3.15.7-200.fc20.gnu

11 files changed, 855 insertions, 51 deletions

diff --git a/freed-ora/current/f20/0001-ACPI-video-Add-use_native_backlight-quirk-for-HP-Pro.patch b/freed-ora/current/f20/0001-ACPI-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
new file mode 100644
index 000000000..80062ca59
--- /dev/null
+++ b/freed-ora/current/f20/0001-ACPI-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
@@ -0,0 +1,45 @@
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1025690
+Upstream-status: Included in 3.16
+Note: Not needed for 3.16 and higher since use_native_backlight=1 is the
+default there, upstream is maintaining the quirk list for now in case it is
+decided to flip the default back.
+
+From 4cf465b579c20bee868464f5d664f8d2d96cd370 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 16 Jul 2014 13:28:34 +0200
+Subject: [PATCH] ACPI / video: Add use_native_backlight quirk for HP ProBook
+ 4540s
+
+As reported here:
+https://bugzilla.redhat.com/show_bug.cgi?id=1025690
+This is yet another model which needs this quirk.
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=1025690
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+---
+ drivers/acpi/video.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
+index 29649c1..350d52a 100644
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -581,6 +581,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
+ 	},
+ 	{
+ 	.callback = video_set_use_native_backlight,
++	.ident = "HP ProBook 4540s",
++	.matches = {
++		DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
++		DMI_MATCH(DMI_PRODUCT_VERSION, "HP ProBook 4540s"),
++		},
++	},
++	{
++	.callback = video_set_use_native_backlight,
+ 	.ident = "HP ProBook 2013 models",
+ 	.matches = {
+ 		DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+-- 
+2.0.1
+
diff --git a/freed-ora/current/f20/0001-acpi-video-Add-video.use_native_backlight-1-for-HP-E.patch b/freed-ora/current/f20/0001-acpi-video-Add-video.use_native_backlight-1-for-HP-E.patch
new file mode 100644
index 000000000..cce82d9ff
--- /dev/null
+++ b/freed-ora/current/f20/0001-acpi-video-Add-video.use_native_backlight-1-for-HP-E.patch
@@ -0,0 +1,43 @@
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1123565
+Upstream-status: Send upstream for 3.17 with Cc: stable
+Note: Not needed for 3.16 and higher since use_native_backlight=1 is the
+default there, upstream is maintaining the quirk list for now in case it is
+decided to flip the default back.
+
+From e1eaa90a9691696df34040f40f5dbc1d91a394f0 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 28 Jul 2014 17:31:44 +0200
+Subject: [PATCH] acpi-video: Add video.use_native_backlight=1 for HP EliteBook
+ 2014 models
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1123565
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/acpi/video.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
+index 18c0e69..8268843 100644
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -673,6 +673,15 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
+ 	},
+ 	{
+ 	.callback = video_set_use_native_backlight,
++	.ident = "HP EliteBook 2014 models",
++	.matches = {
++		DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
++		DMI_MATCH(DMI_PRODUCT_NAME, "HP EliteBook "),
++		DMI_MATCH(DMI_PRODUCT_NAME, " G2"),
++		},
++	},
++	{
++	.callback = video_set_use_native_backlight,
+ 	.ident = "HP ZBook 14",
+ 	.matches = {
+ 		DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+-- 
+2.0.1
+
diff --git a/freed-ora/current/f20/0001-xhci-Blacklist-using-streams-on-the-Etron-EJ168-cont.patch b/freed-ora/current/f20/0001-xhci-Blacklist-using-streams-on-the-Etron-EJ168-cont.patch
new file mode 100644
index 000000000..ee66d70c3
--- /dev/null
+++ b/freed-ora/current/f20/0001-xhci-Blacklist-using-streams-on-the-Etron-EJ168-cont.patch
@@ -0,0 +1,99 @@
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1121288
+Upstream-status: Send upstream for 3.16/3.17 with Cc: stable
+
+From 82170a95391209b87bbedd0b3aa7636161573ddb Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Fri, 25 Jul 2014 12:28:02 +0200
+Subject: [PATCH] xhci: Blacklist using streams on the Etron EJ168 controller
+
+Streams on the EJ168 do not work as they should. I've spend 2 days trying
+to get them to work, but without success.
+
+The first problem is that when ever you ring the stream-ring doorbell, the
+controller starts executing trbs at the beginning of the first ring segment,
+event if it ended somewhere else previously. This can be worked around by
+allowing enqueing only one td (not a problem with how streams are typically
+used) and then resetting our copies of the enqueueing en dequeueing pointers
+on a td completion to match what the controller seems to be doing.
+
+This way things seem to start working with uas and instead of being able
+to complete only the very first scsi command, the scsi core can probe the disk.
+
+But then things break later on when td-s get enqueued with more then one
+trb. The controller does seem to increase its dequeue pointer while executing
+a stream-ring (data transfer events I inserted for debugging do trigger).
+However execution seems to stop at the final normal trb of a multi trb td,
+even if there is a data transfer event inserted after the final trb.
+
+The first problem alone is a serious deviation from the spec, and esp.
+dealing with cancellation would have been very tricky if not outright
+impossible, but the second problem simply is a deal breaker altogether,
+so this patch simply disables streams.
+
+Note this will cause the usb-storage + uas driver pair to automatically switch
+to using usb-storage instead of uas on these devices, essentially reverting
+to the 3.14 and earlier behavior when uas was marked CONFIG_BROKEN.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1121288
+https://bugzilla.kernel.org/show_bug.cgi?id=80101
+
+Cc: stable@vger.kernel.org # 3.15
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/usb/host/xhci-pci.c | 4 +++-
+ drivers/usb/host/xhci.c     | 3 ++-
+ drivers/usb/host/xhci.h     | 2 ++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
+index e20520f..464049f 100644
+--- a/drivers/usb/host/xhci-pci.c
++++ b/drivers/usb/host/xhci-pci.c
+@@ -143,6 +143,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
+ 		xhci_dbg_trace(xhci, trace_xhci_dbg_quirks,
+ 				"QUIRK: Resetting on resume");
+ 		xhci->quirks |= XHCI_TRUST_TX_LENGTH;
++		xhci->quirks |= XHCI_BROKEN_STREAMS;
+ 	}
+ 	if (pdev->vendor == PCI_VENDOR_ID_RENESAS &&
+ 			pdev->device == 0x0015)
+@@ -230,7 +231,8 @@ static int xhci_pci_probe(struct pci_dev *dev, const struct pci_device_id *id)
+ 		goto put_usb3_hcd;
+ 	/* Roothub already marked as USB 3.0 speed */
+ 
+-	if (HCC_MAX_PSA(xhci->hcc_params) >= 4)
++	if (!(xhci->quirks & XHCI_BROKEN_STREAMS) &&
++			HCC_MAX_PSA(xhci->hcc_params) >= 4)
+ 		xhci->shared_hcd->can_do_streams = 1;
+ 
+ 	/* USB-2 and USB-3 roothubs initialized, allow runtime pm suspend */
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index 7d02e1b..758bc31 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -3163,7 +3163,8 @@ int xhci_alloc_streams(struct usb_hcd *hcd, struct usb_device *udev,
+ 			num_streams);
+ 
+ 	/* MaxPSASize value 0 (2 streams) means streams are not supported */
+-	if (HCC_MAX_PSA(xhci->hcc_params) < 4) {
++	if ((xhci->quirks & XHCI_BROKEN_STREAMS) ||
++			HCC_MAX_PSA(xhci->hcc_params) < 4) {
+ 		xhci_dbg(xhci, "xHCI controller does not support streams.\n");
+ 		return -ENOSYS;
+ 	}
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
+index 1411069..88b2958 100644
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -1558,6 +1558,8 @@ struct xhci_hcd {
+ #define XHCI_PLAT		(1 << 16)
+ #define XHCI_SLOW_SUSPEND	(1 << 17)
+ #define XHCI_SPURIOUS_WAKEUP	(1 << 18)
++/* For controllers with a broken beyond repair streams implementation */
++#define XHCI_BROKEN_STREAMS	(1 << 19)
+ 	unsigned int		num_active_eps;
+ 	unsigned int		limit_active_eps;
+ 	/* There are two roothubs to keep track of bus suspend info for */
+-- 
+2.0.1
+
diff --git a/freed-ora/current/f20/Revert-drm-i915-reverse-dp-link-param-selection-pref.patch b/freed-ora/current/f20/Revert-drm-i915-reverse-dp-link-param-selection-pref.patch
deleted file mode 100644
index 25aff2f13..000000000
--- a/freed-ora/current/f20/Revert-drm-i915-reverse-dp-link-param-selection-pref.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Bugzilla: 1117008
-Upstream-status: Sent to intel-gfx
-
-From b22370f0cf68e49ddcb3dd7033aba5ff6454dfcc Mon Sep 17 00:00:00 2001
-From: Dave Airlie <airlied@redhat.com>
-Date: Mon, 14 Jul 2014 10:54:20 +1000
-Subject: [PATCH] Revert "drm/i915: reverse dp link param selection, prefer
- fast over wide again"
-
-This reverts commit 38aecea0ccbb909d635619cba22f1891e589b434.
-
-This breaks Haswell Thinkpad + Lenovo dock in SST mode with a HDMI monitor attached.
-
-Before this we can 1920x1200 mode, after this we only ever get 1024x768, and
-a lot of deferring.
-
-This didn't revert clean, but this should be fine.
-
-bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1117008
-Cc: stable@vger.kernel.org # v3.15
-Signed-off-by: Dave Airlie <airlied@redhat.com>
----
- drivers/gpu/drm/i915/intel_dp.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
-index 2a00cb8..61963d3 100644
---- a/drivers/gpu/drm/i915/intel_dp.c
-+++ b/drivers/gpu/drm/i915/intel_dp.c
-@@ -833,8 +833,8 @@ intel_dp_compute_config(struct intel_encoder *encoder,
- 		mode_rate = intel_dp_link_required(adjusted_mode->crtc_clock,
- 						   bpp);
- 
--		for (lane_count = min_lane_count; lane_count <= max_lane_count; lane_count <<= 1) {
--			for (clock = min_clock; clock <= max_clock; clock++) {
-+		for (clock = min_clock; clock <= max_clock; clock++) {
-+			for (lane_count = min_lane_count; lane_count <= max_lane_count; lane_count <<= 1) {
- 				link_clock = drm_dp_bw_code_to_link_rate(bws[clock]);
- 				link_avail = intel_dp_max_data_rate(link_clock,
- 								    lane_count);
--- 
-1.9.3
-
diff --git a/freed-ora/current/f20/drm-try-harder-to-avoid-regression-when-merging-mode.patch b/freed-ora/current/f20/drm-try-harder-to-avoid-regression-when-merging-mode.patch
new file mode 100644
index 000000000..c4518a9f1
--- /dev/null
+++ b/freed-ora/current/f20/drm-try-harder-to-avoid-regression-when-merging-mode.patch
@@ -0,0 +1,214 @@
+Bugzilla: 1060327
+Upstream-status: 3.16
+
+From b87577b7c768683736eea28f70779e8c75b4df62 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Thu, 1 May 2014 09:26:53 +1000
+Subject: [PATCH] drm: try harder to avoid regression when merging mode bits
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For QXL hw we really want the bits to be replaced as we change
+the preferred mode on the fly, and the same goes for virgl when
+I get to it, however the original fix for this seems to have caused
+a wierd regression on Intel G33 that in a stunning display of failure
+at opposition to his normal self, Daniel failed to diagnose.
+
+So we are left doing this, ugly ugly ugly ugly, Daniel you fixed
+that G33 yet?, ugly, ugly.
+
+Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+---
+ drivers/gpu/drm/drm_modes.c         |  9 ++++--
+ drivers/gpu/drm/drm_probe_helper.c  | 64 +++++++++++++++++++++++++------------
+ drivers/gpu/drm/qxl/qxl_display.c   |  2 +-
+ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c |  2 +-
+ include/drm/drm_crtc_helper.h       |  4 +++
+ include/drm/drm_modes.h             |  2 +-
+ 6 files changed, 57 insertions(+), 26 deletions(-)
+
+diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
+index 8b410576fce4..bedf1894e17e 100644
+--- a/drivers/gpu/drm/drm_modes.c
++++ b/drivers/gpu/drm/drm_modes.c
+@@ -1013,6 +1013,7 @@ EXPORT_SYMBOL(drm_mode_sort);
+ /**
+  * drm_mode_connector_list_update - update the mode list for the connector
+  * @connector: the connector to update
++ * @merge_type_bits: whether to merge or overright type bits.
+  *
+  * This moves the modes from the @connector probed_modes list
+  * to the actual mode list. It compares the probed mode against the current
+@@ -1021,7 +1022,8 @@ EXPORT_SYMBOL(drm_mode_sort);
+  * This is just a helper functions doesn't validate any modes itself and also
+  * doesn't prune any invalid modes. Callers need to do that themselves.
+  */
+-void drm_mode_connector_list_update(struct drm_connector *connector)
++void drm_mode_connector_list_update(struct drm_connector *connector,
++				    bool merge_type_bits)
+ {
+ 	struct drm_display_mode *mode;
+ 	struct drm_display_mode *pmode, *pt;
+@@ -1039,7 +1041,10 @@ void drm_mode_connector_list_update(struct drm_connector *connector)
+ 				/* if equal delete the probed mode */
+ 				mode->status = pmode->status;
+ 				/* Merge type bits together */
+-				mode->type |= pmode->type;
++				if (merge_type_bits)
++					mode->type |= pmode->type;
++				else
++					mode->type = pmode->type;
+ 				list_del(&pmode->head);
+ 				drm_mode_destroy(connector->dev, pmode);
+ 				break;
+diff --git a/drivers/gpu/drm/drm_probe_helper.c b/drivers/gpu/drm/drm_probe_helper.c
+index e70f54d4a581..8afdd0998a8c 100644
+--- a/drivers/gpu/drm/drm_probe_helper.c
++++ b/drivers/gpu/drm/drm_probe_helper.c
+@@ -82,26 +82,8 @@ static void drm_mode_validate_flag(struct drm_connector *connector,
+ 	return;
+ }
+ 
+-/**
+- * drm_helper_probe_single_connector_modes - get complete set of display modes
+- * @connector: connector to probe
+- * @maxX: max width for modes
+- * @maxY: max height for modes
+- *
+- * Based on the helper callbacks implemented by @connector try to detect all
+- * valid modes.  Modes will first be added to the connector's probed_modes list,
+- * then culled (based on validity and the @maxX, @maxY parameters) and put into
+- * the normal modes list.
+- *
+- * Intended to be use as a generic implementation of the ->fill_modes()
+- * @connector vfunc for drivers that use the crtc helpers for output mode
+- * filtering and detection.
+- *
+- * Returns:
+- * The number of modes found on @connector.
+- */
+-int drm_helper_probe_single_connector_modes(struct drm_connector *connector,
+-					    uint32_t maxX, uint32_t maxY)
++static int drm_helper_probe_single_connector_modes_merge_bits(struct drm_connector *connector,
++							      uint32_t maxX, uint32_t maxY, bool merge_type_bits)
+ {
+ 	struct drm_device *dev = connector->dev;
+ 	struct drm_display_mode *mode;
+@@ -155,7 +137,7 @@ int drm_helper_probe_single_connector_modes(struct drm_connector *connector,
+ 	if (count == 0)
+ 		goto prune;
+ 
+-	drm_mode_connector_list_update(connector);
++	drm_mode_connector_list_update(connector, merge_type_bits);
+ 
+ 	if (maxX && maxY)
+ 		drm_mode_validate_size(dev, &connector->modes, maxX, maxY);
+@@ -194,9 +176,49 @@ prune:
+ 
+ 	return count;
+ }
++
++/**
++ * drm_helper_probe_single_connector_modes - get complete set of display modes
++ * @connector: connector to probe
++ * @maxX: max width for modes
++ * @maxY: max height for modes
++ *
++ * Based on the helper callbacks implemented by @connector try to detect all
++ * valid modes.  Modes will first be added to the connector's probed_modes list,
++ * then culled (based on validity and the @maxX, @maxY parameters) and put into
++ * the normal modes list.
++ *
++ * Intended to be use as a generic implementation of the ->fill_modes()
++ * @connector vfunc for drivers that use the crtc helpers for output mode
++ * filtering and detection.
++ *
++ * Returns:
++ * The number of modes found on @connector.
++ */
++int drm_helper_probe_single_connector_modes(struct drm_connector *connector,
++					    uint32_t maxX, uint32_t maxY)
++{
++	return drm_helper_probe_single_connector_modes_merge_bits(connector, maxX, maxY, true);
++}
+ EXPORT_SYMBOL(drm_helper_probe_single_connector_modes);
+ 
+ /**
++ * drm_helper_probe_single_connector_modes_nomerge - get complete set of display modes
++ * @connector: connector to probe
++ * @maxX: max width for modes
++ * @maxY: max height for modes
++ *
++ * This operates like drm_hehlper_probe_single_connector_modes except it
++ * replaces the mode bits instead of merging them for preferred modes.
++ */
++int drm_helper_probe_single_connector_modes_nomerge(struct drm_connector *connector,
++					    uint32_t maxX, uint32_t maxY)
++{
++	return drm_helper_probe_single_connector_modes_merge_bits(connector, maxX, maxY, false);
++}
++EXPORT_SYMBOL(drm_helper_probe_single_connector_modes_nomerge);
++
++/**
+  * drm_kms_helper_hotplug_event - fire off KMS hotplug events
+  * @dev: drm_device whose connector state changed
+  *
+diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c
+index 41bdd174657e..3ab9072d3623 100644
+--- a/drivers/gpu/drm/qxl/qxl_display.c
++++ b/drivers/gpu/drm/qxl/qxl_display.c
+@@ -841,7 +841,7 @@ static const struct drm_connector_funcs qxl_connector_funcs = {
+ 	.save = qxl_conn_save,
+ 	.restore = qxl_conn_restore,
+ 	.detect = qxl_conn_detect,
+-	.fill_modes = drm_helper_probe_single_connector_modes,
++	.fill_modes = drm_helper_probe_single_connector_modes_nomerge,
+ 	.set_property = qxl_conn_set_property,
+ 	.destroy = qxl_conn_destroy,
+ };
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+index a2dde5ad8138..e7199b454ca0 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+@@ -2001,7 +2001,7 @@ int vmw_du_connector_fill_modes(struct drm_connector *connector,
+ 	if (du->pref_mode)
+ 		list_move(&du->pref_mode->head, &connector->probed_modes);
+ 
+-	drm_mode_connector_list_update(connector);
++	drm_mode_connector_list_update(connector, true);
+ 
+ 	return 1;
+ }
+diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h
+index 36a5febac2a6..f51c8393e9a8 100644
+--- a/include/drm/drm_crtc_helper.h
++++ b/include/drm/drm_crtc_helper.h
+@@ -165,6 +165,10 @@ extern void drm_helper_resume_force_mode(struct drm_device *dev);
+ extern int drm_helper_probe_single_connector_modes(struct drm_connector
+ 						   *connector, uint32_t maxX,
+ 						   uint32_t maxY);
++extern int drm_helper_probe_single_connector_modes_nomerge(struct drm_connector
++							   *connector,
++							   uint32_t maxX,
++							   uint32_t maxY);
+ extern void drm_kms_helper_poll_init(struct drm_device *dev);
+ extern void drm_kms_helper_poll_fini(struct drm_device *dev);
+ extern bool drm_helper_hpd_irq_event(struct drm_device *dev);
+diff --git a/include/drm/drm_modes.h b/include/drm/drm_modes.h
+index 2dbbf9976669..91d0582f924e 100644
+--- a/include/drm/drm_modes.h
++++ b/include/drm/drm_modes.h
+@@ -223,7 +223,7 @@ void drm_mode_validate_size(struct drm_device *dev,
+ void drm_mode_prune_invalid(struct drm_device *dev,
+ 			    struct list_head *mode_list, bool verbose);
+ void drm_mode_sort(struct list_head *mode_list);
+-void drm_mode_connector_list_update(struct drm_connector *connector);
++void drm_mode_connector_list_update(struct drm_connector *connector, bool merge_type_bits);
+ 
+ /* parsing cmdline modes */
+ bool
+-- 
+1.9.3
+
diff --git a/freed-ora/current/f20/fs-umount-on-symlink-leaks-mnt-count.patch b/freed-ora/current/f20/fs-umount-on-symlink-leaks-mnt-count.patch
new file mode 100644
index 000000000..ed0e8a397
--- /dev/null
+++ b/freed-ora/current/f20/fs-umount-on-symlink-leaks-mnt-count.patch
@@ -0,0 +1,41 @@
+Bugzilla: 1122482
+Upstream-status: Sent for 3.16 
+From: Vasily Averin <vvs@openvz.org>
+Subject: [PATCH v4] fs: umount on symlink leaks mnt count
+Currently umount on symlink blocks following umount:
+
+/vz is separate mount
+
+# ls /vz/ -al | grep test
+drwxr-xr-x.  2 root root       4096 Jul 19 01:14 testdir
+lrwxrwxrwx.  1 root root         11 Jul 19 01:16 testlink -> /vz/testdir
+# umount -l /vz/testlink
+umount: /vz/testlink: not mounted (expected)
+# lsof /vz
+# umount /vz
+umount: /vz: device is busy. (unexpected)
+
+In this case mountpoint_last() gets an extra refcount on path->mnt
+
+Signed-off-by: Vasily Averin <vvs@openvz.org>
+---
+ fs/namei.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+diff --git a/fs/namei.c b/fs/namei.c
+index 985c6f3..9eb787e 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2256,9 +2256,10 @@ done:
+ 		goto out;
+ 	}
+ 	path->dentry = dentry;
+-	path->mnt = mntget(nd->path.mnt);
++	path->mnt = nd->path.mnt;
+ 	if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
+ 		return 1;
++	mntget(path->mnt);
+ 	follow_mount(path);
+ 	error = 0;
+ out:
+-- 
+1.7.5.4
diff --git a/freed-ora/current/f20/kernel.spec b/freed-ora/current/f20/kernel.spec
index 3be4f3b21..942433dbb 100644
--- a/freed-ora/current/f20/kernel.spec
+++ b/freed-ora/current/f20/kernel.spec
@@ -112,7 +112,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 6
+%define stable_update 7
 # Is it a -stable RC?
 %define stable_rc 0
 # Set rpm version accordingly
@@ -805,12 +805,33 @@ Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
 #rhbz 1114768
 Patch25112: 0001-synaptics-Add-min-max-quirk-for-pnp-id-LEN2002-Edge-.patch
 
-#rhbz 1117008
-Patch25114: Revert-drm-i915-reverse-dp-link-param-selection-pref.patch
-
 #CVE-2014-4943 rhbz 1119458 1120542
 Patch25115: net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch
 
+#CVE-2014-3534 rhbz 1114089 1122612
+Patch25117: s390-ptrace-fix-PSW-mask-check.patch
+
+#rhbz 1117942
+Patch25118: sched-fix-sched_setparam-policy-1-logic.patch
+
+#CVE-2014-5045 rhbz 1122472 1122482
+Patch25119: fs-umount-on-symlink-leaks-mnt-count.patch
+
+#rhbz 1060327
+Patch25123: drm-try-harder-to-avoid-regression-when-merging-mode.patch
+
+#CVE-2014-5077 rhbz 1122982 1123696
+Patch25124: net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
+
+#rhbz 1025690
+Patch25125: 0001-ACPI-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
+
+#rhbz 1123565
+Patch25126: 0001-acpi-video-Add-video.use_native_backlight-1-for-HP-E.patch
+
+#rhbz 1121288
+Patch25127: 0001-xhci-Blacklist-using-streams-on-the-Etron-EJ168-cont.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1575,12 +1596,33 @@ ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
 #rhbz 1114768
 ApplyPatch 0001-synaptics-Add-min-max-quirk-for-pnp-id-LEN2002-Edge-.patch
 
-#rhbz 1117008
-ApplyPatch Revert-drm-i915-reverse-dp-link-param-selection-pref.patch
-
 #CVE-2014-4943 rhbz 1119458 1120542
 ApplyPatch net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch
 
+#CVE-2014-3534 rhbz 1114089 1122612
+ApplyPatch s390-ptrace-fix-PSW-mask-check.patch
+
+#rhbz 1117942
+ApplyPatch sched-fix-sched_setparam-policy-1-logic.patch
+
+#CVE-2014-5045 rhbz 1122472 1122482
+ApplyPatch fs-umount-on-symlink-leaks-mnt-count.patch
+
+#rhbz 1060327
+ApplyPatch drm-try-harder-to-avoid-regression-when-merging-mode.patch
+
+#CVE-2014-5077 rhbz 1122982 1123696
+ApplyPatch net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
+
+#rhbz 1025690
+ApplyPatch 0001-ACPI-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
+
+#rhbz 1123565
+ApplyPatch 0001-acpi-video-Add-video.use_native_backlight-1-for-HP-E.patch
+
+#rhbz 1121288
+ApplyPatch 0001-xhci-Blacklist-using-streams-on-the-Etron-EJ168-cont.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2403,6 +2445,30 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Mon Jul 28 2014 Alexandre Oliva <lxoliva@fsfla.org> -libre
+- GNU Linux-libre 3.15.7-gnu.
+
+* Mon Jul 28 2014 Justin M. Forbes <jforbes@fedoraproject.org> 3.15.7-200
+- Linux v3.15.7
+
+* Mon Jul 28 2014 Hans de Goede <hdegoede@redhat.com>
+- Add use_native_backlight=1 quirk for HP ProBook 4540s (rhbz#1025690)
+- Add use_native_backlight=1 quirk for HP EliteBook 2014 series (rhbz#1123565)
+- Blacklist usb bulk streams on Etron EJ168 xhci controllers (rhbz#1121288)
+
+* Mon Jul 28 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2014-5077 sctp: fix NULL ptr dereference (rhbz 1122982 1123696)
+
+* Fri Jul 25 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- Re-add patch fixing spice resize (rhbz 1060327)
+
+* Thu Jul 24 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2014-4171 shmem: denial of service (rhbz 1111180 1118247)
+- CVE-2014-5045 vfs: refcount issues during lazy umount on symlink (rhbz 1122471 1122482)
+- Fix regression in sched_setparam (rhbz 1117942)
+- CVE-2014-3534 s390: ptrace: insufficient sanitization with psw mask (rhbz 1114089 1122612)
+- Fix ath3k bluetooth regression (rhbz 1121785)
+
 * Fri Jul 18 2014 Alexandre Oliva <lxoliva@fsfla.org> -libre
 - GNU Linux-libre 3.15.6-gnu.
 
diff --git a/freed-ora/current/f20/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch b/freed-ora/current/f20/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
new file mode 100644
index 000000000..73bad5276
--- /dev/null
+++ b/freed-ora/current/f20/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
@@ -0,0 +1,212 @@
+Bugzilla: 1123696
+Upstream-status: Queued for 3.16
+
+From patchwork Tue Jul 22 13:22:45 2014
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [net,v2] net: sctp: inherit auth_capable on INIT collisions
+From: Daniel Borkmann <dborkman@redhat.com>
+X-Patchwork-Id: 372475
+Message-Id: <1406035365-1154-1-git-send-email-dborkman@redhat.com>
+To: davem@davemloft.net
+Cc: jgunthorpe@obsidianresearch.com, netdev@vger.kernel.org,
+ linux-sctp@vger.kernel.org, Vlad Yasevich <vyasevich@gmail.com>
+Date: Tue, 22 Jul 2014 15:22:45 +0200
+
+Jason reported an oops caused by SCTP on his ARM machine with
+SCTP authentication enabled:
+
+Internal error: Oops: 17 [#1] ARM
+CPU: 0 PID: 104 Comm: sctp-test Not tainted 3.13.0-68744-g3632f30c9b20-dirty #1
+task: c6eefa40 ti: c6f52000 task.ti: c6f52000
+PC is at sctp_auth_calculate_hmac+0xc4/0x10c
+LR is at sg_init_table+0x20/0x38
+pc : [<c024bb80>]    lr : [<c00f32dc>]    psr: 40000013
+sp : c6f538e8  ip : 00000000  fp : c6f53924
+r10: c6f50d80  r9 : 00000000  r8 : 00010000
+r7 : 00000000  r6 : c7be4000  r5 : 00000000  r4 : c6f56254
+r3 : c00c8170  r2 : 00000001  r1 : 00000008  r0 : c6f1e660
+Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
+Control: 0005397f  Table: 06f28000  DAC: 00000015
+Process sctp-test (pid: 104, stack limit = 0xc6f521c0)
+Stack: (0xc6f538e8 to 0xc6f54000)
+[...]
+Backtrace:
+[<c024babc>] (sctp_auth_calculate_hmac+0x0/0x10c) from [<c0249af8>] (sctp_packet_transmit+0x33c/0x5c8)
+[<c02497bc>] (sctp_packet_transmit+0x0/0x5c8) from [<c023e96c>] (sctp_outq_flush+0x7fc/0x844)
+[<c023e170>] (sctp_outq_flush+0x0/0x844) from [<c023ef78>] (sctp_outq_uncork+0x24/0x28)
+[<c023ef54>] (sctp_outq_uncork+0x0/0x28) from [<c0234364>] (sctp_side_effects+0x1134/0x1220)
+[<c0233230>] (sctp_side_effects+0x0/0x1220) from [<c02330b0>] (sctp_do_sm+0xac/0xd4)
+[<c0233004>] (sctp_do_sm+0x0/0xd4) from [<c023675c>] (sctp_assoc_bh_rcv+0x118/0x160)
+[<c0236644>] (sctp_assoc_bh_rcv+0x0/0x160) from [<c023d5bc>] (sctp_inq_push+0x6c/0x74)
+[<c023d550>] (sctp_inq_push+0x0/0x74) from [<c024a6b0>] (sctp_rcv+0x7d8/0x888)
+
+While we already had various kind of bugs in that area
+ec0223ec48a9 ("net: sctp: fix sctp_sf_do_5_1D_ce to verify if
+we/peer is AUTH capable") and b14878ccb7fa ("net: sctp: cache
+auth_enable per endpoint"), this one is a bit of a different
+kind.
+
+Giving a bit more background on why SCTP authentication is
+needed can be found in RFC4895:
+
+  SCTP uses 32-bit verification tags to protect itself against
+  blind attackers. These values are not changed during the
+  lifetime of an SCTP association.
+
+  Looking at new SCTP extensions, there is the need to have a
+  method of proving that an SCTP chunk(s) was really sent by
+  the original peer that started the association and not by a
+  malicious attacker.
+
+To cause this bug, we're triggering an INIT collision between
+peers; normal SCTP handshake where both sides intent to
+authenticate packets contains RANDOM; CHUNKS; HMAC-ALGO
+parameters that are being negotiated among peers:
+
+  ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
+  <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
+  -------------------- COOKIE-ECHO -------------------->
+  <-------------------- COOKIE-ACK ---------------------
+
+RFC4895 says that each endpoint therefore knows its own random
+number and the peer's random number *after* the association
+has been established. The local and peer's random number along
+with the shared key are then part of the secret used for
+calculating the HMAC in the AUTH chunk.
+
+Now, in our scenario, we have 2 threads with 1 non-blocking
+SEQ_PACKET socket each, setting up common shared SCTP_AUTH_KEY
+and SCTP_AUTH_ACTIVE_KEY properly, and each of them calling
+sctp_bindx(3), listen(2) and connect(2) against each other,
+thus the handshake looks similar to this, e.g.:
+
+  ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
+  <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
+  <--------- INIT[RANDOM; CHUNKS; HMAC-ALGO] -----------
+  -------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] -------->
+  ...
+
+Since such collisions can also happen with verification tags,
+the RFC4895 for AUTH rather vaguely says under section 6.1:
+
+  In case of INIT collision, the rules governing the handling
+  of this Random Number follow the same pattern as those for
+  the Verification Tag, as explained in Section 5.2.4 of
+  RFC 2960 [5]. Therefore, each endpoint knows its own Random
+  Number and the peer's Random Number after the association
+  has been established.
+
+In RFC2960, section 5.2.4, we're eventually hitting Action B:
+
+  B) In this case, both sides may be attempting to start an
+     association at about the same time but the peer endpoint
+     started its INIT after responding to the local endpoint's
+     INIT. Thus it may have picked a new Verification Tag not
+     being aware of the previous Tag it had sent this endpoint.
+     The endpoint should stay in or enter the ESTABLISHED
+     state but it MUST update its peer's Verification Tag from
+     the State Cookie, stop any init or cookie timers that may
+     running and send a COOKIE ACK.
+
+In other words, the handling of the Random parameter is the
+same as behavior for the Verification Tag as described in
+Action B of section 5.2.4.
+
+Looking at the code, we exactly hit the sctp_sf_do_dupcook_b()
+case which triggers an SCTP_CMD_UPDATE_ASSOC command to the
+side effect interpreter, and in fact it properly copies over
+peer_{random, hmacs, chunks} parameters from the newly created
+association to update the existing one.
+
+Also, the old asoc_shared_key is being released and based on
+the new params, sctp_auth_asoc_init_active_key() updated.
+However, the issue observed in this case is that the previous
+asoc->peer.auth_capable was 0, and has *not* been updated, so
+that instead of creating a new secret, we're doing an early
+return from the function sctp_auth_asoc_init_active_key()
+leaving asoc->asoc_shared_key as NULL. However, we now have to
+authenticate chunks from the updated chunk list (e.g. COOKIE-ACK).
+
+That in fact causes the server side when responding with ...
+
+  <------------------ AUTH; COOKIE-ACK -----------------
+
+... to trigger a NULL pointer dereference, since in
+sctp_packet_transmit(), it discovers that an AUTH chunk is
+being queued for xmit, and thus it calls sctp_auth_calculate_hmac().
+
+Since the asoc->active_key_id is still inherited from the
+endpoint, and the same as encoded into the chunk, it uses
+asoc->asoc_shared_key, which is still NULL, as an asoc_key
+and dereferences it in ...
+
+  crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len)
+
+... causing an oops. All this happens because sctp_make_cookie_ack()
+called with the *new* association has the peer.auth_capable=1
+and therefore marks the chunk with auth=1 after checking
+sctp_auth_send_cid(), but it is *actually* sent later on over
+the then *updated* association's transport that didn't initialize
+its shared key due to peer.auth_capable=0. Since control chunks
+in that case are not sent by the temporary association which
+are scheduled for deletion, they are issued for xmit via
+SCTP_CMD_REPLY in the interpreter with the context of the
+*updated* association. peer.auth_capable was 0 in the updated
+association (which went from COOKIE_WAIT into ESTABLISHED state),
+since all previous processing that performed sctp_process_init()
+was being done on temporary associations, that we eventually
+throw away each time.
+
+The correct fix is to update to the new peer.auth_capable
+value as well in the collision case via sctp_assoc_update(),
+so that in case the collision migrated from 0 -> 1,
+sctp_auth_asoc_init_active_key() can properly recalculate
+the secret. This therefore fixes the observed server panic.
+
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+---
+ v1 -> v2, more notes:
+
+  I've only updated the commit description for now, this bug seems
+  clear to me that we would need to fix it; since RFC4895 mentions
+  it explicitly that on collisions, we need to *update* these params
+  accordingly as we would do so in RFC2960. So in other words, this
+  can be explained by having an *inconsistency* when doing the update
+  as auth_capable is *tightly coupled* with peer_random, peer_chunks,
+  peer_hmacs and eventually the asoc_shared_key creation.
+
+  For the rest, I went through the code and currently could not
+  find where we could oops if we don't have the others for now. It
+  needs more time and testing however. It's also not too clear from
+  RFC2960/RFC4960 what needs to be carried over in addition: so we
+  know "The endpoint should stay in or enter the ESTABLISHED state
+  but it MUST update its peer's Verification Tag from the State
+  Cookie, stop any init or cookie timers that may running and send
+  a COOKIE ACK." and we know that we need to update all AUTH related
+  members, which we do *now*.
+
+  In addition, we also need to fix AUTH + COOKIE_ECHO collisions,
+  as they currently cannot be resolved properly into a handshake.
+
+ net/sctp/associola.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index 9de23a2..06a9ee6 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+ 	asoc->c = new->c;
+ 	asoc->peer.rwnd = new->peer.rwnd;
+ 	asoc->peer.sack_needed = new->peer.sack_needed;
++	asoc->peer.auth_capable = new->peer.auth_capable;
+ 	asoc->peer.i = new->peer.i;
+ 	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+ 			 asoc->peer.i.initial_tsn, GFP_ATOMIC);
diff --git a/freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch b/freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch
new file mode 100644
index 000000000..9d5484049
--- /dev/null
+++ b/freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch
@@ -0,0 +1,59 @@
+Bugzilla: 1122612
+Upstream-status: 3.16 and CC'd to stable
+
+From dab6cf55f81a6e16b8147aed9a843e1691dcd318 Mon Sep 17 00:00:00 2001
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Date: Mon, 23 Jun 2014 15:29:40 +0200
+Subject: [PATCH] s390/ptrace: fix PSW mask check
+
+The PSW mask check of the PTRACE_POKEUSR_AREA command is incorrect.
+The PSW_MASK_USER define contains the PSW_MASK_ASC bits, the ptrace
+interface accepts all combinations for the address-space-control
+bits. To protect the kernel space the PSW mask check in ptrace needs
+to reject the address-space-control bit combination for home space.
+
+Fixes CVE-2014-3534
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+---
+ arch/s390/kernel/ptrace.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
+index 2d716734b5b1..5dc7ad9e2fbf 100644
+--- a/arch/s390/kernel/ptrace.c
++++ b/arch/s390/kernel/ptrace.c
+@@ -334,9 +334,14 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data)
+ 			unsigned long mask = PSW_MASK_USER;
+ 
+ 			mask |= is_ri_task(child) ? PSW_MASK_RI : 0;
+-			if ((data & ~mask) != PSW_USER_BITS)
++			if ((data ^ PSW_USER_BITS) & ~mask)
++				/* Invalid psw mask. */
++				return -EINVAL;
++			if ((data & PSW_MASK_ASC) == PSW_ASC_HOME)
++				/* Invalid address-space-control bits */
+ 				return -EINVAL;
+ 			if ((data & PSW_MASK_EA) && !(data & PSW_MASK_BA))
++				/* Invalid addressing mode bits */
+ 				return -EINVAL;
+ 		}
+ 		*(addr_t *)((addr_t) &task_pt_regs(child)->psw + addr) = data;
+@@ -672,9 +677,12 @@ static int __poke_user_compat(struct task_struct *child,
+ 
+ 			mask |= is_ri_task(child) ? PSW32_MASK_RI : 0;
+ 			/* Build a 64 bit psw mask from 31 bit mask. */
+-			if ((tmp & ~mask) != PSW32_USER_BITS)
++			if ((tmp ^ PSW32_USER_BITS) & ~mask)
+ 				/* Invalid psw mask. */
+ 				return -EINVAL;
++			if ((data & PSW32_MASK_ASC) == PSW32_ASC_HOME)
++				/* Invalid address-space-control bits */
++				return -EINVAL;
+ 			regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) |
+ 				(regs->psw.mask & PSW_MASK_BA) |
+ 				(__u64)(tmp & mask) << 32;
+-- 
+1.9.3
+
diff --git a/freed-ora/current/f20/sched-fix-sched_setparam-policy-1-logic.patch b/freed-ora/current/f20/sched-fix-sched_setparam-policy-1-logic.patch
new file mode 100644
index 000000000..060e0dcef
--- /dev/null
+++ b/freed-ora/current/f20/sched-fix-sched_setparam-policy-1-logic.patch
@@ -0,0 +1,68 @@
+Bugzilla: 1117942
+Upstream-status: Sent for 3.16 and seen by peterz
+
+The scheduler uses policy=-1 to preserve the current policy state to
+implement sched_setparam(). But, as (int) -1 is equals to 0xffffffff,
+it's matching the if (policy & SCHED_RESET_ON_FORK) on
+_sched_setscheduler(). This match changes the policy value to an
+invalid value, breaking the sched_setparam() syscall.
+
+This patch checks policy=-1 before check the SCHED_RESET_ON_FORK flag.
+
+The following program shows the bug:
+
+int main(void)
+{
+	struct sched_param param = {
+		.sched_priority = 5,
+	};
+
+	sched_setscheduler(0, SCHED_FIFO, &param);
+	param.sched_priority = 1;
+	sched_setparam(0, &param);
+	param.sched_priority = 0;
+	sched_getparam(0, &param);
+	if (param.sched_priority != 1)
+		printf("failed priority setting (found %d instead of 1)\n",
+			param.sched_priority);
+	else
+		printf("priority setting fine\n");
+}
+
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org # 3.14+
+Fixes: 7479f3c9cf67 "sched: Move SCHED_RESET_ON_FORK into attr::sched_flags"
+Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Daniel Bristot de Oliveira <bristot@redhat.com>
+
+---
+ kernel/sched/core.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index bc1638b..0acf96b 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -3558,9 +3558,10 @@ static int _sched_setscheduler(struct task_struct *p, int policy,
+ 	};
+ 
+ 	/*
+-	 * Fixup the legacy SCHED_RESET_ON_FORK hack
++	 * Fixup the legacy SCHED_RESET_ON_FORK hack, except if
++	 * the policy=-1 was passed by sched_setparam().
+ 	 */
+-	if (policy & SCHED_RESET_ON_FORK) {
++	if ((policy != -1) && (policy & SCHED_RESET_ON_FORK)) {
+ 		attr.sched_flags |= SCHED_FLAG_RESET_ON_FORK;
+ 		policy &= ~SCHED_RESET_ON_FORK;
+ 		attr.sched_policy = policy;
+-- 
+1.9.3
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+Please read the FAQ at  http://www.tux.org/lkml/
diff --git a/freed-ora/current/f20/sources b/freed-ora/current/f20/sources
index 7791bde7c..233478d7c 100644
--- a/freed-ora/current/f20/sources
+++ b/freed-ora/current/f20/sources
@@ -1,2 +1,2 @@
 3e6ef6e8e5153050cbc0ecd305cb2cb9  linux-libre-3.15-gnu.tar.xz
-25e4c27b4aff5e14dc4b3dc0029fd05d  patch-3.15.6.xz
+2f09ab9d30dfe6d59469990a46d20cc4  patch-3.15.7.xz