by: Matthew Stapleton <matthew4196@gmail.com>
-Signed-off-by: Dave Airlie <airlied@redhat.com>
----
-diff --git a/drivers/gpu/drm/qxl/qxl_release.c b/drivers/gpu/drm/qxl/qxl_release.c
-index 0109a96..821ab7b 100644
---- a/drivers/gpu/drm/qxl/qxl_release.c
-+++ b/drivers/gpu/drm/qxl/qxl_release.c
-@@ -92,6 +92,7 @@ qxl_release_free(struct qxl_device *qdev,
- 						- DRM_FILE_OFFSET);
- 		qxl_fence_remove_release(&bo->fence, release->id);
- 		qxl_bo_unref(&bo);
-+		kfree(entry);
- 	}
- 	spin_lock(&qdev->release_idr_lock);
- 	idr_remove(&qdev->release_idr, release->id);
---
-cgit v0.9.0.2-2-gbebe
diff --git a/kernel.spec b/kernel.spec
index 53d11b961..5d08f557a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 3
+%global baserelease 1
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -74,7 +74,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 2
+%define stable_update 3
 # Is it a -stable RC?
 %define stable_rc 0
 # Set rpm version accordingly
@@ -734,9 +734,6 @@ Patch25128: dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch
 Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
 
 Patch25140: drm-qxl-backport-fixes-for-Fedora.patch
-Patch25160: drm-qxl-fix-memory-leak-in-release-list-handling.patch
-
-Patch25141: Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
 
 #CVE-2013-4563 rhbz 1030015 1030017
 Patch25145: ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
@@ -769,9 +766,6 @@ Patch25159: usbnet-fix-status-interrupt-urb-handling.patch
 Patch25161: inet-prevent-leakage-of-uninitialized-memory-to-user.patch
 Patch25162: inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
 
-#rhbz 1033971
-Patch25163: md-test-mddev-flags-more-safely-in-md_check_recovery.patch
-
 #rhbz 958826
 Patch25164: dell-laptop.patch
 
@@ -1473,9 +1467,6 @@ ApplyPatch dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch
 ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
 
 ApplyPatch drm-qxl-backport-fixes-for-Fedora.patch
-ApplyPatch drm-qxl-fix-memory-leak-in-release-list-handling.patch
-
-ApplyPatch Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
 
 #CVE-2013-4563 rhbz 1030015 1030017
 ApplyPatch ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
@@ -1508,9 +1499,6 @@ ApplyPatch usbnet-fix-status-interrupt-urb-handling.patch
 ApplyPatch inet-prevent-leakage-of-uninitialized-memory-to-user.patch
 ApplyPatch inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
 
-#rhbz 1033971
-ApplyPatch md-test-mddev-flags-more-safely-in-md_check_recovery.patch
-
 #rhbz 958826
 ApplyPatch dell-laptop.patch
 
@@ -2317,6 +2305,9 @@ fi
 #                                    ||----w |
 #                                    ||     ||
 %changelog
+* Wed Dec 04 2013 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.3-1
+- Linux v3.12.3
+
 * Tue Dec  3 2013 Peter Robinson <pbrobinson@fedoraproject.org>
 - Minor ARM cleanups and remove obsolete options
 
diff --git a/keys-x509-improv.patch b/keys-x509-improv.patch
index 7176cc5d3..db07ea348 100644
--- a/keys-x509-improv.patch
+++ b/keys-x509-improv.patch
@@ -852,87 +852,6 @@ index eb368d4..0f55e3b 100644
 1.8.3.1
 
 
-From 4d729ace6be1c3b2b5d9b0d0301a4ffd342ec74a Mon Sep 17 00:00:00 2001
-From: David Howells <dhowells@redhat.com>
-Date: Tue, 18 Jun 2013 17:40:44 +0100
-Subject: [PATCH 10/18] X.509: Remove certificate date checks
-
-Remove the certificate date checks that are performed when a certificate is
-parsed.  There are two checks: a valid from and a valid to.  The first check is
-causing a lot of problems with system clocks that don't keep good time and the
-second places an implicit expiry date upon the kernel when used for module
-signing, so do we really need them?
-
-Signed-off-by: David Howells <dhowells@redhat.com>
-cc: David Woodhouse <dwmw2@infradead.org>
-cc: Rusty Russell <rusty@rustcorp.com.au>
-cc: Josh Boyer <jwboyer@redhat.com>
-cc: Alexander Holler <holler@ahsoftware.de>
-cc: stable@vger.kernel.org
----
- crypto/asymmetric_keys/x509_public_key.c | 38 --------------------------------
- 1 file changed, 38 deletions(-)
-
-diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
-index 0f55e3b..c1540e8 100644
---- a/crypto/asymmetric_keys/x509_public_key.c
-+++ b/crypto/asymmetric_keys/x509_public_key.c
-@@ -108,7 +108,6 @@ EXPORT_SYMBOL_GPL(x509_check_signature);
- static int x509_key_preparse(struct key_preparsed_payload *prep)
- {
- 	struct x509_certificate *cert;
--	struct tm now;
- 	size_t srlen, sulen;
- 	char *desc = NULL;
- 	int ret;
-@@ -150,43 +149,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
- 		goto error_free_cert;
- 	}
- 
--	time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
--	pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
--		 now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
--		 now.tm_hour, now.tm_min,  now.tm_sec);
--	if (now.tm_year < cert->valid_from.tm_year ||
--	    (now.tm_year == cert->valid_from.tm_year &&
--	     (now.tm_mon < cert->valid_from.tm_mon ||
--	      (now.tm_mon == cert->valid_from.tm_mon &&
--	       (now.tm_mday < cert->valid_from.tm_mday ||
--		(now.tm_mday == cert->valid_from.tm_mday &&
--		 (now.tm_hour < cert->valid_from.tm_hour ||
--		  (now.tm_hour == cert->valid_from.tm_hour &&
--		   (now.tm_min < cert->valid_from.tm_min ||
--		    (now.tm_min == cert->valid_from.tm_min &&
--		     (now.tm_sec < cert->valid_from.tm_sec
--		      ))))))))))) {
--		pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
--		ret = -EKEYREJECTED;
--		goto error_free_cert;
--	}
--	if (now.tm_year > cert->valid_to.tm_year ||
--	    (now.tm_year == cert->valid_to.tm_year &&
--	     (now.tm_mon > cert->valid_to.tm_mon ||
--	      (now.tm_mon == cert->valid_to.tm_mon &&
--	       (now.tm_mday > cert->valid_to.tm_mday ||
--		(now.tm_mday == cert->valid_to.tm_mday &&
--		 (now.tm_hour > cert->valid_to.tm_hour ||
--		  (now.tm_hour == cert->valid_to.tm_hour &&
--		   (now.tm_min > cert->valid_to.tm_min ||
--		    (now.tm_min == cert->valid_to.tm_min &&
--		     (now.tm_sec > cert->valid_to.tm_sec
--		      ))))))))))) {
--		pr_warn("Cert %s has expired\n", cert->fingerprint);
--		ret = -EKEYEXPIRED;
--		goto error_free_cert;
--	}
--
- 	cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
- 	cert->pub->id_type = PKEY_ID_X509;
- 
--- 
-1.8.3.1
-
-
 From 33f859fea67ab5307da4049e947fbc23cdd13a27 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Fri, 30 Aug 2013 16:07:13 +0100
diff --git a/md-test-mddev-flags-more-safely-in-md_check_recovery.patch b/md-test-mddev-flags-more-safely-in-md_check_recovery.patch
deleted file mode 100644
index 509c4dc01..000000000
--- a/md-test-mddev-flags-more-safely-in-md_check_recovery.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Bugzilla: 1033971
-Upstream-status: 3.13 (should hit 3.12 stable)
-
-From 142d44c310819e1965ca70b4d55d7679f5797e25 Mon Sep 17 00:00:00 2001
-From: NeilBrown <neilb@suse.de>
-Date: Thu, 28 Nov 2013 10:34:18 +1100
-Subject: [PATCH] md: test mddev->flags more safely in md_check_recovery.
-
-commit 7a0a5355cbc71efa md: Don't test all of mddev->flags at once.
-made most tests on mddev->flags safer, but missed one.
-
-When
-commit 260fa034ef7a4ff8b7306 md: avoid deadlock when dirty buffers during md_stop.
-added MD_STILL_CLOSED, this caused md_check_recovery to misbehave.
-It can think there is something to do but find nothing.  This can
-lead to the md thread spinning during array shutdown.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=65721
-
-Reported-and-tested-by: Richard W.M. Jones <rjones@redhat.com>
-Fixes: 260fa034ef7a4ff8b7306
-Cc: stable@vger.kernel.org (3.12)
-Signed-off-by: NeilBrown <neilb@suse.de>
----
- drivers/md/md.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/md/md.c b/drivers/md/md.c
-index b6b7a28..e60cebf 100644
---- a/drivers/md/md.c
-+++ b/drivers/md/md.c
-@@ -7777,7 +7777,7 @@ void md_check_recovery(struct mddev *mddev)
- 	if (mddev->ro && !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))
- 		return;
- 	if ( ! (
--		(mddev->flags & ~ (1<<MD_CHANGE_PENDING)) ||
-+		(mddev->flags & MD_UPDATE_SB_FLAGS & ~ (1<<MD_CHANGE_PENDING)) ||
- 		test_bit(MD_RECOVERY_NEEDED, &mddev->recovery) ||
- 		test_bit(MD_RECOVERY_DONE, &mddev->recovery) ||
- 		(mddev->external == 0 && mddev->safemode == 1) ||
--- 
-1.8.3.1
-
diff --git a/sources b/sources
index 89882616a..dfd21ab0b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 cc6ee608854e0da4b64f6c1ff8b6398c  linux-3.12.tar.xz
-97453b56d6a999b5a4b0899b4e28fabe  patch-3.12.2.xz
+b7a603bf67e69936cf049fc6b37d9085  patch-3.12.3.xz