linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 4.8 000/140] 4.8.5-stable review
@ 2016-10-26 12:21 ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 001/140] gpio: mpc8xxx: Correct irq handler function Greg Kroah-Hartman
                     ` (134 more replies)
  0 siblings, 135 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah.kh, patches,
	ben.hutchings, stable

This is the start of the stable review cycle for the 4.8.5 release.
There are 140 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Fri Oct 28 12:21:58 UTC 2016.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.8.5-rc1.gz
or in the git tree and branch at:
  git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.8.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.8.5-rc1

Nicholas Bellinger <nab@linux-iscsi.org>
    Revert "target: Fix residual overflow handling in target_complete_cmd_with_length"

Dinesh Israni <ddi@datera.io>
    target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code

Nicholas Bellinger <nab@linux-iscsi.org>
    target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE

Nicholas Bellinger <nab@linux-iscsi.org>
    target: Re-add missing SCF_ACK_KREF assignment in v4.1.y

Hannes Reinecke <hare@suse.de>
    target/tcm_fc: use CPU affinity for responses

Richard Weinberger <richard@nod.at>
    ubifs: Abort readdir upon error

Richard Weinberger <richard@nod.at>
    ubifs: Fix xattr_names length in exit paths

Taesoo Kim <tsgatesv@gmail.com>
    jbd2: fix incorrect unlock on j_list_lock

Eric Biggers <ebiggers@google.com>
    ext4: do not advertise encryption support when disabled

Eric Biggers <ebiggers@google.com>
    fscrypto: lock inode while setting encryption policy

Eric Biggers <ebiggers@google.com>
    fscrypto: make XTS tweak initialization endian-independent

Christian Borntraeger <borntraeger@de.ibm.com>
    KVM: s390: reject invalid modes for runtime instrumentation

Ulf Hansson <ulf.hansson@linaro.org>
    mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led

Ulf Hansson <ulf.hansson@linaro.org>
    mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused

Shawn Lin <shawn.lin@rock-chips.com>
    mmc: core: switch to 1V8 or 1V2 for hs400es mode

Jiri Slaby <jslaby@suse.cz>
    mmc: core: Annotate cmd_hdr as __le32

Frederic Barrat <fbarrat@linux.vnet.ibm.com>
    powerpc/mm: Prevent unlikely crash in copro_calculate_slb()

Nikolay Borisov <kernel@kyup.com>
    ceph: fix error handling in ceph_read_iter

Will Deacon <will.deacon@arm.com>
    arm64: KVM: Take S1 walks into account when determining S2 write faults

Andre Przywara <andre.przywara@arm.com>
    arm64: Cortex-A53 errata workaround: check for kernel addresses

Marc Zyngier <marc.zyngier@arm.com>
    arm64: kernel: Init MDCR_EL2 even in the absence of a PMU

Will Deacon <will.deacon@arm.com>
    arm64: percpu: rewrite ll/sc loops in assembly

Ard Biesheuvel <ard.biesheuvel@linaro.org>
    arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y

Will Deacon <will.deacon@arm.com>
    arm64: swp emulation: bound LL/SC retries before rescheduling

Ulf Hansson <ulf.hansson@linaro.org>
    memstick: rtsx_usb_ms: Manage runtime PM when accessing the device

Alan Stern <stern@rowland.harvard.edu>
    memstick: rtsx_usb_ms: Runtime resume the device when polling for cards

Jan Kara <jack@suse.cz>
    isofs: Do not return EACCES for unknown filesystems

Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
    cxl: Prevent adapter reset if an active context exists

Vladimir Murzin <vladimir.murzin@arm.com>
    irqchip/gic-v3-its: Fix entry size mask for GITS_BASER

Noam Camus <noamca@mellanox.com>
    irqchip/eznps: Acknowledge NPS_IPI before calling the handler

Dan Carpenter <dan.carpenter@oracle.com>
    irqchip/gicv3: Handle loop timeout proper

Peter Zijlstra <peterz@infradead.org>
    sched/fair: Fix min_vruntime tracking

Vincent Guittot <vincent.guittot@linaro.org>
    sched/fair: Fix incorrect task group ->load_avg

Ville Syrjälä <ville.syrjala@linux.intel.com>
    pinctrl: baytrail: Fix lockdep

Mika Westerberg <mika.westerberg@linux.intel.com>
    pinctrl: intel: Only restore pins that are used by the driver

Ville Syrjälä <ville.syrjala@linux.intel.com>
    x86/boot/smp: Don't try to poke disabled/non-existent APIC

Alex Thorlton <athorlton@sgi.com>
    x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates

Jiri Slaby <jslaby@suse.cz>
    kvm: x86: memset whole irq_eoi

Dan Williams <dan.j.williams@intel.com>
    x86/e820: Don't merge consecutive E820_PRAM ranges

Bart Van Assche <bart.vanassche@sandisk.com>
    blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL

Sachin Prabhu <sprabhu@redhat.com>
    Fix regression which breaks DFS mounting

Steve French <smfrench@gmail.com>
    Cleanup missing frees on some ioctls

Steve French <smfrench@gmail.com>
    Do not send SMB3 SET_INFO request if nothing is changing

Steve French <smfrench@gmail.com>
    SMB3: GUIDs should be constructed as random but valid uuids

Steve French <smfrench@gmail.com>
    Set previous session id correctly on SMB3 reconnect

Steve French <smfrench@gmail.com>
    Display number of credits available

Steve French <smfrench@gmail.com>
    Clarify locking of cifs file and tcon structures and make more granular

Aurelien Aptel <aaptel@suse.com>
    fs/cifs: keep guid when assigning fid to fileinfo

Ross Lagerwall <ross.lagerwall@citrix.com>
    cifs: Limit the overall credit acquired

Oleg Nesterov <oleg@redhat.com>
    fs/super.c: fix race between freeze_super() and thaw_super()

Al Viro <viro@zeniv.linux.org.uk>
    arc: don't leak bits of kernel stack into coredump

Vladimir Murzin <vladimir.murzin@arm.com>
    arm64: KVM: VHE: reset PSTATE.PAN on entry to EL2

Christophe Leroy <christophe.leroy@c-s.fr>
    soc/fsl/qe: fix Oops on CPM1 (and likely CPM2)

Christophe Leroy <christophe.leroy@c-s.fr>
    soc/fsl/qe: fix gpio save_regs functions

Guenter Roeck <linux@roeck-us.net>
    metag: Only define atomic_dec_if_positive conditionally

Guenter Roeck <linux@roeck-us.net>
    watchdog: mt7621_wdt: Remove assignment of dev pointer

Matt Redfearn <matt.redfearn@imgtec.com>
    watchdog: rt2880_wdt: Remove assignment of dev pointer

Ming Lei <tom.leiming@gmail.com>
    scsi: Fix use-after-free

Benjamin Coddington <bcodding@redhat.com>
    pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary

Jeff Layton <jlayton@poochiereds.net>
    NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic

Trond Myklebust <trond.myklebust@primarydata.com>
    NFSv4: Open state recovery must account for file permission changes

Trond Myklebust <trond.myklebust@primarydata.com>
    NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid

Trond Myklebust <trond.myklebust@primarydata.com>
    NFSv4: Don't report revoked delegations as valid in nfs_have_delegation()

Trond Myklebust <trond.myklebust@primarydata.com>
    NFS: Fix inode corruption in nfs_prime_dcache()

Vasily Averin <vvs@virtuozzo.com>
    NFSD: fix corruption in notifier registration

David Vrabel <david.vrabel@citrix.com>
    sunrpc: fix write space race causing stalls

Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled

Matti Kurkela <Matti.Kurkela@iki.fi>
    Input: elantech - force needed quirks on Fujitsu H760

Marcos Paulo de Souza <marcos.souza.org@gmail.com>
    Input: i8042 - skip selftest on ASUS laptops

Marcin Nowakowski <marcin.nowakowski@imgtec.com>
    MIPS: ptrace: Fix regs_return_value for kernel context

James Hogan <james.hogan@imgtec.com>
    MIPS: Fix -mabi=64 build of vdso.lds

Hui Wang <hui.wang@canonical.com>
    ALSA: hda - Fix a failure of micmute led when having multi adcs

Mauro Carvalho Chehab <mchehab@kernel.org>
    cx231xx: can't proceed if I2C bus register fails

Mauro Carvalho Chehab <mchehab@kernel.org>
    cx231xx: fix GPIOs for Pixelview SBTVD hybrid

Mauro Carvalho Chehab <mchehab@kernel.org>
    cx231xx: don't return error on success

Mauro Carvalho Chehab <mchehab@kernel.org>
    mb86a20s: fix demod settings

Mauro Carvalho Chehab <mchehab@kernel.org>
    mb86a20s: fix the locking logic

Miklos Szeredi <mszeredi@redhat.com>
    ovl: copy_up_xattr(): use strnlen

Richard Weinberger <richard@nod.at>
    ovl: Fix info leak in ovl_lookup_temp()

Max Staudt <mstaudt@suse.de>
    fbdev/efifb: Fix 16 color palette entry calculation

Dan Carpenter <dan.carpenter@oracle.com>
    scsi: zfcp: spin_lock_irqsave() is not nestable

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: trace full payload of all SAN records (req,resp,iels)

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: fix payload trace length for SAN request&response

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: fix D_ID field with actual value on tracing SAN responses

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: restore tracing of handle for port and LUN with HBA records

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: trace on request for open and close of WKA port

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: retain trace level for SCSI and HBA FSF response records

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: close window with unblocked rport during rport gone

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: fix ELS/GS request&response length for hardware data router

Steffen Maier <maier@linux.vnet.ibm.com>
    zfcp: fix fc_host port_type with NPIV

Richard Weinberger <richard@nod.at>
    ubi: Deal with interrupted erasures in WL

Steve Wise <swise@opengridcomputing.com>
    IB/core: correctly handle rdma_rw_init_mrs() failure

Bart Van Assche <bart.vanassche@sandisk.com>
    IB/srp: Fix infinite loop when FMR sg[0].offset != 0

Michael Ellerman <mpe@ellerman.id.au>
    powerpc/mm/hash64: Fix might_have_hea() check

Laurent Dufour <ldufour@linux.vnet.ibm.com>
    powerpc/pseries: Fix stack corruption in htpe code

Paul Mackerras <paulus@ozlabs.org>
    powerpc/64: Fix incorrect return value from __copy_tofrom_user

Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
    powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K

Gavin Shan <gwshan@linux.vnet.ibm.com>
    powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()

Gavin Shan <gwshan@linux.vnet.ibm.com>
    powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag()

Russell Currey <ruscur@russell.cc>
    powerpc/eeh: Null check uses of eeh_pe_bus_get

Gavin Shan <gwshan@linux.vnet.ibm.com>
    powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear()

Anton Blanchard <anton@samba.org>
    powerpc/vdso64: Use double word compare on pointers

Michael Ellerman <mpe@ellerman.id.au>
    powerpc/xmon: Don't use ld on 32-bit

Rabin Vincent <rabinv@axis.com>
    dm crypt: fix crash on exit

Mike Snitzer <snitzer@redhat.com>
    dm mpath: check if path's request_queue is dying in activate_path()

Mike Snitzer <snitzer@redhat.com>
    dm rq: take request_queue lock while clearing QUEUE_FLAG_STOPPED

Minfei Huang <mnghuan@gmail.com>
    dm: return correct error code in dm_resume()'s retry loop

Bart Van Assche <bart.vanassche@sandisk.com>
    dm: mark request_queue dead before destroying the DM device

Adrian Hunter <adrian.hunter@intel.com>
    perf intel-pt: Fix MTC timestamp calculation for large MTC periods

Adrian Hunter <adrian.hunter@intel.com>
    perf intel-pt: Fix estimated timestamps for cycle-accurate mode

Adrian Hunter <adrian.hunter@intel.com>
    perf intel-pt: Fix snapshot overlap detection decoder errors

Andrew Bresticker <abrestic@chromium.org>
    pstore/ram: Use memcpy_fromio() to save old buffer

Furquan Shaikh <furquan@google.com>
    pstore/ram: Use memcpy_toio instead of memcpy

Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    pstore/core: drop cmpxchg based updates

Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    pstore/ramoops: fixup driver removal

Helge Deller <deller@gmx.de>
    parisc: Increase initial kernel mapping size

Helge Deller <deller@gmx.de>
    parisc: Fix kernel memory layout regarding position of __gp

Helge Deller <deller@gmx.de>
    parisc: Fix self-detected CPU stall warnings on Mako machines

Helge Deller <deller@gmx.de>
    parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels

Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
    cpufreq: fix overflow in cpufreq_table_find_index_dl()

Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
    cpufreq: intel_pstate: Fix unsafe HWP MSR access

Aaro Koskinen <aaro.koskinen@iki.fi>
    cpufreq: skip invalid entries when searching the frequency

Rafael J. Wysocki <rafael.j.wysocki@intel.com>
    cpufreq: conservative: Fix next frequency selection

Dave Gerlach <d-gerlach@ti.com>
    cpufreq: ti: Use generic platdev driver

Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
    platform: don't return 0 from platform_get_irq[_byname]() on error

Bjorn Helgaas <bhelgaas@google.com>
    PCI: tegra: Fix argument order in tegra_pcie_phy_disable()

Maik Broemme <mbroemme@libmpq.org>
    PCI: Mark Atheros AR9580 to avoid bus reset

Haibo Chen <haibo.chen@nxp.com>
    mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error

Daniel Glöckner <dg@emlix.com>
    mmc: block: don't use CMD23 with very old MMC cards

Larry Finger <Larry.Finger@lwfinger.net>
    rtlwifi: Fix missing country code for Great Britain

Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
    ath10k: fix copy engine 5 destination ring stuck

Lin Huang <hl@rock-chips.com>
    PM / devfreq: event: remove duplicate devfreq_event_get_drvdata()

Geert Uytterhoeven <geert+renesas@glider.be>
    spi: spidev_test: Fix buffer overflow in unescape()

Lucas Stach <l.stach@pengutronix.de>
    clk: imx6: fix i.MX6DL clock tree to reflect reality

Lucas Stach <l.stach@pengutronix.de>
    clk: imx6: initialize GPU clocks

Jan Remmet <j.remmet@phytec.de>
    regulator: tps65910: Work around silicon erratum SWCZ010

Alexander Usyskin <alexander.usyskin@intel.com>
    mei: me: add kaby point device ids

Tomas Winkler <tomas.winkler@intel.com>
    mei: fix return value on disconnection

Liu Gang <Gang.Liu@nxp.com>
    gpio: mpc8xxx: Correct irq handler function


-------------

Diffstat:

 Documentation/ABI/testing/sysfs-class-cxl          |   7 +-
 Documentation/kernel-parameters.txt                |   9 +-
 Makefile                                           |   4 +-
 arch/arc/kernel/signal.c                           |   8 +-
 arch/arm64/include/asm/kvm_emulate.h               |  11 +-
 arch/arm64/include/asm/module.h                    |   5 +
 arch/arm64/include/asm/percpu.h                    | 120 +++++++--------
 arch/arm64/include/asm/uaccess.h                   |   8 +
 arch/arm64/kernel/armv8_deprecated.c               |  36 +++--
 arch/arm64/kernel/head.S                           |   3 +-
 arch/arm64/kernel/traps.c                          |  27 ++--
 arch/arm64/kvm/hyp/entry.S                         |   2 +
 arch/metag/include/asm/atomic.h                    |   3 +-
 arch/mips/include/asm/ptrace.h                     |   2 +-
 arch/mips/vdso/Makefile                            |   2 +-
 arch/parisc/include/asm/pgtable.h                  |   6 +-
 arch/parisc/kernel/setup.c                         |   8 +
 arch/parisc/kernel/time.c                          |   6 -
 arch/parisc/kernel/vmlinux.lds.S                   |   7 +-
 arch/powerpc/Kconfig                               |   2 +-
 arch/powerpc/kernel/eeh_driver.c                   |   8 +
 arch/powerpc/kernel/vdso64/datapage.S              |   2 +-
 arch/powerpc/kernel/vdso64/gettimeofday.S          |   2 +-
 arch/powerpc/lib/copyuser_64.S                     |   2 +-
 arch/powerpc/mm/copro_fault.c                      |   2 +
 arch/powerpc/mm/hash_utils_64.c                    |   2 +-
 arch/powerpc/platforms/powernv/eeh-powernv.c       |   9 +-
 arch/powerpc/platforms/powernv/pci.c               |   4 +-
 arch/powerpc/platforms/pseries/lpar.c              |   4 +-
 arch/powerpc/sysdev/cpm1.c                         |   2 -
 arch/powerpc/sysdev/cpm2.c                         |   4 -
 arch/powerpc/sysdev/cpm_common.c                   |  15 ++
 arch/powerpc/xmon/spr_access.S                     |   4 +-
 arch/s390/kvm/intercept.c                          |   9 +-
 arch/x86/kernel/e820.c                             |   2 +-
 arch/x86/kernel/smpboot.c                          |  16 +-
 arch/x86/kvm/ioapic.c                              |   2 +-
 arch/x86/platform/uv/bios_uv.c                     |  10 +-
 block/blk-cgroup.c                                 |   4 +-
 drivers/base/platform.c                            |   4 +-
 drivers/clk/imx/clk-imx6q.c                        |  46 ++++--
 drivers/cpufreq/cpufreq-dt-platdev.c               |   2 +
 drivers/cpufreq/cpufreq_conservative.c             |  19 ++-
 drivers/cpufreq/intel_pstate.c                     |  10 +-
 drivers/gpio/gpio-mpc8xxx.c                        |   2 +-
 drivers/infiniband/core/verbs.c                    |   2 +-
 drivers/infiniband/ulp/srp/ib_srp.c                |   8 +-
 drivers/input/mouse/elantech.c                     |  25 +++-
 drivers/input/serio/i8042-io.h                     |   2 +-
 drivers/input/serio/i8042-ip22io.h                 |   2 +-
 drivers/input/serio/i8042-ppcio.h                  |   2 +-
 drivers/input/serio/i8042-sparcio.h                |   2 +-
 drivers/input/serio/i8042-unicore32io.h            |   2 +-
 drivers/input/serio/i8042-x86ia64io.h              |  96 +++++++++++-
 drivers/input/serio/i8042.c                        |  55 +++++--
 drivers/irqchip/irq-eznps.c                        |   4 +-
 drivers/irqchip/irq-gic-v3.c                       |   2 +-
 drivers/md/dm-crypt.c                              |  24 ++-
 drivers/md/dm-mpath.c                              |   6 +-
 drivers/md/dm-rq.c                                 |  19 ++-
 drivers/md/dm.c                                    |  10 +-
 drivers/media/dvb-frontends/mb86a20s.c             | 104 ++++++-------
 drivers/media/usb/cx231xx/cx231xx-avcore.c         |   5 +-
 drivers/media/usb/cx231xx/cx231xx-cards.c          |   2 +-
 drivers/media/usb/cx231xx/cx231xx-core.c           |  27 +++-
 drivers/memstick/host/rtsx_usb_ms.c                |   6 +
 drivers/misc/cxl/api.c                             |   9 ++
 drivers/misc/cxl/context.c                         |   3 +
 drivers/misc/cxl/cxl.h                             |  24 +++
 drivers/misc/cxl/file.c                            |  11 ++
 drivers/misc/cxl/guest.c                           |   3 +
 drivers/misc/cxl/main.c                            |  42 +++++-
 drivers/misc/cxl/pci.c                             |   2 +
 drivers/misc/cxl/sysfs.c                           |  27 +++-
 drivers/misc/mei/amthif.c                          |   2 +-
 drivers/misc/mei/bus.c                             |   2 +-
 drivers/misc/mei/hw-me-regs.h                      |   3 +
 drivers/misc/mei/main.c                            |   2 +-
 drivers/misc/mei/pci-me.c                          |   3 +
 drivers/mmc/card/block.c                           |   5 +-
 drivers/mmc/card/queue.h                           |   2 +-
 drivers/mmc/core/mmc.c                             |  10 ++
 drivers/mmc/host/rtsx_usb_sdmmc.c                  |   7 +-
 drivers/mmc/host/sdhci.c                           |   2 +-
 drivers/mtd/ubi/wl.c                               |  21 ++-
 drivers/net/wireless/ath/ath10k/ce.c               |   7 +
 drivers/net/wireless/realtek/rtlwifi/regd.c        |   4 +-
 drivers/pci/host/pci-tegra.c                       |   2 +-
 drivers/pci/quirks.c                               |   1 +
 drivers/pinctrl/intel/pinctrl-baytrail.c           |   3 +-
 drivers/pinctrl/intel/pinctrl-intel.c              |  25 +++-
 drivers/regulator/tps65910-regulator.c             |   6 +
 drivers/s390/scsi/zfcp_dbf.c                       | 162 ++++++++++++++++++---
 drivers/s390/scsi/zfcp_dbf.h                       |  14 +-
 drivers/s390/scsi/zfcp_erp.c                       |  12 +-
 drivers/s390/scsi/zfcp_ext.h                       |   8 +-
 drivers/s390/scsi/zfcp_fsf.c                       |  22 ++-
 drivers/s390/scsi/zfcp_fsf.h                       |   4 +-
 drivers/s390/scsi/zfcp_scsi.c                      |   8 +-
 drivers/scsi/scsi_scan.c                           |   2 +-
 drivers/soc/fsl/qe/gpio.c                          |   3 +-
 drivers/soc/fsl/qe/qe_common.c                     |   8 +
 drivers/target/target_core_transport.c             |  27 ++--
 drivers/target/target_core_xcopy.c                 |  34 ++++-
 drivers/target/tcm_fc/tfc_cmd.c                    |   2 +-
 drivers/video/fbdev/efifb.c                        |   6 +-
 drivers/watchdog/mt7621_wdt.c                      |   1 -
 drivers/watchdog/rt2880_wdt.c                      |   1 -
 fs/ceph/file.c                                     |   3 +-
 fs/cifs/cifs_debug.c                               |   1 +
 fs/cifs/cifsfs.c                                   |   3 +-
 fs/cifs/cifsglob.h                                 |  30 ++--
 fs/cifs/cifssmb.c                                  |   4 +-
 fs/cifs/connect.c                                  |  16 +-
 fs/cifs/file.c                                     |  66 +++++----
 fs/cifs/misc.c                                     |  15 +-
 fs/cifs/readdir.c                                  |   6 +-
 fs/cifs/smb2glob.h                                 |  10 ++
 fs/cifs/smb2inode.c                                |   6 +
 fs/cifs/smb2misc.c                                 |  16 +-
 fs/cifs/smb2ops.c                                  |  12 +-
 fs/cifs/smb2pdu.c                                  |  25 +++-
 fs/cifs/smb2pdu.h                                  |   2 +-
 fs/crypto/crypto.c                                 |  15 +-
 fs/crypto/policy.c                                 |   4 +
 fs/ext4/sysfs.c                                    |   4 +
 fs/isofs/inode.c                                   |   8 +-
 fs/jbd2/transaction.c                              |   3 +-
 fs/nfs/blocklayout/blocklayout.c                   |   3 +-
 fs/nfs/delegation.c                                |  16 +-
 fs/nfs/dir.c                                       |  16 +-
 fs/nfs/nfs42proc.c                                 |   1 +
 fs/nfs/nfs4state.c                                 |   3 +
 fs/nfsd/nfssvc.c                                   |  18 ++-
 fs/overlayfs/copy_up.c                             |  12 +-
 fs/overlayfs/dir.c                                 |   5 +-
 fs/pstore/ram.c                                    |  17 ++-
 fs/pstore/ram_core.c                               |  49 +------
 fs/super.c                                         |   6 +-
 fs/ubifs/dir.c                                     |   8 +-
 fs/ubifs/xattr.c                                   |   2 +
 include/dt-bindings/clock/imx6qdl-clock.h          |   4 +-
 include/linux/cpufreq.h                            | 104 ++++++-------
 include/linux/devfreq-event.h                      |   5 -
 include/linux/irqchip/arm-gic-v3.h                 |   2 +-
 include/target/target_core_base.h                  |   1 +
 kernel/sched/fair.c                                |  38 ++++-
 net/sunrpc/xprtsock.c                              |  11 +-
 sound/pci/hda/dell_wmi_helper.c                    |   2 +-
 sound/pci/hda/thinkpad_helper.c                    |   2 +-
 .../perf/util/intel-pt-decoder/intel-pt-decoder.c  |  38 +++++
 tools/perf/util/intel-pt.c                         |  15 +-
 tools/spi/spidev_test.c                            |   2 +-
 153 files changed, 1420 insertions(+), 618 deletions(-)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 001/140] gpio: mpc8xxx: Correct irq handler function
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 002/140] mei: fix return value on disconnection Greg Kroah-Hartman
                     ` (133 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liu Gang, Linus Walleij

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Liu Gang <Gang.Liu@nxp.com>

commit d71cf15b865bdd45925f7b094d169aaabd705145 upstream.

>From the beginning of the gpio-mpc8xxx.c, the "handle_level_irq"
has being used to handle GPIO interrupts in the PowerPC/Layerscape
platforms. But actually, almost all PowerPC/Layerscape platforms
assert an interrupt request upon either a high-to-low change or
any change on the state of the signal.

So the "handle_level_irq" is not reasonable for PowerPC/Layerscape
GPIO interrupt, it should be "handle_edge_irq". Otherwise the system
may lost some interrupts from the PIN's state changes.

Signed-off-by: Liu Gang <Gang.Liu@nxp.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpio/gpio-mpc8xxx.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpio/gpio-mpc8xxx.c
+++ b/drivers/gpio/gpio-mpc8xxx.c
@@ -239,7 +239,7 @@ static int mpc8xxx_gpio_irq_map(struct i
 				irq_hw_number_t hwirq)
 {
 	irq_set_chip_data(irq, h->host_data);
-	irq_set_chip_and_handler(irq, &mpc8xxx_irq_chip, handle_level_irq);
+	irq_set_chip_and_handler(irq, &mpc8xxx_irq_chip, handle_edge_irq);
 
 	return 0;
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 002/140] mei: fix return value on disconnection
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 001/140] gpio: mpc8xxx: Correct irq handler function Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 003/140] mei: me: add kaby point device ids Greg Kroah-Hartman
                     ` (132 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tomas Winkler, Alexander Usyskin

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tomas Winkler <tomas.winkler@intel.com>

commit 2d4d5481e2d6f93b25fcfb13a9f20bbfbf54266a upstream.

Correct errno on client disconnection is -ENODEV not -EBUSY

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/misc/mei/amthif.c |    2 +-
 drivers/misc/mei/bus.c    |    2 +-
 drivers/misc/mei/main.c   |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/misc/mei/amthif.c
+++ b/drivers/misc/mei/amthif.c
@@ -139,7 +139,7 @@ int mei_amthif_read(struct mei_device *d
 			return -ERESTARTSYS;
 
 		if (!mei_cl_is_connected(cl)) {
-			rets = -EBUSY;
+			rets = -ENODEV;
 			goto out;
 		}
 
--- a/drivers/misc/mei/bus.c
+++ b/drivers/misc/mei/bus.c
@@ -142,7 +142,7 @@ ssize_t __mei_cl_recv(struct mei_cl *cl,
 		mutex_lock(&bus->device_lock);
 
 		if (!mei_cl_is_connected(cl)) {
-			rets = -EBUSY;
+			rets = -ENODEV;
 			goto out;
 		}
 	}
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -202,7 +202,7 @@ static ssize_t mei_read(struct file *fil
 
 		mutex_lock(&dev->device_lock);
 		if (!mei_cl_is_connected(cl)) {
-			rets = -EBUSY;
+			rets = -ENODEV;
 			goto out;
 		}
 	}

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 003/140] mei: me: add kaby point device ids
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 001/140] gpio: mpc8xxx: Correct irq handler function Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 002/140] mei: fix return value on disconnection Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 004/140] regulator: tps65910: Work around silicon erratum SWCZ010 Greg Kroah-Hartman
                     ` (131 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Usyskin, Tomas Winkler

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alexander Usyskin <alexander.usyskin@intel.com>

commit ac182e8abc6f93c1c4cc12f042af64c9d7be0d1e upstream.

Add device ids for Intel Kabypoint PCH (Kabylake)

Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/misc/mei/hw-me-regs.h |    3 +++
 drivers/misc/mei/pci-me.c     |    3 +++
 2 files changed, 6 insertions(+)

--- a/drivers/misc/mei/hw-me-regs.h
+++ b/drivers/misc/mei/hw-me-regs.h
@@ -125,6 +125,9 @@
 #define MEI_DEV_ID_BXT_M      0x1A9A  /* Broxton M */
 #define MEI_DEV_ID_APL_I      0x5A9A  /* Apollo Lake I */
 
+#define MEI_DEV_ID_KBP        0xA2BA  /* Kaby Point */
+#define MEI_DEV_ID_KBP_2      0xA2BB  /* Kaby Point 2 */
+
 /*
  * MEI HW Section
  */
--- a/drivers/misc/mei/pci-me.c
+++ b/drivers/misc/mei/pci-me.c
@@ -91,6 +91,9 @@ static const struct pci_device_id mei_me
 	{MEI_PCI_DEVICE(MEI_DEV_ID_BXT_M, mei_me_pch8_cfg)},
 	{MEI_PCI_DEVICE(MEI_DEV_ID_APL_I, mei_me_pch8_cfg)},
 
+	{MEI_PCI_DEVICE(MEI_DEV_ID_KBP, mei_me_pch8_cfg)},
+	{MEI_PCI_DEVICE(MEI_DEV_ID_KBP_2, mei_me_pch8_cfg)},
+
 	/* required last entry */
 	{0, }
 };

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 004/140] regulator: tps65910: Work around silicon erratum SWCZ010
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (2 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 003/140] mei: me: add kaby point device ids Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 005/140] clk: imx6: initialize GPU clocks Greg Kroah-Hartman
                     ` (130 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Remmet, Mark Brown

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Remmet <j.remmet@phytec.de>

commit 8f9165c981fed187bb483de84caf9adf835aefda upstream.

http://www.ti.com/lit/pdf/SWCZ010:
  DCDC o/p voltage can go higher than programmed value

Impact:
VDDI, VDD2, and VIO output programmed voltage level can go higher than
expected or crash, when coming out of PFM to PWM mode or using DVFS.

Description:
When DCDC CLK SYNC bits are 11/01:
* VIO 3-MHz oscillator is the source clock of the digital core and input
  clock of VDD1 and VDD2
* Turn-on of VDD1 and VDD2 HSD PFETis synchronized or at a constant
  phase shift
* Current pulled though VCC1+VCC2 is Iload(VDD1) + Iload(VDD2)
* The 3 HSD PFET will be turned-on at the same time, causing the highest
  possible switching noise on the application. This noise level depends
  on the layout, the VBAT level, and the load current. The noise level
  increases with improper layout.

When DCDC CLK SYNC bits are 00:
* VIO 3-MHz oscillator is the source clock of digital core
* VDD1 and VDD2 are running on their own 3-MHz oscillator
* Current pulled though VCC1+VCC2 average of Iload(VDD1) + Iload(VDD2)
* The switching noise of the 3 SMPS will be randomly spread over time,
  causing lower overall switching noise.

Workaround:
Set DCDCCTRL_REG[1:0]= 00.

Signed-off-by: Jan Remmet <j.remmet@phytec.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/regulator/tps65910-regulator.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/regulator/tps65910-regulator.c
+++ b/drivers/regulator/tps65910-regulator.c
@@ -1111,6 +1111,12 @@ static int tps65910_probe(struct platfor
 		pmic->num_regulators = ARRAY_SIZE(tps65910_regs);
 		pmic->ext_sleep_control = tps65910_ext_sleep_control;
 		info = tps65910_regs;
+		/* Work around silicon erratum SWCZ010: output programmed
+		 * voltage level can go higher than expected or crash
+		 * Workaround: use no synchronization of DCDC clocks
+		 */
+		tps65910_reg_clear_bits(pmic->mfd, TPS65910_DCDCCTRL,
+					DCDCCTRL_DCDCCKSYNC_MASK);
 		break;
 	case TPS65911:
 		pmic->get_ctrl_reg = &tps65911_get_ctrl_register;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 005/140] clk: imx6: initialize GPU clocks
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (3 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 004/140] regulator: tps65910: Work around silicon erratum SWCZ010 Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 006/140] clk: imx6: fix i.MX6DL clock tree to reflect reality Greg Kroah-Hartman
                     ` (129 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lucas Stach, Shawn Guo, Stephen Boyd

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lucas Stach <l.stach@pengutronix.de>

commit d8846023aed1293e54d33499558fc2aa2b2f393f upstream.

Initialize the GPU clock muxes to sane inputs. Until now they have
not been changed from their default values, which means that both
GPU3D shader and GPU2D core were fed by clock inputs whose rates
exceed the maximium allowed frequency of the cores by as much as
200MHz.

This fixes a severe GPU stability issue on i.MX6DL.

Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Acked-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/clk/imx/clk-imx6q.c |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

--- a/drivers/clk/imx/clk-imx6q.c
+++ b/drivers/clk/imx/clk-imx6q.c
@@ -629,6 +629,24 @@ static void __init imx6q_clocks_init(str
 	if (IS_ENABLED(CONFIG_PCI_IMX6))
 		clk_set_parent(clk[IMX6QDL_CLK_LVDS1_SEL], clk[IMX6QDL_CLK_SATA_REF_100M]);
 
+	/*
+	 * Initialize the GPU clock muxes, so that the maximum specified clock
+	 * rates for the respective SoC are not exceeded.
+	 */
+	if (clk_on_imx6dl()) {
+		clk_set_parent(clk[IMX6QDL_CLK_GPU3D_CORE_SEL],
+			       clk[IMX6QDL_CLK_PLL2_PFD1_594M]);
+		clk_set_parent(clk[IMX6QDL_CLK_GPU2D_CORE_SEL],
+			       clk[IMX6QDL_CLK_PLL2_PFD1_594M]);
+	} else if (clk_on_imx6q()) {
+		clk_set_parent(clk[IMX6QDL_CLK_GPU3D_CORE_SEL],
+			       clk[IMX6QDL_CLK_MMDC_CH0_AXI]);
+		clk_set_parent(clk[IMX6QDL_CLK_GPU3D_SHADER_SEL],
+			       clk[IMX6QDL_CLK_PLL2_PFD1_594M]);
+		clk_set_parent(clk[IMX6QDL_CLK_GPU2D_CORE_SEL],
+			       clk[IMX6QDL_CLK_PLL3_USB_OTG]);
+	}
+
 	imx_register_uart_clocks(uart_clks);
 }
 CLK_OF_DECLARE(imx6q, "fsl,imx6q-ccm", imx6q_clocks_init);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 006/140] clk: imx6: fix i.MX6DL clock tree to reflect reality
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (4 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 005/140] clk: imx6: initialize GPU clocks Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 007/140] spi: spidev_test: Fix buffer overflow in unescape() Greg Kroah-Hartman
                     ` (128 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lucas Stach, Shawn Guo, Stephen Boyd

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lucas Stach <l.stach@pengutronix.de>

commit b1d51b448e4e6a392283b3eab06a7c5ec6d8a4e2 upstream.

The current clock tree only implements the minimal set of differences
between the i.MX6Q and the i.MX6DL, but that doesn't really reflect
reality.

Apply the following fixes to match the RM:
- DL has no GPU3D_SHADER_SEL/PODF, the shader domain is clocked by
  GPU3D_CORE
- GPU3D_SHADER_SEL/PODF has been repurposed as GPU2D_CORE_SEL/PODF
- GPU2D_CORE_SEL/PODF has been repurposed as MLB_SEL/PODF

Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Acked-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/clk/imx/clk-imx6q.c               |   28 ++++++++++++++++------------
 include/dt-bindings/clock/imx6qdl-clock.h |    4 +++-
 2 files changed, 19 insertions(+), 13 deletions(-)

--- a/drivers/clk/imx/clk-imx6q.c
+++ b/drivers/clk/imx/clk-imx6q.c
@@ -318,11 +318,16 @@ static void __init imx6q_clocks_init(str
 		clk[IMX6QDL_CLK_IPG_PER_SEL] = imx_clk_mux("ipg_per_sel", base + 0x1c, 6, 1, ipg_per_sels, ARRAY_SIZE(ipg_per_sels));
 		clk[IMX6QDL_CLK_UART_SEL] = imx_clk_mux("uart_sel", base + 0x24, 6, 1, uart_sels, ARRAY_SIZE(uart_sels));
 		clk[IMX6QDL_CLK_GPU2D_CORE_SEL] = imx_clk_mux("gpu2d_core_sel", base + 0x18, 16, 2, gpu2d_core_sels_2, ARRAY_SIZE(gpu2d_core_sels_2));
+	} else if (clk_on_imx6dl()) {
+		clk[IMX6QDL_CLK_MLB_SEL] = imx_clk_mux("mlb_sel",   base + 0x18, 16, 2, gpu2d_core_sels,   ARRAY_SIZE(gpu2d_core_sels));
 	} else {
 		clk[IMX6QDL_CLK_GPU2D_CORE_SEL] = imx_clk_mux("gpu2d_core_sel",   base + 0x18, 16, 2, gpu2d_core_sels,   ARRAY_SIZE(gpu2d_core_sels));
 	}
 	clk[IMX6QDL_CLK_GPU3D_CORE_SEL]   = imx_clk_mux("gpu3d_core_sel",   base + 0x18, 4,  2, gpu3d_core_sels,   ARRAY_SIZE(gpu3d_core_sels));
-	clk[IMX6QDL_CLK_GPU3D_SHADER_SEL] = imx_clk_mux("gpu3d_shader_sel", base + 0x18, 8,  2, gpu3d_shader_sels, ARRAY_SIZE(gpu3d_shader_sels));
+	if (clk_on_imx6dl())
+		clk[IMX6QDL_CLK_GPU2D_CORE_SEL] = imx_clk_mux("gpu2d_core_sel", base + 0x18, 8,  2, gpu3d_shader_sels, ARRAY_SIZE(gpu3d_shader_sels));
+	else
+		clk[IMX6QDL_CLK_GPU3D_SHADER_SEL] = imx_clk_mux("gpu3d_shader_sel", base + 0x18, 8,  2, gpu3d_shader_sels, ARRAY_SIZE(gpu3d_shader_sels));
 	clk[IMX6QDL_CLK_IPU1_SEL]         = imx_clk_mux("ipu1_sel",         base + 0x3c, 9,  2, ipu_sels,          ARRAY_SIZE(ipu_sels));
 	clk[IMX6QDL_CLK_IPU2_SEL]         = imx_clk_mux("ipu2_sel",         base + 0x3c, 14, 2, ipu_sels,          ARRAY_SIZE(ipu_sels));
 	clk[IMX6QDL_CLK_LDB_DI0_SEL]      = imx_clk_mux_flags("ldb_di0_sel", base + 0x2c, 9,  3, ldb_di_sels,      ARRAY_SIZE(ldb_di_sels), CLK_SET_RATE_PARENT);
@@ -400,9 +405,15 @@ static void __init imx6q_clocks_init(str
 		clk[IMX6QDL_CLK_LDB_DI0_DIV_3_5] = imx_clk_fixed_factor("ldb_di0_div_3_5", "ldb_di0_sel", 2, 7);
 		clk[IMX6QDL_CLK_LDB_DI1_DIV_3_5] = imx_clk_fixed_factor("ldb_di1_div_3_5", "ldb_di1_sel", 2, 7);
 	}
-	clk[IMX6QDL_CLK_GPU2D_CORE_PODF]  = imx_clk_divider("gpu2d_core_podf",  "gpu2d_core_sel",    base + 0x18, 23, 3);
+	if (clk_on_imx6dl())
+		clk[IMX6QDL_CLK_MLB_PODF]  = imx_clk_divider("mlb_podf",  "mlb_sel",    base + 0x18, 23, 3);
+	else
+		clk[IMX6QDL_CLK_GPU2D_CORE_PODF]  = imx_clk_divider("gpu2d_core_podf",  "gpu2d_core_sel",    base + 0x18, 23, 3);
 	clk[IMX6QDL_CLK_GPU3D_CORE_PODF]  = imx_clk_divider("gpu3d_core_podf",  "gpu3d_core_sel",    base + 0x18, 26, 3);
-	clk[IMX6QDL_CLK_GPU3D_SHADER]     = imx_clk_divider("gpu3d_shader",     "gpu3d_shader_sel",  base + 0x18, 29, 3);
+	if (clk_on_imx6dl())
+		clk[IMX6QDL_CLK_GPU2D_CORE_PODF]  = imx_clk_divider("gpu2d_core_podf",     "gpu2d_core_sel",  base + 0x18, 29, 3);
+	else
+		clk[IMX6QDL_CLK_GPU3D_SHADER]     = imx_clk_divider("gpu3d_shader",     "gpu3d_shader_sel",  base + 0x18, 29, 3);
 	clk[IMX6QDL_CLK_IPU1_PODF]        = imx_clk_divider("ipu1_podf",        "ipu1_sel",          base + 0x3c, 11, 3);
 	clk[IMX6QDL_CLK_IPU2_PODF]        = imx_clk_divider("ipu2_podf",        "ipu2_sel",          base + 0x3c, 16, 3);
 	clk[IMX6QDL_CLK_LDB_DI0_PODF]     = imx_clk_divider_flags("ldb_di0_podf", "ldb_di0_div_3_5", base + 0x20, 10, 1, 0);
@@ -473,14 +484,7 @@ static void __init imx6q_clocks_init(str
 	clk[IMX6QDL_CLK_ESAI_MEM]     = imx_clk_gate2_shared("esai_mem", "ahb",             base + 0x6c, 16, &share_count_esai);
 	clk[IMX6QDL_CLK_GPT_IPG]      = imx_clk_gate2("gpt_ipg",       "ipg",               base + 0x6c, 20);
 	clk[IMX6QDL_CLK_GPT_IPG_PER]  = imx_clk_gate2("gpt_ipg_per",   "ipg_per",           base + 0x6c, 22);
-	if (clk_on_imx6dl())
-		/*
-		 * The multiplexer and divider of imx6q clock gpu3d_shader get
-		 * redefined/reused as gpu2d_core_sel and gpu2d_core_podf on imx6dl.
-		 */
-		clk[IMX6QDL_CLK_GPU2D_CORE] = imx_clk_gate2("gpu2d_core", "gpu3d_shader", base + 0x6c, 24);
-	else
-		clk[IMX6QDL_CLK_GPU2D_CORE] = imx_clk_gate2("gpu2d_core", "gpu2d_core_podf", base + 0x6c, 24);
+	clk[IMX6QDL_CLK_GPU2D_CORE] = imx_clk_gate2("gpu2d_core", "gpu2d_core_podf", base + 0x6c, 24);
 	clk[IMX6QDL_CLK_GPU3D_CORE]   = imx_clk_gate2("gpu3d_core",    "gpu3d_core_podf",   base + 0x6c, 26);
 	clk[IMX6QDL_CLK_HDMI_IAHB]    = imx_clk_gate2("hdmi_iahb",     "ahb",               base + 0x70, 0);
 	clk[IMX6QDL_CLK_HDMI_ISFR]    = imx_clk_gate2("hdmi_isfr",     "video_27m",         base + 0x70, 4);
@@ -511,7 +515,7 @@ static void __init imx6q_clocks_init(str
 		 * The multiplexer and divider of the imx6q clock gpu2d get
 		 * redefined/reused as mlb_sys_sel and mlb_sys_clk_podf on imx6dl.
 		 */
-		clk[IMX6QDL_CLK_MLB] = imx_clk_gate2("mlb",            "gpu2d_core_podf",   base + 0x74, 18);
+		clk[IMX6QDL_CLK_MLB] = imx_clk_gate2("mlb",            "mlb_podf",   base + 0x74, 18);
 	else
 		clk[IMX6QDL_CLK_MLB] = imx_clk_gate2("mlb",            "axi",               base + 0x74, 18);
 	clk[IMX6QDL_CLK_MMDC_CH0_AXI] = imx_clk_gate2("mmdc_ch0_axi",  "mmdc_ch0_axi_podf", base + 0x74, 20);
--- a/include/dt-bindings/clock/imx6qdl-clock.h
+++ b/include/dt-bindings/clock/imx6qdl-clock.h
@@ -269,6 +269,8 @@
 #define IMX6QDL_CLK_PRG0_APB			256
 #define IMX6QDL_CLK_PRG1_APB			257
 #define IMX6QDL_CLK_PRE_AXI			258
-#define IMX6QDL_CLK_END				259
+#define IMX6QDL_CLK_MLB_SEL			259
+#define IMX6QDL_CLK_MLB_PODF			260
+#define IMX6QDL_CLK_END				261
 
 #endif /* __DT_BINDINGS_CLOCK_IMX6QDL_H */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 007/140] spi: spidev_test: Fix buffer overflow in unescape()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (5 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 006/140] clk: imx6: fix i.MX6DL clock tree to reflect reality Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 008/140] PM / devfreq: event: remove duplicate devfreq_event_get_drvdata() Greg Kroah-Hartman
                     ` (127 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Mark Brown

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Geert Uytterhoeven <geert+renesas@glider.be>

commit 0278b34bf15f8d8a609595b15909cd8622dd64ca upstream.

Sometimes spidev_test crashes with:

    *** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 ***
    Aborted

or just

    Segmentation fault

This is due to transfer_escaped_string() miscalculating the required
size of the buffer by one byte, causing a buffer overflow in unescape().

Drop the bogus "+ 1" in the strlen() parameter to fix this.

Note that unescape() never copies the zero-terminator of the source
string, so it writes at most as many bytes as the length of the source
string.

Fixes: 30061915be6e3a2c (spi: spidev_test: Added input buffer from the terminal)
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/spi/spidev_test.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/spi/spidev_test.c
+++ b/tools/spi/spidev_test.c
@@ -284,7 +284,7 @@ static void parse_opts(int argc, char *a
 
 static void transfer_escaped_string(int fd, char *str)
 {
-	size_t size = strlen(str + 1);
+	size_t size = strlen(str);
 	uint8_t *tx;
 	uint8_t *rx;
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 008/140] PM / devfreq: event: remove duplicate devfreq_event_get_drvdata()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (6 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 007/140] spi: spidev_test: Fix buffer overflow in unescape() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 009/140] ath10k: fix copy engine 5 destination ring stuck Greg Kroah-Hartman
                     ` (126 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lin Huang, Chanwoo Choi, MyungJoo Ham

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lin Huang <hl@rock-chips.com>

commit c8a9a6daccad495c48d5435d3487956ce01bc6a1 upstream.

there define two devfreq_event_get_drvdata() function in devfreq-event.h
when disable CONFIG_PM_DEVFREQ_EVENT, it will lead to build fail. So
remove devfreq_event_get_drvdata() function.

Fixes: f262f28c1470 ("PM / devfreq: event: Add devfreq_event class")
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/devfreq-event.h |    5 -----
 1 file changed, 5 deletions(-)

--- a/include/linux/devfreq-event.h
+++ b/include/linux/devfreq-event.h
@@ -148,11 +148,6 @@ static inline int devfreq_event_reset_ev
 	return -EINVAL;
 }
 
-static inline void *devfreq_event_get_drvdata(struct devfreq_event_dev *edev)
-{
-	return ERR_PTR(-EINVAL);
-}
-
 static inline struct devfreq_event_dev *devfreq_event_get_edev_by_phandle(
 					struct device *dev, int index)
 {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 009/140] ath10k: fix copy engine 5 destination ring stuck
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (7 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 008/140] PM / devfreq: event: remove duplicate devfreq_event_get_drvdata() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 010/140] rtlwifi: Fix missing country code for Great Britain Greg Kroah-Hartman
                     ` (125 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tamizh chelvam, Rajkumar Manoharan,
	Kalle Valo

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>

commit 0628467f97b5227755428bac10a68257322f7e34 upstream.

Firmware is running watchdog timer for tracking copy engine ring index
and write index. Whenever both indices are stuck at same location for
given duration, watchdog will be trigger to assert target. While
updating copy engine destination ring write index, driver ensures that
write index will not be same as read index by finding delta between these
two indices (CE_RING_DELTA).

HTT target to host copy engine (CE5) is special case where ring buffers
will be reused and delta check is not applied while updating write index.
In rare scenario, whenever CE5 ring is full, both indices will be referring
same location and this is causing CE ring stuck issue as explained
above. This issue is originally reported on IPQ4019 during long hour stress
testing and during veriwave max clients testsuites. The same issue is
also observed in other chips as well. Fix this by ensuring that write
index is one less than read index which means that full ring is
available for receiving data.

Tested-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/ath/ath10k/ce.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/drivers/net/wireless/ath/ath10k/ce.c
+++ b/drivers/net/wireless/ath/ath10k/ce.c
@@ -433,6 +433,13 @@ void ath10k_ce_rx_update_write_idx(struc
 	unsigned int nentries_mask = dest_ring->nentries_mask;
 	unsigned int write_index = dest_ring->write_index;
 	u32 ctrl_addr = pipe->ctrl_addr;
+	u32 cur_write_idx = ath10k_ce_dest_ring_write_index_get(ar, ctrl_addr);
+
+	/* Prevent CE ring stuck issue that will occur when ring is full.
+	 * Make sure that write index is 1 less than read index.
+	 */
+	if ((cur_write_idx + nentries)  == dest_ring->sw_index)
+		nentries -= 1;
 
 	write_index = CE_RING_IDX_ADD(nentries_mask, write_index, nentries);
 	ath10k_ce_dest_ring_write_index_set(ar, ctrl_addr, write_index);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 010/140] rtlwifi: Fix missing country code for Great Britain
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (8 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 009/140] ath10k: fix copy engine 5 destination ring stuck Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 012/140] mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error Greg Kroah-Hartman
                     ` (124 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Larry Finger, Kalle Valo

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Larry Finger <Larry.Finger@lwfinger.net>

commit 0c9d3491530773858ff9d705ec2a9c382f449230 upstream.

Some RTL8821AE devices sold in Great Britain have the country code of
0x25 encoded in their EEPROM. This value is not tested in the routine
that establishes the regulatory info for the chip. The fix is to set
this code to have the same capabilities as the EU countries. In addition,
the channels allowed for COUNTRY_CODE_ETSI were more properly suited
for China and Israel, not the EU. This problem has also been fixed.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/realtek/rtlwifi/regd.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/net/wireless/realtek/rtlwifi/regd.c
+++ b/drivers/net/wireless/realtek/rtlwifi/regd.c
@@ -345,9 +345,9 @@ static const struct ieee80211_regdomain
 		return &rtl_regdom_no_midband;
 	case COUNTRY_CODE_IC:
 		return &rtl_regdom_11;
-	case COUNTRY_CODE_ETSI:
 	case COUNTRY_CODE_TELEC_NETGEAR:
 		return &rtl_regdom_60_64;
+	case COUNTRY_CODE_ETSI:
 	case COUNTRY_CODE_SPAIN:
 	case COUNTRY_CODE_FRANCE:
 	case COUNTRY_CODE_ISRAEL:
@@ -406,6 +406,8 @@ static u8 channel_plan_to_country_code(u
 		return COUNTRY_CODE_WORLD_WIDE_13;
 	case 0x22:
 		return COUNTRY_CODE_IC;
+	case 0x25:
+		return COUNTRY_CODE_ETSI;
 	case 0x32:
 		return COUNTRY_CODE_TELEC_NETGEAR;
 	case 0x41:

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 012/140] mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (9 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 010/140] rtlwifi: Fix missing country code for Great Britain Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 013/140] PCI: Mark Atheros AR9580 to avoid bus reset Greg Kroah-Hartman
                     ` (123 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Haibo Chen, Adrian Hunter, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Haibo Chen <haibo.chen@nxp.com>

commit 02265cd60335a2c1417abae4192611e1fc05a6e5 upstream.

Potentially overflowing expression 1000000 * data->timeout_clks with
type unsigned int is evaluated using 32-bit arithmetic, and then used
in a context that expects an expression of type unsigned long long.

To avoid overflow, cast 1000000U to type unsigned long long.
Special thanks to Coverity.

Fixes: 7f05538af71c ("mmc: sdhci: fix data timeout (part 2)")
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/sdhci.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -687,7 +687,7 @@ static u8 sdhci_calc_timeout(struct sdhc
 			 * host->clock is in Hz.  target_timeout is in us.
 			 * Hence, us = 1000000 * cycles / Hz.  Round up.
 			 */
-			val = 1000000 * data->timeout_clks;
+			val = 1000000ULL * data->timeout_clks;
 			if (do_div(val, host->clock))
 				target_timeout++;
 			target_timeout += val;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 013/140] PCI: Mark Atheros AR9580 to avoid bus reset
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (10 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 012/140] mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 014/140] PCI: tegra: Fix argument order in tegra_pcie_phy_disable() Greg Kroah-Hartman
                     ` (122 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maik Broemme, Bjorn Helgaas

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Maik Broemme <mbroemme@libmpq.org>

commit 8e2e03179923479ca0c0b6fdc7c93ecf89bce7a8 upstream.

Similar to the AR93xx and the AR94xx series, the AR95xx also have the same
quirk for the Bus Reset.  It will lead to instant system reset if the
device is assigned via VFIO to a KVM VM.  I've been able reproduce this
behavior with a MikroTik R11e-2HnD.

Fixes: c3e59ee4e766 ("PCI: Mark Atheros AR93xx to avoid bus reset")
Signed-off-by: Maik Broemme <mbroemme@libmpq.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/quirks.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3198,6 +3198,7 @@ static void quirk_no_bus_reset(struct pc
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0030, quirk_no_bus_reset);
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0032, quirk_no_bus_reset);
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x003c, quirk_no_bus_reset);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0033, quirk_no_bus_reset);
 
 static void quirk_no_pm_reset(struct pci_dev *dev)
 {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 014/140] PCI: tegra: Fix argument order in tegra_pcie_phy_disable()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (11 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 013/140] PCI: Mark Atheros AR9580 to avoid bus reset Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 015/140] platform: dont return 0 from platform_get_irq[_byname]() on error Greg Kroah-Hartman
                     ` (121 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas, Thierry Reding

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bjorn Helgaas <bhelgaas@google.com>

commit 8dd99bca7bfa4b62753b556c45d26f45ec9da6e6 upstream.

The tegra_pcie_phy_disable() path called pads_writel() with arguments in
the wrong order.  Swap them to be the "value, offset" order expected by
pads_writel().

Fixes: 6fe7c187e026 ("PCI: tegra: Support per-lane PHYs")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/host/pci-tegra.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/host/pci-tegra.c
+++ b/drivers/pci/host/pci-tegra.c
@@ -856,7 +856,7 @@ static int tegra_pcie_phy_disable(struct
 	/* override IDDQ */
 	value = pads_readl(pcie, PADS_CTL);
 	value |= PADS_CTL_IDDQ_1L;
-	pads_writel(pcie, PADS_CTL, value);
+	pads_writel(pcie, value, PADS_CTL);
 
 	/* reset PLL */
 	value = pads_readl(pcie, soc->pads_pll_ctl);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 015/140] platform: dont return 0 from platform_get_irq[_byname]() on error
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (12 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 014/140] PCI: tegra: Fix argument order in tegra_pcie_phy_disable() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 016/140] cpufreq: ti: Use generic platdev driver Greg Kroah-Hartman
                     ` (120 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sergei Shtylyov

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>

commit e330b9a6bb35dc7097a4f02cb1ae7b6f96df92af upstream.

of_irq_get[_byname]() return 0 iff  irq_create_of_mapping() call fails.
Returning both  error code and 0 on failure is a sign of a misdesigned API,
it makes the failure check unnecessarily complex and error prone. We should
rely  on the platform IRQ resource in this case, not return 0,  especially
as 0 can be  a valid  IRQ resource too...

Fixes: aff008ad813c ("platform_get_irq: Revert to platform_get_resource if of_irq_get fails")
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/base/platform.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -97,7 +97,7 @@ int platform_get_irq(struct platform_dev
 		int ret;
 
 		ret = of_irq_get(dev->dev.of_node, num);
-		if (ret >= 0 || ret == -EPROBE_DEFER)
+		if (ret > 0 || ret == -EPROBE_DEFER)
 			return ret;
 	}
 
@@ -175,7 +175,7 @@ int platform_get_irq_byname(struct platf
 		int ret;
 
 		ret = of_irq_get_byname(dev->dev.of_node, name);
-		if (ret >= 0 || ret == -EPROBE_DEFER)
+		if (ret > 0 || ret == -EPROBE_DEFER)
 			return ret;
 	}
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 016/140] cpufreq: ti: Use generic platdev driver
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (13 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 015/140] platform: dont return 0 from platform_get_irq[_byname]() on error Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 017/140] cpufreq: conservative: Fix next frequency selection Greg Kroah-Hartman
                     ` (119 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dave Gerlach, Viresh Kumar,
	Rafael J. Wysocki

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dave Gerlach <d-gerlach@ti.com>

commit e01072d22d4e7f9ca966f848def22fe41eaef4de upstream.

Now that the cpufreq-dt-platdev is used to create the cpufreq-dt platform
device for all OMAP platforms and the platform code that did it
before has been removed, add ti,am33xx and ti,dra7xx to the machine list
in cpufreq-dt-platdev which had relied on the removed platform code to do
this previously.

Fixes: 7694ca6e1d6f (cpufreq: omap: Use generic platdev driver)
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/cpufreq/cpufreq-dt-platdev.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/cpufreq/cpufreq-dt-platdev.c
+++ b/drivers/cpufreq/cpufreq-dt-platdev.c
@@ -68,6 +68,8 @@ static const struct of_device_id machine
 
 	{ .compatible = "sigma,tango4" },
 
+	{ .compatible = "ti,am33xx", },
+	{ .compatible = "ti,dra7", },
 	{ .compatible = "ti,omap2", },
 	{ .compatible = "ti,omap3", },
 	{ .compatible = "ti,omap4", },

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 017/140] cpufreq: conservative: Fix next frequency selection
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (14 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 016/140] cpufreq: ti: Use generic platdev driver Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 018/140] cpufreq: skip invalid entries when searching the frequency Greg Kroah-Hartman
                     ` (118 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Viresh Kumar, Rafael J. Wysocki

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit abb6627910a1e783c8e034b35b7c80e5e7f98f41 upstream.

Commit d352cf47d93e (cpufreq: conservative: Do not use transition
notifications) overlooked the case when the "frequency step" used
by the conservative governor is small relative to the distances
between the available frequencies and broke the algorithm by
using policy->cur instead of the previously requested frequency
when computing the next one.

As a result, the governor may not be able to go outside of a narrow
range between two consecutive available frequencies.

Fix the problem by making the governor save the previously requested
frequency and select the next one relative that value (unless it is
out of range, in which case policy->cur will be used instead).

Fixes: d352cf47d93e (cpufreq: conservative: Do not use transition notifications)
Link: https://bugzilla.kernel.org/show_bug.cgi?id=177171
Reported-and-tested-by: Aleksey Rybalkin <aleksey@rybalkin.org>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/cpufreq/cpufreq_conservative.c |   19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

--- a/drivers/cpufreq/cpufreq_conservative.c
+++ b/drivers/cpufreq/cpufreq_conservative.c
@@ -17,6 +17,7 @@
 struct cs_policy_dbs_info {
 	struct policy_dbs_info policy_dbs;
 	unsigned int down_skip;
+	unsigned int requested_freq;
 };
 
 static inline struct cs_policy_dbs_info *to_dbs_info(struct policy_dbs_info *policy_dbs)
@@ -61,6 +62,7 @@ static unsigned int cs_dbs_timer(struct
 {
 	struct policy_dbs_info *policy_dbs = policy->governor_data;
 	struct cs_policy_dbs_info *dbs_info = to_dbs_info(policy_dbs);
+	unsigned int requested_freq = dbs_info->requested_freq;
 	struct dbs_data *dbs_data = policy_dbs->dbs_data;
 	struct cs_dbs_tuners *cs_tuners = dbs_data->tuners;
 	unsigned int load = dbs_update(policy);
@@ -72,10 +74,16 @@ static unsigned int cs_dbs_timer(struct
 	if (cs_tuners->freq_step == 0)
 		goto out;
 
+	/*
+	 * If requested_freq is out of range, it is likely that the limits
+	 * changed in the meantime, so fall back to current frequency in that
+	 * case.
+	 */
+	if (requested_freq > policy->max || requested_freq < policy->min)
+		requested_freq = policy->cur;
+
 	/* Check for frequency increase */
 	if (load > dbs_data->up_threshold) {
-		unsigned int requested_freq = policy->cur;
-
 		dbs_info->down_skip = 0;
 
 		/* if we are already at full speed then break out early */
@@ -83,8 +91,11 @@ static unsigned int cs_dbs_timer(struct
 			goto out;
 
 		requested_freq += get_freq_target(cs_tuners, policy);
+		if (requested_freq > policy->max)
+			requested_freq = policy->max;
 
 		__cpufreq_driver_target(policy, requested_freq, CPUFREQ_RELATION_H);
+		dbs_info->requested_freq = requested_freq;
 		goto out;
 	}
 
@@ -95,7 +106,7 @@ static unsigned int cs_dbs_timer(struct
 
 	/* Check for frequency decrease */
 	if (load < cs_tuners->down_threshold) {
-		unsigned int freq_target, requested_freq = policy->cur;
+		unsigned int freq_target;
 		/*
 		 * if we cannot reduce the frequency anymore, break out early
 		 */
@@ -109,6 +120,7 @@ static unsigned int cs_dbs_timer(struct
 			requested_freq = policy->min;
 
 		__cpufreq_driver_target(policy, requested_freq, CPUFREQ_RELATION_L);
+		dbs_info->requested_freq = requested_freq;
 	}
 
  out:
@@ -287,6 +299,7 @@ static void cs_start(struct cpufreq_poli
 	struct cs_policy_dbs_info *dbs_info = to_dbs_info(policy->governor_data);
 
 	dbs_info->down_skip = 0;
+	dbs_info->requested_freq = policy->cur;
 }
 
 static struct dbs_governor cs_governor = {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 018/140] cpufreq: skip invalid entries when searching the frequency
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (15 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 017/140] cpufreq: conservative: Fix next frequency selection Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 019/140] cpufreq: intel_pstate: Fix unsafe HWP MSR access Greg Kroah-Hartman
                     ` (117 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Viresh Kumar,
	Rafael J. Wysocki

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aaro Koskinen <aaro.koskinen@iki.fi>

commit 899bb6642f2a2f2cd3f77abd6c5a14550e3b37e6 upstream.

Skip invalid entries when searching the frequency. This fixes cpufreq
at least on loongson2 MIPS board.

Fixes: da0c6dc00c69 (cpufreq: Handle sorted frequency tables more efficiently)
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/cpufreq.h |  104 ++++++++++++++++++++++++------------------------
 1 file changed, 52 insertions(+), 52 deletions(-)

--- a/include/linux/cpufreq.h
+++ b/include/linux/cpufreq.h
@@ -639,19 +639,19 @@ static inline int cpufreq_table_find_ind
 					      unsigned int target_freq)
 {
 	struct cpufreq_frequency_table *table = policy->freq_table;
+	struct cpufreq_frequency_table *pos, *best = table - 1;
 	unsigned int freq;
-	int i, best = -1;
 
-	for (i = 0; table[i].frequency != CPUFREQ_TABLE_END; i++) {
-		freq = table[i].frequency;
+	cpufreq_for_each_valid_entry(pos, table) {
+		freq = pos->frequency;
 
 		if (freq >= target_freq)
-			return i;
+			return pos - table;
 
-		best = i;
+		best = pos;
 	}
 
-	return best;
+	return best - table;
 }
 
 /* Find lowest freq at or above target in a table in descending order */
@@ -659,28 +659,28 @@ static inline int cpufreq_table_find_ind
 					      unsigned int target_freq)
 {
 	struct cpufreq_frequency_table *table = policy->freq_table;
+	struct cpufreq_frequency_table *pos, *best = table - 1;
 	unsigned int freq;
-	int i, best = -1;
 
-	for (i = 0; table[i].frequency != CPUFREQ_TABLE_END; i++) {
-		freq = table[i].frequency;
+	cpufreq_for_each_valid_entry(pos, table) {
+		freq = pos->frequency;
 
 		if (freq == target_freq)
-			return i;
+			return pos - table;
 
 		if (freq > target_freq) {
-			best = i;
+			best = pos;
 			continue;
 		}
 
 		/* No freq found above target_freq */
-		if (best == -1)
-			return i;
+		if (best == table - 1)
+			return pos - table;
 
-		return best;
+		return best - pos;
 	}
 
-	return best;
+	return best - pos;
 }
 
 /* Works only on sorted freq-tables */
@@ -700,28 +700,28 @@ static inline int cpufreq_table_find_ind
 					      unsigned int target_freq)
 {
 	struct cpufreq_frequency_table *table = policy->freq_table;
+	struct cpufreq_frequency_table *pos, *best = table - 1;
 	unsigned int freq;
-	int i, best = -1;
 
-	for (i = 0; table[i].frequency != CPUFREQ_TABLE_END; i++) {
-		freq = table[i].frequency;
+	cpufreq_for_each_valid_entry(pos, table) {
+		freq = pos->frequency;
 
 		if (freq == target_freq)
-			return i;
+			return pos - table;
 
 		if (freq < target_freq) {
-			best = i;
+			best = pos;
 			continue;
 		}
 
 		/* No freq found below target_freq */
-		if (best == -1)
-			return i;
+		if (best == table - 1)
+			return pos - table;
 
-		return best;
+		return best - table;
 	}
 
-	return best;
+	return best - table;
 }
 
 /* Find highest freq at or below target in a table in descending order */
@@ -729,19 +729,19 @@ static inline int cpufreq_table_find_ind
 					      unsigned int target_freq)
 {
 	struct cpufreq_frequency_table *table = policy->freq_table;
+	struct cpufreq_frequency_table *pos, *best = table - 1;
 	unsigned int freq;
-	int i, best = -1;
 
-	for (i = 0; table[i].frequency != CPUFREQ_TABLE_END; i++) {
-		freq = table[i].frequency;
+	cpufreq_for_each_valid_entry(pos, table) {
+		freq = pos->frequency;
 
 		if (freq <= target_freq)
-			return i;
+			return pos - table;
 
-		best = i;
+		best = pos;
 	}
 
-	return best;
+	return best - table;
 }
 
 /* Works only on sorted freq-tables */
@@ -761,32 +761,32 @@ static inline int cpufreq_table_find_ind
 					      unsigned int target_freq)
 {
 	struct cpufreq_frequency_table *table = policy->freq_table;
+	struct cpufreq_frequency_table *pos, *best = table - 1;
 	unsigned int freq;
-	int i, best = -1;
 
-	for (i = 0; table[i].frequency != CPUFREQ_TABLE_END; i++) {
-		freq = table[i].frequency;
+	cpufreq_for_each_valid_entry(pos, table) {
+		freq = pos->frequency;
 
 		if (freq == target_freq)
-			return i;
+			return pos - table;
 
 		if (freq < target_freq) {
-			best = i;
+			best = pos;
 			continue;
 		}
 
 		/* No freq found below target_freq */
-		if (best == -1)
-			return i;
+		if (best == table - 1)
+			return pos - table;
 
 		/* Choose the closest freq */
-		if (target_freq - table[best].frequency > freq - target_freq)
-			return i;
+		if (target_freq - best->frequency > freq - target_freq)
+			return pos - table;
 
-		return best;
+		return best - table;
 	}
 
-	return best;
+	return best - table;
 }
 
 /* Find closest freq to target in a table in descending order */
@@ -794,32 +794,32 @@ static inline int cpufreq_table_find_ind
 					      unsigned int target_freq)
 {
 	struct cpufreq_frequency_table *table = policy->freq_table;
+	struct cpufreq_frequency_table *pos, *best = table - 1;
 	unsigned int freq;
-	int i, best = -1;
 
-	for (i = 0; table[i].frequency != CPUFREQ_TABLE_END; i++) {
-		freq = table[i].frequency;
+	cpufreq_for_each_valid_entry(pos, table) {
+		freq = pos->frequency;
 
 		if (freq == target_freq)
-			return i;
+			return pos - table;
 
 		if (freq > target_freq) {
-			best = i;
+			best = pos;
 			continue;
 		}
 
 		/* No freq found above target_freq */
-		if (best == -1)
-			return i;
+		if (best == table - 1)
+			return pos - table;
 
 		/* Choose the closest freq */
-		if (table[best].frequency - target_freq > target_freq - freq)
-			return i;
+		if (best->frequency - target_freq > target_freq - freq)
+			return pos - table;
 
-		return best;
+		return best - table;
 	}
 
-	return best;
+	return best - table;
 }
 
 /* Works only on sorted freq-tables */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 019/140] cpufreq: intel_pstate: Fix unsafe HWP MSR access
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (16 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 018/140] cpufreq: skip invalid entries when searching the frequency Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 021/140] parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels Greg Kroah-Hartman
                     ` (116 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada, Rafael J. Wysocki

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>

commit f9f4872df6e1801572949f8a370c886122d4b6da upstream.

This is a requirement that MSR MSR_PM_ENABLE must be set to 0x01 before
reading MSR_HWP_CAPABILITIES on a given CPU. If cpufreq init() is
scheduled on a CPU which is not same as policy->cpu or migrates to a
different CPU before calling msr read for MSR_HWP_CAPABILITIES, it
is possible that MSR_PM_ENABLE was not to set to 0x01 on that CPU.
This will cause GP fault. So like other places in this path
rdmsrl_on_cpu should be used instead of rdmsrl.

Moreover the scope of MSR_HWP_CAPABILITIES is on per thread basis, so it
should be read from the same CPU, for which MSR MSR_HWP_REQUEST is
getting set.

dmesg dump or warning:

[   22.014488] WARNING: CPU: 139 PID: 1 at arch/x86/mm/extable.c:50 ex_handler_rdmsr_unsafe+0x68/0x70
[   22.014492] unchecked MSR access error: RDMSR from 0x771
[   22.014493] Modules linked in:
[   22.014507] CPU: 139 PID: 1 Comm: swapper/0 Not tainted 4.7.5+ #1
...
...
[   22.014516] Call Trace:
[   22.014542]  [<ffffffff813d7dd1>] dump_stack+0x63/0x82
[   22.014558]  [<ffffffff8107bc8b>] __warn+0xcb/0xf0
[   22.014561]  [<ffffffff8107bcff>] warn_slowpath_fmt+0x4f/0x60
[   22.014563]  [<ffffffff810676f8>] ex_handler_rdmsr_unsafe+0x68/0x70
[   22.014564]  [<ffffffff810677d9>] fixup_exception+0x39/0x50
[   22.014604]  [<ffffffff8102e400>] do_general_protection+0x80/0x150
[   22.014610]  [<ffffffff817f9ec8>] general_protection+0x28/0x30
[   22.014635]  [<ffffffff81687940>] ? get_target_pstate_use_performance+0xb0/0xb0
[   22.014642]  [<ffffffff810600c7>] ? native_read_msr+0x7/0x40
[   22.014657]  [<ffffffff81688123>] intel_pstate_hwp_set+0x23/0x130
[   22.014660]  [<ffffffff81688406>] intel_pstate_set_policy+0x1b6/0x340
[   22.014662]  [<ffffffff816829bb>] cpufreq_set_policy+0xeb/0x2c0
[   22.014664]  [<ffffffff81682f39>] cpufreq_init_policy+0x79/0xe0
[   22.014666]  [<ffffffff81682cb0>] ? cpufreq_update_policy+0x120/0x120
[   22.014669]  [<ffffffff816833a6>] cpufreq_online+0x406/0x820
[   22.014671]  [<ffffffff8168381f>] cpufreq_add_dev+0x5f/0x90
[   22.014717]  [<ffffffff81530ac8>] subsys_interface_register+0xb8/0x100
[   22.014719]  [<ffffffff816821bc>] cpufreq_register_driver+0x14c/0x210
[   22.014749]  [<ffffffff81fe1d90>] intel_pstate_init+0x39d/0x4d5
[   22.014751]  [<ffffffff81fe13f2>] ? cpufreq_gov_dbs_init+0x12/0x12

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/cpufreq/intel_pstate.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -556,12 +556,12 @@ static void intel_pstate_hwp_set(const s
 	int min, hw_min, max, hw_max, cpu, range, adj_range;
 	u64 value, cap;
 
-	rdmsrl(MSR_HWP_CAPABILITIES, cap);
-	hw_min = HWP_LOWEST_PERF(cap);
-	hw_max = HWP_HIGHEST_PERF(cap);
-	range = hw_max - hw_min;
-
 	for_each_cpu(cpu, cpumask) {
+		rdmsrl_on_cpu(cpu, MSR_HWP_CAPABILITIES, &cap);
+		hw_min = HWP_LOWEST_PERF(cap);
+		hw_max = HWP_HIGHEST_PERF(cap);
+		range = hw_max - hw_min;
+
 		rdmsrl_on_cpu(cpu, MSR_HWP_REQUEST, &value);
 		adj_range = limits->min_perf_pct * range / 100;
 		min = hw_min + adj_range;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 021/140] parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (17 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 019/140] cpufreq: intel_pstate: Fix unsafe HWP MSR access Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 022/140] parisc: Fix self-detected CPU stall warnings on Mako machines Greg Kroah-Hartman
                     ` (115 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Helge Deller <deller@gmx.de>

commit 690d097c00c88fa9d93d198591e184164b1d8c20 upstream.

Increase the initial kernel default page mapping size for SMP kernels to 32MB
and add a runtime check which panics early if the kernel is bigger than the
initial mapping size.

This fixes boot crashes of 32bit SMP kernels. Due to the introduction of huge
page support in kernel 4.4 and it's required initial kernel layout in memory, a
32bit SMP kernel usually got bigger (in layout, not size) than 16MB.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/parisc/include/asm/pgtable.h |    2 +-
 arch/parisc/kernel/setup.c        |    8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

--- a/arch/parisc/include/asm/pgtable.h
+++ b/arch/parisc/include/asm/pgtable.h
@@ -83,7 +83,7 @@ static inline void purge_tlb_entries(str
 	printk("%s:%d: bad pgd %08lx.\n", __FILE__, __LINE__, (unsigned long)pgd_val(e))
 
 /* This is the size of the initially mapped kernel memory */
-#ifdef CONFIG_64BIT
+#if defined(CONFIG_64BIT) || defined(CONFIG_SMP)
 #define KERNEL_INITIAL_ORDER	25	/* 1<<25 = 32MB */
 #else
 #define KERNEL_INITIAL_ORDER	24	/* 1<<24 = 16MB */
--- a/arch/parisc/kernel/setup.c
+++ b/arch/parisc/kernel/setup.c
@@ -38,6 +38,7 @@
 #include <linux/export.h>
 
 #include <asm/processor.h>
+#include <asm/sections.h>
 #include <asm/pdc.h>
 #include <asm/led.h>
 #include <asm/machdep.h>	/* for pa7300lc_init() proto */
@@ -140,6 +141,13 @@ void __init setup_arch(char **cmdline_p)
 #endif
 	printk(KERN_CONT ".\n");
 
+	/*
+	 * Check if initial kernel page mappings are sufficient.
+	 * panic early if not, else we may access kernel functions
+	 * and variables which can't be reached.
+	 */
+	if (__pa((unsigned long) &_end) >= KERNEL_INITIAL_SIZE)
+		panic("KERNEL_INITIAL_ORDER too small!");
 
 	pdc_console_init();
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 022/140] parisc: Fix self-detected CPU stall warnings on Mako machines
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (18 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 021/140] parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 023/140] parisc: Fix kernel memory layout regarding position of __gp Greg Kroah-Hartman
                     ` (114 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Helge Deller <deller@gmx.de>

commit 92420bd0d01f040bbf754e1d090be49ca6a1c8d6 upstream.

The config option HAVE_UNSTABLE_SCHED_CLOCK is set automatically when compiling
for SMP. There is no need to clear the stable-clock flag via
clear_sched_clock_stable() when starting secondary CPUs, and even worse,
clearing it triggers wrong self-detected CPU stall warnings on 64bit Mako
machines.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/parisc/kernel/time.c |    6 ------
 1 file changed, 6 deletions(-)

--- a/arch/parisc/kernel/time.c
+++ b/arch/parisc/kernel/time.c
@@ -226,12 +226,6 @@ void __init start_cpu_itimer(void)
 	unsigned int cpu = smp_processor_id();
 	unsigned long next_tick = mfctl(16) + clocktick;
 
-#if defined(CONFIG_HAVE_UNSTABLE_SCHED_CLOCK) && defined(CONFIG_64BIT)
-	/* With multiple 64bit CPUs online, the cr16's are not syncronized. */
-	if (cpu != 0)
-		clear_sched_clock_stable();
-#endif
-
 	mtctl(next_tick, 16);		/* kick off Interval Timer (CR16) */
 
 	per_cpu(cpu_data, cpu).it_value = next_tick;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 023/140] parisc: Fix kernel memory layout regarding position of __gp
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (19 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 022/140] parisc: Fix self-detected CPU stall warnings on Mako machines Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 024/140] parisc: Increase initial kernel mapping size Greg Kroah-Hartman
                     ` (113 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Helge Deller <deller@gmx.de>

commit f8850abb7ba68229838014b3409460e576751c6d upstream.

Architecturally we need to keep __gp below 0x1000000.

But because of ftrace and tracepoint support, the RO_DATA_SECTION now gets much
bigger than it was before. By moving the linkage tables before RO_DATA_SECTION
we can avoid that __gp gets positioned at a too high address.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/parisc/kernel/vmlinux.lds.S |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/arch/parisc/kernel/vmlinux.lds.S
+++ b/arch/parisc/kernel/vmlinux.lds.S
@@ -89,8 +89,9 @@ SECTIONS
 	/* Start of data section */
 	_sdata = .;
 
-	RO_DATA_SECTION(8)
-
+	/* Architecturally we need to keep __gp below 0x1000000 and thus
+	 * in front of RO_DATA_SECTION() which stores lots of tracepoint
+	 * and ftrace symbols. */
 #ifdef CONFIG_64BIT
 	. = ALIGN(16);
 	/* Linkage tables */
@@ -105,6 +106,8 @@ SECTIONS
 	}
 #endif
 
+	RO_DATA_SECTION(8)
+
 	/* unwind info */
 	.PARISC.unwind : {
 		__start___unwind = .;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 024/140] parisc: Increase initial kernel mapping size
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (20 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 023/140] parisc: Fix kernel memory layout regarding position of __gp Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 025/140] pstore/ramoops: fixup driver removal Greg Kroah-Hartman
                     ` (112 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Helge Deller <deller@gmx.de>

commit 65bf34f59594c11f13d371c5334a6a0a385cd7ae upstream.

Increase the initial kernel default page mapping size for 64-bit kernels to
64 MB and for 32-bit kernels to 32 MB.

Due to the additional support of ftrace, tracepoint and huge pages the kernel
size can exceed the sizes we used up to now.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/parisc/include/asm/pgtable.h |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/arch/parisc/include/asm/pgtable.h
+++ b/arch/parisc/include/asm/pgtable.h
@@ -83,10 +83,10 @@ static inline void purge_tlb_entries(str
 	printk("%s:%d: bad pgd %08lx.\n", __FILE__, __LINE__, (unsigned long)pgd_val(e))
 
 /* This is the size of the initially mapped kernel memory */
-#if defined(CONFIG_64BIT) || defined(CONFIG_SMP)
-#define KERNEL_INITIAL_ORDER	25	/* 1<<25 = 32MB */
+#if defined(CONFIG_64BIT)
+#define KERNEL_INITIAL_ORDER	26	/* 1<<26 = 64MB */
 #else
-#define KERNEL_INITIAL_ORDER	24	/* 1<<24 = 16MB */
+#define KERNEL_INITIAL_ORDER	25	/* 1<<25 = 32MB */
 #endif
 #define KERNEL_INITIAL_SIZE	(1 << KERNEL_INITIAL_ORDER)
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 025/140] pstore/ramoops: fixup driver removal
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (21 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 024/140] parisc: Increase initial kernel mapping size Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 027/140] pstore/ram: Use memcpy_toio instead of memcpy Greg Kroah-Hartman
                     ` (111 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anton Vorontsov, Colin Cross,
	Kees Cook, Tony Luck, Namhyung Kim, Sebastian Andrzej Siewior

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

commit 4407de74df18ed405cc5998990004c813ccfdbde upstream.

A basic rmmod ramoops segfaults. Let's see why.

Since commit 34f0ec82e0a9 ("pstore: Correct the max_dump_cnt clearing of
ramoops") sets ->max_dump_cnt to zero before looping over ->przs but we
didn't use it before that either.

And since commit ee1d267423a1 ("pstore: add pstore unregister") we free
that memory on rmmod.

But even then, we looped until a NULL pointer or ERR. I don't see where
it is ensured that the last member is NULL. Let's try this instead:
simply error recovery and free. Clean up in error case where resources
were allocated. And then, in the free path, rely on ->max_dump_cnt in
the free path.

Cc: Anton Vorontsov <anton@enomsg.org>
Cc: Colin Cross <ccross@android.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/pstore/ram.c |   17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

--- a/fs/pstore/ram.c
+++ b/fs/pstore/ram.c
@@ -377,13 +377,14 @@ static void ramoops_free_przs(struct ram
 {
 	int i;
 
-	cxt->max_dump_cnt = 0;
 	if (!cxt->przs)
 		return;
 
-	for (i = 0; !IS_ERR_OR_NULL(cxt->przs[i]); i++)
+	for (i = 0; i < cxt->max_dump_cnt; i++)
 		persistent_ram_free(cxt->przs[i]);
+
 	kfree(cxt->przs);
+	cxt->max_dump_cnt = 0;
 }
 
 static int ramoops_init_przs(struct device *dev, struct ramoops_context *cxt,
@@ -408,7 +409,7 @@ static int ramoops_init_przs(struct devi
 			     GFP_KERNEL);
 	if (!cxt->przs) {
 		dev_err(dev, "failed to initialize a prz array for dumps\n");
-		goto fail_prz;
+		goto fail_mem;
 	}
 
 	for (i = 0; i < cxt->max_dump_cnt; i++) {
@@ -419,6 +420,11 @@ static int ramoops_init_przs(struct devi
 			err = PTR_ERR(cxt->przs[i]);
 			dev_err(dev, "failed to request mem region (0x%zx@0x%llx): %d\n",
 				cxt->record_size, (unsigned long long)*paddr, err);
+
+			while (i > 0) {
+				i--;
+				persistent_ram_free(cxt->przs[i]);
+			}
 			goto fail_prz;
 		}
 		*paddr += cxt->record_size;
@@ -426,7 +432,9 @@ static int ramoops_init_przs(struct devi
 
 	return 0;
 fail_prz:
-	ramoops_free_przs(cxt);
+	kfree(cxt->przs);
+fail_mem:
+	cxt->max_dump_cnt = 0;
 	return err;
 }
 
@@ -659,7 +667,6 @@ static int ramoops_remove(struct platfor
 	struct ramoops_context *cxt = &oops_cxt;
 
 	pstore_unregister(&cxt->pstore);
-	cxt->max_dump_cnt = 0;
 
 	kfree(cxt->pstore.buf);
 	cxt->pstore.bufsize = 0;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 027/140] pstore/ram: Use memcpy_toio instead of memcpy
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (22 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 025/140] pstore/ramoops: fixup driver removal Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 028/140] pstore/ram: Use memcpy_fromio() to save old buffer Greg Kroah-Hartman
                     ` (110 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Furquan Shaikh, Enric Balletbo Serra,
	Aaron Durbin, Olof Johansson, Furquan Shaikh, Kees Cook

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Furquan Shaikh <furquan@google.com>

commit 7e75678d23167c2527e655658a8ef36a36c8b4d9 upstream.

persistent_ram_update uses vmap / iomap based on whether the buffer is in
memory region or reserved region. However, both map it as non-cacheable
memory. For armv8 specifically, non-cacheable mapping requests use a
memory type that has to be accessed aligned to the request size. memcpy()
doesn't guarantee that.

Signed-off-by: Furquan Shaikh <furquan@google.com>
Signed-off-by: Enric Balletbo Serra <enric.balletbo@collabora.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/pstore/ram_core.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -263,7 +263,7 @@ static void notrace persistent_ram_updat
 	const void *s, unsigned int start, unsigned int count)
 {
 	struct persistent_ram_buffer *buffer = prz->buffer;
-	memcpy(buffer->data + start, s, count);
+	memcpy_toio(buffer->data + start, s, count);
 	persistent_ram_update_ecc(prz, start, count);
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 028/140] pstore/ram: Use memcpy_fromio() to save old buffer
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (23 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 027/140] pstore/ram: Use memcpy_toio instead of memcpy Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 029/140] perf intel-pt: Fix snapshot overlap detection decoder errors Greg Kroah-Hartman
                     ` (109 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrew Bresticker,
	Enric Balletbo Serra, Puneet Kumar, Kees Cook

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andrew Bresticker <abrestic@chromium.org>

commit d771fdf94180de2bd811ac90cba75f0f346abf8d upstream.

The ramoops buffer may be mapped as either I/O memory or uncached
memory.  On ARM64, this results in a device-type (strongly-ordered)
mapping.  Since unnaligned accesses to device-type memory will
generate an alignment fault (regardless of whether or not strict
alignment checking is enabled), it is not safe to use memcpy().
memcpy_fromio() is guaranteed to only use aligned accesses, so use
that instead.

Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Signed-off-by: Enric Balletbo Serra <enric.balletbo@collabora.com>
Reviewed-by: Puneet Kumar <puneetster@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/pstore/ram_core.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -286,8 +286,8 @@ void persistent_ram_save_old(struct pers
 	}
 
 	prz->old_log_size = size;
-	memcpy(prz->old_log, &buffer->data[start], size - start);
-	memcpy(prz->old_log + size - start, &buffer->data[0], start);
+	memcpy_fromio(prz->old_log, &buffer->data[start], size - start);
+	memcpy_fromio(prz->old_log + size - start, &buffer->data[0], start);
 }
 
 int notrace persistent_ram_write(struct persistent_ram_zone *prz,

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 029/140] perf intel-pt: Fix snapshot overlap detection decoder errors
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (24 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 028/140] pstore/ram: Use memcpy_fromio() to save old buffer Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 030/140] perf intel-pt: Fix estimated timestamps for cycle-accurate mode Greg Kroah-Hartman
                     ` (108 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
	Masami Hiramatsu, Mathieu Poirier, Arnaldo Carvalho de Melo

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adrian Hunter <adrian.hunter@intel.com>

commit 810c398bc09b2f2dfde52a7d2483a710612c5fb8 upstream.

Fix occasional decoder errors decoding trace data collected in snapshot
mode.

Snapshot mode can take successive snapshots of trace which might overlap.
The decoder checks whether there is an overlap but only looks at the
current and previous buffer. However buffers that do not contain
synchronization (i.e. PSB) packets cannot be decoded or used for overlap
checking. That means the decoder actually needs to check overlaps between
the current buffer and the previous buffer that contained usable data.
Make that change.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: http://lkml.kernel.org/r/1474641528-18776-10-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/intel-pt.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -241,7 +241,7 @@ static int intel_pt_get_trace(struct int
 	}
 
 	queue = &ptq->pt->queues.queue_array[ptq->queue_nr];
-
+next:
 	buffer = auxtrace_buffer__next(queue, buffer);
 	if (!buffer) {
 		if (old_buffer)
@@ -264,9 +264,6 @@ static int intel_pt_get_trace(struct int
 	    intel_pt_do_fix_overlap(ptq->pt, old_buffer, buffer))
 		return -ENOMEM;
 
-	if (old_buffer)
-		auxtrace_buffer__drop_data(old_buffer);
-
 	if (buffer->use_data) {
 		b->len = buffer->use_size;
 		b->buf = buffer->use_data;
@@ -276,6 +273,16 @@ static int intel_pt_get_trace(struct int
 	}
 	b->ref_timestamp = buffer->reference;
 
+	/*
+	 * If in snapshot mode and the buffer has no usable data, get next
+	 * buffer and again check overlap against old_buffer.
+	 */
+	if (ptq->pt->snapshot_mode && !b->len)
+		goto next;
+
+	if (old_buffer)
+		auxtrace_buffer__drop_data(old_buffer);
+
 	if (!old_buffer || ptq->pt->sampling_mode || (ptq->pt->snapshot_mode &&
 						      !buffer->consecutive)) {
 		b->consecutive = false;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 030/140] perf intel-pt: Fix estimated timestamps for cycle-accurate mode
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (25 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 029/140] perf intel-pt: Fix snapshot overlap detection decoder errors Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 031/140] perf intel-pt: Fix MTC timestamp calculation for large MTC periods Greg Kroah-Hartman
                     ` (107 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
	Arnaldo Carvalho de Melo

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adrian Hunter <adrian.hunter@intel.com>

commit 51ee6481fa8e879cc942bcc1b0af713e158b7a98 upstream.

In cycle-accurate mode, timestamps can be calculated from CYC packets.
The decoder also estimates timestamps based on the number of
instructions since the last timestamp. For that to work in
cycle-accurate mode, the instruction count needs to be reset to zero
when a timestamp is calculated from a CYC packet, but that wasn't
happening, so fix it.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Link: http://lkml.kernel.org/r/1475062896-22274-1-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -1323,6 +1323,8 @@ static void intel_pt_calc_cyc_timestamp(
 			     timestamp, decoder->timestamp);
 	else
 		decoder->timestamp = timestamp;
+
+	decoder->timestamp_insn_cnt = 0;
 }
 
 /* Walk PSB+ packets when already in sync. */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 031/140] perf intel-pt: Fix MTC timestamp calculation for large MTC periods
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (26 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 030/140] perf intel-pt: Fix estimated timestamps for cycle-accurate mode Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 032/140] dm: mark request_queue dead before destroying the DM device Greg Kroah-Hartman
                     ` (106 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
	Arnaldo Carvalho de Melo

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adrian Hunter <adrian.hunter@intel.com>

commit 3bccbe20f6d188ce7b00326e776b745cfd35b10a upstream.

The MTC packet provides a 8-bit slice of CTC which is related to TSC by
the TMA packet, however the TMA packet only provides the lower 16 bits
of CTC.  If mtc_shift > 8 then some of the MTC bits are not in the CTC
provided by the TMA packet. Fix-up the last_mtc calculated from the TMA
packet by copying the missing bits from the current MTC assuming the
least difference between the two, and that the current MTC comes after
last_mtc.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Link: http://lkml.kernel.org/r/1475062896-22274-2-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |   36 ++++++++++++++++++++
 1 file changed, 36 insertions(+)

--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -89,6 +89,7 @@ struct intel_pt_decoder {
 	bool pge;
 	bool have_tma;
 	bool have_cyc;
+	bool fixup_last_mtc;
 	uint64_t pos;
 	uint64_t last_ip;
 	uint64_t ip;
@@ -584,10 +585,31 @@ struct intel_pt_calc_cyc_to_tsc_info {
 	uint64_t        tsc_timestamp;
 	uint64_t        timestamp;
 	bool            have_tma;
+	bool            fixup_last_mtc;
 	bool            from_mtc;
 	double          cbr_cyc_to_tsc;
 };
 
+/*
+ * MTC provides a 8-bit slice of CTC but the TMA packet only provides the lower
+ * 16 bits of CTC. If mtc_shift > 8 then some of the MTC bits are not in the CTC
+ * provided by the TMA packet. Fix-up the last_mtc calculated from the TMA
+ * packet by copying the missing bits from the current MTC assuming the least
+ * difference between the two, and that the current MTC comes after last_mtc.
+ */
+static void intel_pt_fixup_last_mtc(uint32_t mtc, int mtc_shift,
+				    uint32_t *last_mtc)
+{
+	uint32_t first_missing_bit = 1U << (16 - mtc_shift);
+	uint32_t mask = ~(first_missing_bit - 1);
+
+	*last_mtc |= mtc & mask;
+	if (*last_mtc >= mtc) {
+		*last_mtc -= first_missing_bit;
+		*last_mtc &= 0xff;
+	}
+}
+
 static int intel_pt_calc_cyc_cb(struct intel_pt_pkt_info *pkt_info)
 {
 	struct intel_pt_decoder *decoder = pkt_info->decoder;
@@ -617,6 +639,11 @@ static int intel_pt_calc_cyc_cb(struct i
 			return 0;
 
 		mtc = pkt_info->packet.payload;
+		if (decoder->mtc_shift > 8 && data->fixup_last_mtc) {
+			data->fixup_last_mtc = false;
+			intel_pt_fixup_last_mtc(mtc, decoder->mtc_shift,
+						&data->last_mtc);
+		}
 		if (mtc > data->last_mtc)
 			mtc_delta = mtc - data->last_mtc;
 		else
@@ -685,6 +712,7 @@ static int intel_pt_calc_cyc_cb(struct i
 
 		data->ctc_delta = 0;
 		data->have_tma = true;
+		data->fixup_last_mtc = true;
 
 		return 0;
 
@@ -751,6 +779,7 @@ static void intel_pt_calc_cyc_to_tsc(str
 		.tsc_timestamp  = decoder->tsc_timestamp,
 		.timestamp      = decoder->timestamp,
 		.have_tma       = decoder->have_tma,
+		.fixup_last_mtc = decoder->fixup_last_mtc,
 		.from_mtc       = from_mtc,
 		.cbr_cyc_to_tsc = 0,
 	};
@@ -1241,6 +1270,7 @@ static void intel_pt_calc_tma(struct int
 	}
 	decoder->ctc_delta = 0;
 	decoder->have_tma = true;
+	decoder->fixup_last_mtc = true;
 	intel_pt_log("CTC timestamp " x64_fmt " last MTC %#x  CTC rem %#x\n",
 		     decoder->ctc_timestamp, decoder->last_mtc, ctc_rem);
 }
@@ -1255,6 +1285,12 @@ static void intel_pt_calc_mtc_timestamp(
 
 	mtc = decoder->packet.payload;
 
+	if (decoder->mtc_shift > 8 && decoder->fixup_last_mtc) {
+		decoder->fixup_last_mtc = false;
+		intel_pt_fixup_last_mtc(mtc, decoder->mtc_shift,
+					&decoder->last_mtc);
+	}
+
 	if (mtc > decoder->last_mtc)
 		mtc_delta = mtc - decoder->last_mtc;
 	else

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 032/140] dm: mark request_queue dead before destroying the DM device
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (27 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 031/140] perf intel-pt: Fix MTC timestamp calculation for large MTC periods Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 033/140] dm: return correct error code in dm_resume()s retry loop Greg Kroah-Hartman
                     ` (105 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Mike Snitzer

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bart.vanassche@sandisk.com>

commit 3b785fbcf81c3533772c52b717f77293099498d3 upstream.

This avoids that new requests are queued while __dm_destroy() is in
progress.

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1873,6 +1873,7 @@ EXPORT_SYMBOL_GPL(dm_device_name);
 
 static void __dm_destroy(struct mapped_device *md, bool wait)
 {
+	struct request_queue *q = dm_get_md_queue(md);
 	struct dm_table *map;
 	int srcu_idx;
 
@@ -1883,6 +1884,10 @@ static void __dm_destroy(struct mapped_d
 	set_bit(DMF_FREEING, &md->flags);
 	spin_unlock(&_minor_lock);
 
+	spin_lock_irq(q->queue_lock);
+	queue_flag_set(QUEUE_FLAG_DYING, q);
+	spin_unlock_irq(q->queue_lock);
+
 	if (dm_request_based(md) && md->kworker_task)
 		flush_kthread_worker(&md->kworker);
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 033/140] dm: return correct error code in dm_resume()s retry loop
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (28 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 032/140] dm: mark request_queue dead before destroying the DM device Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 034/140] dm rq: take request_queue lock while clearing QUEUE_FLAG_STOPPED Greg Kroah-Hartman
                     ` (104 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Minfei Huang, Mike Snitzer

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Minfei Huang <mnghuan@gmail.com>

commit 8dc23658b7aaa8b6b0609c81c8ad75e98b612801 upstream.

dm_resume() will return success (0) rather than -EINVAL if
!dm_suspended_md() upon retry within dm_resume().

Reset the error code at the start of dm_resume()'s retry loop.
Also, remove a useless assignment at the end of dm_resume().

Fixes: ffcc393641 ("dm: enhance internal suspend and resume interface")
Signed-off-by: Minfei Huang <mnghuan@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2254,10 +2254,11 @@ static int __dm_resume(struct mapped_dev
 
 int dm_resume(struct mapped_device *md)
 {
-	int r = -EINVAL;
+	int r;
 	struct dm_table *map = NULL;
 
 retry:
+	r = -EINVAL;
 	mutex_lock_nested(&md->suspend_lock, SINGLE_DEPTH_NESTING);
 
 	if (!dm_suspended_md(md))
@@ -2281,8 +2282,6 @@ retry:
 		goto out;
 
 	clear_bit(DMF_SUSPENDED, &md->flags);
-
-	r = 0;
 out:
 	mutex_unlock(&md->suspend_lock);
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 034/140] dm rq: take request_queue lock while clearing QUEUE_FLAG_STOPPED
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (29 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 033/140] dm: return correct error code in dm_resume()s retry loop Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 035/140] dm mpath: check if paths request_queue is dying in activate_path() Greg Kroah-Hartman
                     ` (103 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Mike Snitzer

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mike Snitzer <snitzer@redhat.com>

commit 9dbeaeabacb26260d1621fe58f0f6fdedc8860d4 upstream.

Every call of queue_flag_clear_unlocked() after block device
initialization has finished is wrong if blk_cleanup_queue() can be
called concurrently.  Convert queue_flag_clear_unlocked() into
queue_flag_clear() and protect it by the block layer queue lock.

Also, factor out dm_mq_start_queue().

Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm-rq.c |   19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

--- a/drivers/md/dm-rq.c
+++ b/drivers/md/dm-rq.c
@@ -73,15 +73,24 @@ static void dm_old_start_queue(struct re
 	spin_unlock_irqrestore(q->queue_lock, flags);
 }
 
+static void dm_mq_start_queue(struct request_queue *q)
+{
+	unsigned long flags;
+
+	spin_lock_irqsave(q->queue_lock, flags);
+	queue_flag_clear(QUEUE_FLAG_STOPPED, q);
+	spin_unlock_irqrestore(q->queue_lock, flags);
+
+	blk_mq_start_stopped_hw_queues(q, true);
+	blk_mq_kick_requeue_list(q);
+}
+
 void dm_start_queue(struct request_queue *q)
 {
 	if (!q->mq_ops)
 		dm_old_start_queue(q);
-	else {
-		queue_flag_clear_unlocked(QUEUE_FLAG_STOPPED, q);
-		blk_mq_start_stopped_hw_queues(q, true);
-		blk_mq_kick_requeue_list(q);
-	}
+	else
+		dm_mq_start_queue(q);
 }
 
 static void dm_old_stop_queue(struct request_queue *q)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 035/140] dm mpath: check if paths request_queue is dying in activate_path()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (30 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 034/140] dm rq: take request_queue lock while clearing QUEUE_FLAG_STOPPED Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 036/140] dm crypt: fix crash on exit Greg Kroah-Hartman
                     ` (102 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Mike Snitzer

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mike Snitzer <snitzer@redhat.com>

commit f10e06b744074824fb8ec7066bc03ecc90918f5b upstream.

If pg_init_retries is set and a request is queued against a multipath
device with all underlying block device request_queues in the "dying"
state then an infinite loop is triggered because activate_path() never
succeeds and hence never calls pg_init_done().

This change avoids that device removal triggers an infinite loop by
failing the activate_path() which causes the "dying" path to be failed.

Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm-mpath.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -1521,10 +1521,10 @@ static void activate_path(struct work_st
 {
 	struct pgpath *pgpath =
 		container_of(work, struct pgpath, activate_path.work);
+	struct request_queue *q = bdev_get_queue(pgpath->path.dev->bdev);
 
-	if (pgpath->is_active)
-		scsi_dh_activate(bdev_get_queue(pgpath->path.dev->bdev),
-				 pg_init_done, pgpath);
+	if (pgpath->is_active && !blk_queue_dying(q))
+		scsi_dh_activate(q, pg_init_done, pgpath);
 	else
 		pg_init_done(pgpath, SCSI_DH_DEV_OFFLINED);
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 036/140] dm crypt: fix crash on exit
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (31 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 035/140] dm mpath: check if paths request_queue is dying in activate_path() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 037/140] powerpc/xmon: Dont use ld on 32-bit Greg Kroah-Hartman
                     ` (101 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Rabin Vincent, Mike Snitzer

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rabin Vincent <rabinv@axis.com>

commit f659b10087daaf4ce0087c3f6aec16746be9628f upstream.

As the documentation for kthread_stop() says, "if threadfn() may call
do_exit() itself, the caller must ensure task_struct can't go away".
dm-crypt does not ensure this and therefore crashes when crypt_dtr()
calls kthread_stop().  The crash is trivially reproducible by adding a
delay before the call to kthread_stop() and just opening and closing a
dm-crypt device.

 general protection fault: 0000 [#1] PREEMPT SMP
 CPU: 0 PID: 533 Comm: cryptsetup Not tainted 4.8.0-rc7+ #7
 task: ffff88003bd0df40 task.stack: ffff8800375b4000
 RIP: 0010: kthread_stop+0x52/0x300
 Call Trace:
  crypt_dtr+0x77/0x120
  dm_table_destroy+0x6f/0x120
  __dm_destroy+0x130/0x250
  dm_destroy+0x13/0x20
  dev_remove+0xe6/0x120
  ? dev_suspend+0x250/0x250
  ctl_ioctl+0x1fc/0x530
  ? __lock_acquire+0x24f/0x1b10
  dm_ctl_ioctl+0x13/0x20
  do_vfs_ioctl+0x91/0x6a0
  ? ____fput+0xe/0x10
  ? entry_SYSCALL_64_fastpath+0x5/0xbd
  ? trace_hardirqs_on_caller+0x151/0x1e0
  SyS_ioctl+0x41/0x70
  entry_SYSCALL_64_fastpath+0x1f/0xbd

This problem was introduced by bcbd94ff481e ("dm crypt: fix a possible
hang due to race condition on exit").

Looking at the description of that patch (excerpted below), it seems
like the problem it addresses can be solved by just using
set_current_state instead of __set_current_state, since we obviously
need the memory barrier.

| dm crypt: fix a possible hang due to race condition on exit
|
| A kernel thread executes __set_current_state(TASK_INTERRUPTIBLE),
| __add_wait_queue, spin_unlock_irq and then tests kthread_should_stop().
| It is possible that the processor reorders memory accesses so that
| kthread_should_stop() is executed before __set_current_state().  If
| such reordering happens, there is a possible race on thread
| termination: [...]

So this patch just reverts the aforementioned patch and changes the
__set_current_state(TASK_INTERRUPTIBLE) to set_current_state(...).  This
fixes the crash and should also fix the potential hang.

Fixes: bcbd94ff481e ("dm crypt: fix a possible hang due to race condition on exit")
Cc: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Rabin Vincent <rabinv@axis.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm-crypt.c |   24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -113,8 +113,7 @@ struct iv_tcw_private {
  * and encrypts / decrypts at the same time.
  */
 enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID,
-	     DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD,
-	     DM_CRYPT_EXIT_THREAD};
+	     DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD };
 
 /*
  * The fields in here must be read only after initialization.
@@ -1207,18 +1206,20 @@ continue_locked:
 		if (!RB_EMPTY_ROOT(&cc->write_tree))
 			goto pop_from_list;
 
-		if (unlikely(test_bit(DM_CRYPT_EXIT_THREAD, &cc->flags))) {
-			spin_unlock_irq(&cc->write_thread_wait.lock);
-			break;
-		}
-
-		__set_current_state(TASK_INTERRUPTIBLE);
+		set_current_state(TASK_INTERRUPTIBLE);
 		__add_wait_queue(&cc->write_thread_wait, &wait);
 
 		spin_unlock_irq(&cc->write_thread_wait.lock);
 
+		if (unlikely(kthread_should_stop())) {
+			set_task_state(current, TASK_RUNNING);
+			remove_wait_queue(&cc->write_thread_wait, &wait);
+			break;
+		}
+
 		schedule();
 
+		set_task_state(current, TASK_RUNNING);
 		spin_lock_irq(&cc->write_thread_wait.lock);
 		__remove_wait_queue(&cc->write_thread_wait, &wait);
 		goto continue_locked;
@@ -1533,13 +1534,8 @@ static void crypt_dtr(struct dm_target *
 	if (!cc)
 		return;
 
-	if (cc->write_thread) {
-		spin_lock_irq(&cc->write_thread_wait.lock);
-		set_bit(DM_CRYPT_EXIT_THREAD, &cc->flags);
-		wake_up_locked(&cc->write_thread_wait);
-		spin_unlock_irq(&cc->write_thread_wait.lock);
+	if (cc->write_thread)
 		kthread_stop(cc->write_thread);
-	}
 
 	if (cc->io_queue)
 		destroy_workqueue(cc->io_queue);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 037/140] powerpc/xmon: Dont use ld on 32-bit
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (32 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 036/140] dm crypt: fix crash on exit Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 038/140] powerpc/vdso64: Use double word compare on pointers Greg Kroah-Hartman
                     ` (100 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, John Paul Adrian Glaubitz, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Ellerman <mpe@ellerman.id.au>

commit b42d9023a31e384504f5b53fc9a437d5536a3f63 upstream.

In commit 31cdd0c39c75 ("powerpc/xmon: Fix SPR read/write commands and
add command to dump SPRs") I added two uses of the "ld" instruction in
spr_access.S. "ld" is a 64-bit instruction, so shouldn't be used on
32-bit CPUs.

Replace it with PPC_LL which is a macro that gives us either "ld" or
"lwz" depending on whether we're 64 or 32-bit.

Fixes: 31cdd0c39c75 ("powerpc/xmon: Fix SPR read/write commands and add command to dump SPRs")
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/xmon/spr_access.S |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/xmon/spr_access.S
+++ b/arch/powerpc/xmon/spr_access.S
@@ -2,12 +2,12 @@
 
 /* unsigned long xmon_mfspr(sprn, default_value) */
 _GLOBAL(xmon_mfspr)
-	ld	r5, .Lmfspr_table@got(r2)
+	PPC_LL	r5, .Lmfspr_table@got(r2)
 	b	xmon_mxspr
 
 /* void xmon_mtspr(sprn, new_value) */
 _GLOBAL(xmon_mtspr)
-	ld	r5, .Lmtspr_table@got(r2)
+	PPC_LL	r5, .Lmtspr_table@got(r2)
 	b	xmon_mxspr
 
 /*

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 038/140] powerpc/vdso64: Use double word compare on pointers
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (33 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 037/140] powerpc/xmon: Dont use ld on 32-bit Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 039/140] powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear() Greg Kroah-Hartman
                     ` (99 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anton Blanchard, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anton Blanchard <anton@samba.org>

commit 5045ea37377ce8cca6890d32b127ad6770e6dce5 upstream.

__kernel_get_syscall_map() and __kernel_clock_getres() use cmpli to
check if the passed in pointer is non zero. cmpli maps to a 32 bit
compare on binutils, so we ignore the top 32 bits.

A simple test case can be created by passing in a bogus pointer with
the bottom 32 bits clear. Using a clk_id that is handled by the VDSO,
then one that is handled by the kernel shows the problem:

  printf("%d\n", clock_getres(CLOCK_REALTIME, (void *)0x100000000));
  printf("%d\n", clock_getres(CLOCK_BOOTTIME, (void *)0x100000000));

And we get:

  0
  -1

The bigger issue is if we pass a valid pointer with the bottom 32 bits
clear, in this case we will return success but won't write any data
to the pointer.

I stumbled across this issue because the LLVM integrated assembler
doesn't accept cmpli with 3 arguments. Fix this by converting them to
cmpldi.

Fixes: a7f290dad32e ("[PATCH] powerpc: Merge vdso's and add vdso support to 32 bits kernel")
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/kernel/vdso64/datapage.S     |    2 +-
 arch/powerpc/kernel/vdso64/gettimeofday.S |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/kernel/vdso64/datapage.S
+++ b/arch/powerpc/kernel/vdso64/datapage.S
@@ -59,7 +59,7 @@ V_FUNCTION_BEGIN(__kernel_get_syscall_ma
 	bl	V_LOCAL_FUNC(__get_datapage)
 	mtlr	r12
 	addi	r3,r3,CFG_SYSCALL_MAP64
-	cmpli	cr0,r4,0
+	cmpldi	cr0,r4,0
 	crclr	cr0*4+so
 	beqlr
 	li	r0,NR_syscalls
--- a/arch/powerpc/kernel/vdso64/gettimeofday.S
+++ b/arch/powerpc/kernel/vdso64/gettimeofday.S
@@ -145,7 +145,7 @@ V_FUNCTION_BEGIN(__kernel_clock_getres)
 	bne	cr0,99f
 
 	li	r3,0
-	cmpli	cr0,r4,0
+	cmpldi	cr0,r4,0
 	crclr	cr0*4+so
 	beqlr
 	lis	r5,CLOCK_REALTIME_RES@h

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 039/140] powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (34 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 038/140] powerpc/vdso64: Use double word compare on pointers Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 040/140] powerpc/eeh: Null check uses of eeh_pe_bus_get Greg Kroah-Hartman
                     ` (98 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Mackerras, Gavin Shan,
	Russell Currey, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gavin Shan <gwshan@linux.vnet.ibm.com>

commit d63e51b31e0b655ed0f581b8a8fd4c4b4f8d1919 upstream.

The PE number (@frozen_pe_no), filled by opal_pci_next_error() is in
big-endian format. It should be converted to CPU-endian before it is
passed to opal_pci_eeh_freeze_clear() when clearing the frozen state if
the PE is invalid one. As Michael Ellerman pointed out, the issue is
also detected by sparse:

  eeh-powernv.c:1541:41: warning: incorrect type in argument 2 (different base types)

This passes CPU-endian PE number to opal_pci_eeh_freeze_clear() and it
should be part of commit <0f36db77643b> ("powerpc/eeh: Fix wrong printed
PE number"), which was merged to 4.3 kernel.

Fixes: 71b540adffd9 ("powerpc/powernv: Don't escalate non-existing frozen PE")
Suggested-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/powernv/eeh-powernv.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -1538,7 +1538,7 @@ static int pnv_eeh_next_error(struct eeh
 
 				/* Try best to clear it */
 				opal_pci_eeh_freeze_clear(phb->opal_id,
-					frozen_pe_no,
+					be64_to_cpu(frozen_pe_no),
 					OPAL_EEH_ACTION_CLEAR_FREEZE_ALL);
 				ret = EEH_NEXT_ERR_NONE;
 			} else if ((*pe)->state & EEH_PE_ISOLATED ||

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 040/140] powerpc/eeh: Null check uses of eeh_pe_bus_get
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (35 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 039/140] powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 041/140] powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag() Greg Kroah-Hartman
                     ` (97 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Russell Currey, Andrew Donnellan,
	Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Russell Currey <ruscur@russell.cc>

commit 04fec21c06e35b169a83e75a84a015ab4606bf5e upstream.

eeh_pe_bus_get() can return NULL if a PCI bus isn't found for a given PE.
Some callers don't check this, and can cause a null pointer dereference
under certain circumstances.

Fix this by checking NULL everywhere eeh_pe_bus_get() is called.

Fixes: 8a6b1bc70dbb ("powerpc/eeh: EEH core to handle special event")
Signed-off-by: Russell Currey <ruscur@russell.cc>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/kernel/eeh_driver.c             |    8 ++++++++
 arch/powerpc/platforms/powernv/eeh-powernv.c |    5 +++++
 2 files changed, 13 insertions(+)

--- a/arch/powerpc/kernel/eeh_driver.c
+++ b/arch/powerpc/kernel/eeh_driver.c
@@ -994,6 +994,14 @@ static void eeh_handle_special_event(voi
 				/* Notify all devices to be down */
 				eeh_pe_state_clear(pe, EEH_PE_PRI_BUS);
 				bus = eeh_pe_bus_get(phb_pe);
+				if (!bus) {
+					pr_err("%s: Cannot find PCI bus for "
+					       "PHB#%d-PE#%x\n",
+					       __func__,
+					       pe->phb->global_number,
+					       pe->addr);
+					break;
+				}
 				eeh_pe_dev_traverse(pe,
 					eeh_report_failure, NULL);
 				pci_hp_remove_devices(bus);
--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -1091,6 +1091,11 @@ static int pnv_eeh_reset(struct eeh_pe *
 	}
 
 	bus = eeh_pe_bus_get(pe);
+	if (!bus) {
+		pr_err("%s: Cannot find PCI bus for PHB#%d-PE#%x\n",
+			__func__, pe->phb->global_number, pe->addr);
+		return -EIO;
+	}
 	if (pe->type & EEH_PE_VF)
 		return pnv_eeh_reset_vf_pe(pe, option);
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 041/140] powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (36 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 040/140] powerpc/eeh: Null check uses of eeh_pe_bus_get Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 042/140] powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data() Greg Kroah-Hartman
                     ` (96 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Gavin Shan, Russell Currey

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gavin Shan <gwshan@linux.vnet.ibm.com>

commit a7032132d7560a8434e1f54b71efd7fa20f073bd upstream.

The hub diag-data type is filled with big-endian data by OPAL call
opal_pci_get_hub_diag_data(). We need convert it to CPU-endian value
before using it. The issue is reported by sparse as pointed by Michael
Ellerman:

  eeh-powernv.c:1309:21: warning: restricted __be16 degrades to integer

This converts hub diag-data type to CPU-endian before using it in
pnv_eeh_get_and_dump_hub_diag().

Fixes: 2a485ad7c88d ("powerpc/powernv: Drop PHB operation next_error()")
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/powernv/eeh-powernv.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -1311,7 +1311,7 @@ static void pnv_eeh_get_and_dump_hub_dia
 		return;
 	}
 
-	switch (data->type) {
+	switch (be16_to_cpu(data->type)) {
 	case OPAL_P7IOC_DIAG_TYPE_RGC:
 		pr_info("P7IOC diag-data for RGC\n\n");
 		pnv_eeh_dump_hub_diag_common(data);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 042/140] powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (37 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 041/140] powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 043/140] powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K Greg Kroah-Hartman
                     ` (95 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gavin Shan, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gavin Shan <gwshan@linux.vnet.ibm.com>

commit 5adaf8629b193f185ca5a1665b9e777a0579f518 upstream.

This fixes the warnings reported from sparse:

  pci.c:312:33: warning: restricted __be64 degrades to integer
  pci.c:313:33: warning: restricted __be64 degrades to integer

Fixes: cee72d5bb489 ("powerpc/powernv: Display diag data on p7ioc EEH errors")
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/powernv/pci.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/platforms/powernv/pci.c
+++ b/arch/powerpc/platforms/powernv/pci.c
@@ -309,8 +309,8 @@ static void pnv_pci_dump_p7ioc_diag_data
 			be64_to_cpu(data->dma1ErrorLog1));
 
 	for (i = 0; i < OPAL_P7IOC_NUM_PEST_REGS; i++) {
-		if ((data->pestA[i] >> 63) == 0 &&
-		    (data->pestB[i] >> 63) == 0)
+		if ((be64_to_cpu(data->pestA[i]) >> 63) == 0 &&
+		    (be64_to_cpu(data->pestB[i]) >> 63) == 0)
 			continue;
 
 		pr_info("PE[%3d] A/B: %016llx %016llx\n",

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 043/140] powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (38 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 042/140] powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data() Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 044/140] powerpc/64: Fix incorrect return value from __copy_tofrom_user Greg Kroah-Hartman
                     ` (94 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Santhosh, Aneesh Kumar K.V,
	Balbir Singh, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>

commit d5a1e42cb4be016a45a787953dd70c3bc4509da5 upstream.

For hugetlb to work with 4K page size, we need MAX_ORDER to be 13 or
more. When switching from a 64K page size to 4K linux page size using
make oldconfig, we end up with a CONFIG_FORCE_MAX_ZONEORDER value of 9.
This results in a 16M hugepage beiing considered as a gigantic huge page
which in turn results in failure to setup hugepages if gigantic hugepage
support is not enabled.

This also results in kernel crash with 4K radix configuration. We
hit the below BUG_ON on radix:

  kernel BUG at mm/huge_memory.c:364!
  Oops: Exception in kernel mode, sig: 5 [#1]
  SMP NR_CPUS=2048 NUMA PowerNV
  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.8.0-rc1-00006-gbae9cc6 #1
  task: c0000000f1af8000 task.stack: c0000000f1aec000
  NIP: c000000000c5fa0c LR: c000000000c5f9d8 CTR: c000000000c5f9a4
  REGS: c0000000f1aef920 TRAP: 0700   Not tainted (4.8.0-rc1-00006-gbae9cc6)
  MSR: 9000000102029033 <SF,HV,VEC,EE,ME,IR,DR,RI,LE,TM[E]>  CR: 24000844  XER: 00000000
  CFAR: c000000000c5f9e0 SOFTE: 1
  ....
  NIP [c000000000c5fa0c] hugepage_init+0x68/0x238
  LR [c000000000c5f9d8] hugepage_init+0x34/0x238

Fixes: a7ee539584acf ("powerpc/Kconfig: Update config option based on page size")
Reported-by: Santhosh <santhog4@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -637,7 +637,7 @@ config FORCE_MAX_ZONEORDER
 	int "Maximum zone order"
 	range 8 9 if PPC64 && PPC_64K_PAGES
 	default "9" if PPC64 && PPC_64K_PAGES
-	range 9 13 if PPC64 && !PPC_64K_PAGES
+	range 13 13 if PPC64 && !PPC_64K_PAGES
 	default "13" if PPC64 && !PPC_64K_PAGES
 	range 9 64 if PPC32 && PPC_16K_PAGES
 	default "9" if PPC32 && PPC_16K_PAGES

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 044/140] powerpc/64: Fix incorrect return value from __copy_tofrom_user
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (39 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 043/140] powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 045/140] powerpc/pseries: Fix stack corruption in htpe code Greg Kroah-Hartman
                     ` (93 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Mackerras, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Paul Mackerras <paulus@ozlabs.org>

commit 1a34439e5a0b2235e43f96816dbb15ee1154f656 upstream.

Debugging a data corruption issue with virtio-net/vhost-net led to
the observation that __copy_tofrom_user was occasionally returning
a value 16 larger than it should.  Since the return value from
__copy_tofrom_user is the number of bytes not copied, this means
that __copy_tofrom_user can occasionally return a value larger
than the number of bytes it was asked to copy.  In turn this can
cause higher-level copy functions such as copy_page_to_iter_iovec
to corrupt memory by copying data into the wrong memory locations.

It turns out that the failing case involves a fault on the store
at label 79, and at that point the first unmodified byte of the
destination is at R3 + 16.  Consequently the exception handler
for that store needs to add 16 to R3 before using it to work out
how many bytes were not copied, but in this one case it was not
adding the offset to R3.  To fix it, this moves the label 179 to
the point where we add 16 to R3.  I have checked manually all the
exception handlers for the loads and stores in this code and the
rest of them are correct (it would be excellent to have an
automated test of all the exception cases).

This bug has been present since this code was initially
committed in May 2002 to Linux version 2.5.20.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/lib/copyuser_64.S |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/lib/copyuser_64.S
+++ b/arch/powerpc/lib/copyuser_64.S
@@ -359,6 +359,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
 	addi	r3,r3,8
 171:
 177:
+179:
 	addi	r3,r3,8
 370:
 372:
@@ -373,7 +374,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
 173:
 174:
 175:
-179:
 181:
 184:
 186:

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 045/140] powerpc/pseries: Fix stack corruption in htpe code
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (40 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 044/140] powerpc/64: Fix incorrect return value from __copy_tofrom_user Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 046/140] powerpc/mm/hash64: Fix might_have_hea() check Greg Kroah-Hartman
                     ` (92 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Laurent Dufour, Aneesh Kumar K.V,
	Balbir Singh, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Laurent Dufour <ldufour@linux.vnet.ibm.com>

commit 05af40e885955065aee8bb7425058eb3e1adca08 upstream.

This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

  Oops: Kernel access of bad area, sig: 11 [#1]
  SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in: virtio_balloon ip_tables x_tables autofs4
  virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
  CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
  task: c000000005394880 task.stack: c000000005570000
  NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
  REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
  MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER: 20000000
  CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
  GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
  GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
  GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
  GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
  GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
  GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
  GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
  GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
  NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
  LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
  Call Trace:
  [c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
  [c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
  [c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
  [c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
  [c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
  [c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
  [c000000005573e30] [c000000000009560] system_call+0x38/0x108
  Instruction dump:
  fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
  7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a5272866f87 ("powerpc: Optimize hugepage invalidate")
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/pseries/lpar.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/platforms/pseries/lpar.c
+++ b/arch/powerpc/platforms/pseries/lpar.c
@@ -393,7 +393,7 @@ static void __pSeries_lpar_hugepage_inva
 					     unsigned long *vpn, int count,
 					     int psize, int ssize)
 {
-	unsigned long param[8];
+	unsigned long param[PLPAR_HCALL9_BUFSIZE];
 	int i = 0, pix = 0, rc;
 	unsigned long flags = 0;
 	int lock_tlbie = !mmu_has_feature(MMU_FTR_LOCKLESS_TLBIE);
@@ -522,7 +522,7 @@ static void pSeries_lpar_flush_hash_rang
 	unsigned long flags = 0;
 	struct ppc64_tlb_batch *batch = this_cpu_ptr(&ppc64_tlb_batch);
 	int lock_tlbie = !mmu_has_feature(MMU_FTR_LOCKLESS_TLBIE);
-	unsigned long param[9];
+	unsigned long param[PLPAR_HCALL9_BUFSIZE];
 	unsigned long hash, index, shift, hidx, slot;
 	real_pte_t pte;
 	int psize, ssize;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 046/140] powerpc/mm/hash64: Fix might_have_hea() check
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (41 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 045/140] powerpc/pseries: Fix stack corruption in htpe code Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 047/140] IB/srp: Fix infinite loop when FMR sg[0].offset != 0 Greg Kroah-Hartman
                     ` (91 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Denis Kirjanov, Jan Stancek,
	Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Ellerman <mpe@ellerman.id.au>

commit 08bf75ba852ef8304a84b6a030466b4b4850382e upstream.

In commit 2b4e3ad8f579 ("powerpc/mm/hash64: Don't test for machine type
to detect HEA special case") we changed the logic in might_have_hea()
to check FW_FEATURE_SPLPAR rather than machine_is(pseries).

However the check was incorrectly negated, leading to crashes on
machines with HEA adapters, such as:

  mm: Hashing failure ! EA=0xd000080080004040 access=0x800000000000000e current=NetworkManager
      trap=0x300 vsid=0x13d349c ssize=1 base psize=2 psize 2 pte=0xc0003cc033e701ae
  Unable to handle kernel paging request for data at address 0xd000080080004040
  Call Trace:
    .ehea_create_cq+0x148/0x340 [ehea] (unreliable)
    .ehea_up+0x258/0x1200 [ehea]
    .ehea_open+0x44/0x1a0 [ehea]
    ...

Fix it by removing the negation.

Fixes: 2b4e3ad8f579 ("powerpc/mm/hash64: Don't test for machine type to detect HEA special case")
Reported-by: Denis Kirjanov <kda@linux-powerpc.org>
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/mm/hash_utils_64.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/mm/hash_utils_64.c
+++ b/arch/powerpc/mm/hash_utils_64.c
@@ -526,7 +526,7 @@ static bool might_have_hea(void)
 	 */
 #ifdef CONFIG_IBMEBUS
 	return !cpu_has_feature(CPU_FTR_ARCH_207S) &&
-		!firmware_has_feature(FW_FEATURE_SPLPAR);
+		firmware_has_feature(FW_FEATURE_SPLPAR);
 #else
 	return false;
 #endif

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 047/140] IB/srp: Fix infinite loop when FMR sg[0].offset != 0
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (42 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 046/140] powerpc/mm/hash64: Fix might_have_hea() check Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 048/140] IB/core: correctly handle rdma_rw_init_mrs() failure Greg Kroah-Hartman
                     ` (90 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alex Estrin, Bart Van Assche, Doug Ledford

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bart.vanassche@sandisk.com>

commit 681cc3608355737c1effebc8145f95c8c3344bc3 upstream.

Avoid that mapping an sg-list in which the first element has a
non-zero offset triggers an infinite loop when using FMR. This
patch makes the FMR mapping code similar to that of ib_sg_to_pages().

Note: older Mellanox HCAs do not support non-zero offsets for FMR.
See also commit 8c4037b501ac ("IB/srp: always avoid non-zero offsets
into an FMR").

Reported-by: Alex Estrin <alex.estrin@intel.com>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/ulp/srp/ib_srp.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1400,7 +1400,9 @@ static int srp_map_sg_entry(struct srp_m
 
 	while (dma_len) {
 		unsigned offset = dma_addr & ~dev->mr_page_mask;
-		if (state->npages == dev->max_pages_per_mr || offset != 0) {
+
+		if (state->npages == dev->max_pages_per_mr ||
+		    (state->npages > 0 && offset != 0)) {
 			ret = srp_map_finish_fmr(state, ch);
 			if (ret)
 				return ret;
@@ -1417,12 +1419,12 @@ static int srp_map_sg_entry(struct srp_m
 	}
 
 	/*
-	 * If the last entry of the MR wasn't a full page, then we need to
+	 * If the end of the MR is not on a page boundary then we need to
 	 * close it out and start a new one -- we can only merge at page
 	 * boundaries.
 	 */
 	ret = 0;
-	if (len != dev->mr_page_size)
+	if ((dma_addr & ~dev->mr_page_mask) != 0)
 		ret = srp_map_finish_fmr(state, ch);
 	return ret;
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 048/140] IB/core: correctly handle rdma_rw_init_mrs() failure
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (43 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 047/140] IB/srp: Fix infinite loop when FMR sg[0].offset != 0 Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 049/140] ubi: Deal with interrupted erasures in WL Greg Kroah-Hartman
                     ` (89 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve Wise, Bart Van Assche, Doug Ledford

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve Wise <swise@opengridcomputing.com>

commit b6bc1c731f0b985e91f618561fc82c6e252dfaf4 upstream.

Function ib_create_qp() was failing to return an error when
rdma_rw_init_mrs() fails, causing a crash further down in ib_create_qp()
when trying to dereferece the qp pointer which was actually a negative
errno.

The crash:

crash> log|grep BUG
[  136.458121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
crash> bt
PID: 3736   TASK: ffff8808543215c0  CPU: 2   COMMAND: "kworker/u64:2"
 #0 [ffff88084d323340] machine_kexec at ffffffff8105fbb0
 #1 [ffff88084d3233b0] __crash_kexec at ffffffff81116758
 #2 [ffff88084d323480] crash_kexec at ffffffff8111682d
 #3 [ffff88084d3234b0] oops_end at ffffffff81032bd6
 #4 [ffff88084d3234e0] no_context at ffffffff8106e431
 #5 [ffff88084d323530] __bad_area_nosemaphore at ffffffff8106e610
 #6 [ffff88084d323590] bad_area_nosemaphore at ffffffff8106e6f4
 #7 [ffff88084d3235a0] __do_page_fault at ffffffff8106ebdc
 #8 [ffff88084d323620] do_page_fault at ffffffff8106f057
 #9 [ffff88084d323660] page_fault at ffffffff816e3148
    [exception RIP: ib_create_qp+427]
    RIP: ffffffffa02554fb  RSP: ffff88084d323718  RFLAGS: 00010246
    RAX: 0000000000000004  RBX: fffffffffffffff4  RCX: 000000018020001f
    RDX: ffff880830997fc0  RSI: 0000000000000001  RDI: ffff88085f407200
    RBP: ffff88084d323778   R8: 0000000000000001   R9: ffffea0020bae210
    R10: ffffea0020bae218  R11: 0000000000000001  R12: ffff88084d3237c8
    R13: 00000000fffffff4  R14: ffff880859fa5000  R15: ffff88082eb89800
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
#10 [ffff88084d323780] rdma_create_qp at ffffffffa0782681 [rdma_cm]
#11 [ffff88084d3237b0] nvmet_rdma_create_queue_ib at ffffffffa07c43f3 [nvmet_rdma]
#12 [ffff88084d323860] nvmet_rdma_alloc_queue at ffffffffa07c5ba9 [nvmet_rdma]
#13 [ffff88084d323900] nvmet_rdma_queue_connect at ffffffffa07c5c96 [nvmet_rdma]
#14 [ffff88084d323980] nvmet_rdma_cm_handler at ffffffffa07c6450 [nvmet_rdma]
#15 [ffff88084d3239b0] iw_conn_req_handler at ffffffffa0787480 [rdma_cm]
#16 [ffff88084d323a60] cm_conn_req_handler at ffffffffa0775f06 [iw_cm]
#17 [ffff88084d323ab0] process_event at ffffffffa0776019 [iw_cm]
#18 [ffff88084d323af0] cm_work_handler at ffffffffa0776170 [iw_cm]
#19 [ffff88084d323cb0] process_one_work at ffffffff810a1483
#20 [ffff88084d323d90] worker_thread at ffffffff810a211d
#21 [ffff88084d323ec0] kthread at ffffffff810a6c5c
#22 [ffff88084d323f50] ret_from_fork at ffffffff816e1ebf

Fixes: 632bc3f65081 ("IB/core, RDMA RW API: Do not exceed QP SGE send limit")
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/core/verbs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/infiniband/core/verbs.c
+++ b/drivers/infiniband/core/verbs.c
@@ -821,7 +821,7 @@ struct ib_qp *ib_create_qp(struct ib_pd
 		if (ret) {
 			pr_err("failed to init MR pool ret= %d\n", ret);
 			ib_destroy_qp(qp);
-			qp = ERR_PTR(ret);
+			return ERR_PTR(ret);
 		}
 	}
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 049/140] ubi: Deal with interrupted erasures in WL
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (44 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 048/140] IB/core: correctly handle rdma_rw_init_mrs() failure Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 050/140] zfcp: fix fc_host port_type with NPIV Greg Kroah-Hartman
                     ` (88 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Richard Weinberger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Richard Weinberger <richard@nod.at>

commit 2365418879e9abf12ea9def7f9f3caf0dfa7ffb0 upstream.

When Fastmap is used we can face here an -EBADMSG
since Fastmap cannot know about unmaps.
If the erasure was interrupted the PEB may show ECC
errors and UBI would go to ro-mode as it assumes
that the PEB was check during attach time, which is
not the case with Fastmap.

Fixes: dbb7d2a88d ("UBI: Add fastmap core")
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mtd/ubi/wl.c |   21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -644,7 +644,7 @@ static int wear_leveling_worker(struct u
 				int shutdown)
 {
 	int err, scrubbing = 0, torture = 0, protect = 0, erroneous = 0;
-	int vol_id = -1, lnum = -1;
+	int erase = 0, keep = 0, vol_id = -1, lnum = -1;
 #ifdef CONFIG_MTD_UBI_FASTMAP
 	int anchor = wrk->anchor;
 #endif
@@ -780,6 +780,16 @@ static int wear_leveling_worker(struct u
 			       e1->pnum);
 			scrubbing = 1;
 			goto out_not_moved;
+		} else if (ubi->fast_attach && err == UBI_IO_BAD_HDR_EBADMSG) {
+			/*
+			 * While a full scan would detect interrupted erasures
+			 * at attach time we can face them here when attached from
+			 * Fastmap.
+			 */
+			dbg_wl("PEB %d has ECC errors, maybe from an interrupted erasure",
+			       e1->pnum);
+			erase = 1;
+			goto out_not_moved;
 		}
 
 		ubi_err(ubi, "error %d while reading VID header from PEB %d",
@@ -815,6 +825,7 @@ static int wear_leveling_worker(struct u
 			 * Target PEB had bit-flips or write error - torture it.
 			 */
 			torture = 1;
+			keep = 1;
 			goto out_not_moved;
 		}
 
@@ -901,7 +912,7 @@ out_not_moved:
 		ubi->erroneous_peb_count += 1;
 	} else if (scrubbing)
 		wl_tree_add(e1, &ubi->scrub);
-	else
+	else if (keep)
 		wl_tree_add(e1, &ubi->used);
 	if (dst_leb_clean) {
 		wl_tree_add(e2, &ubi->free);
@@ -921,6 +932,12 @@ out_not_moved:
 		if (err)
 			goto out_ro;
 	}
+
+	if (erase) {
+		err = do_sync_erase(ubi, e1, vol_id, lnum, 1);
+		if (err)
+			goto out_ro;
+	}
 
 	mutex_unlock(&ubi->move_mutex);
 	return 0;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 050/140] zfcp: fix fc_host port_type with NPIV
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (45 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 049/140] ubi: Deal with interrupted erasures in WL Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 051/140] zfcp: fix ELS/GS request&response length for hardware data router Greg Kroah-Hartman
                     ` (87 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit bd77befa5bcff8c51613de271913639edf85fbc2 upstream.

For an NPIV-enabled FCP device, zfcp can erroneously show
"NPort (fabric via point-to-point)" instead of "NPIV VPORT"
for the port_type sysfs attribute of the corresponding
fc_host.
s390-tools that can be affected are dbginfo.sh and ziomon.

zfcp_fsf_exchange_config_evaluate() ignores
fsf_qtcb_bottom_config.connection_features indicating NPIV
and only sets fc_host_port_type to FC_PORTTYPE_NPORT if
fsf_qtcb_bottom_config.fc_topology is FSF_TOPO_FABRIC.

Only the independent zfcp_fsf_exchange_port_evaluate()
evaluates connection_features to overwrite fc_host_port_type
to FC_PORTTYPE_NPIV in case of NPIV.
Code was introduced with upstream kernel 2.6.30
commit 0282985da5923fa6365adcc1a1586ae0c13c1617
("[SCSI] zfcp: Report fc_host_port_type as NPIV").

This works during FCP device recovery (such as set online)
because it performs FSF_QTCB_EXCHANGE_CONFIG_DATA followed by
FSF_QTCB_EXCHANGE_PORT_DATA in sequence.

However, the zfcp-specific scsi host sysfs attributes
"requests", "megabytes", or "seconds_active" trigger only
zfcp_fsf_exchange_config_evaluate() resetting fc_host
port_type to FC_PORTTYPE_NPORT despite NPIV.

The zfcp-specific scsi host sysfs attribute "utilization"
triggers only zfcp_fsf_exchange_port_evaluate() correcting
the fc_host port_type again in case of NPIV.

Evaluate fsf_qtcb_bottom_config.connection_features
in zfcp_fsf_exchange_config_evaluate() where it belongs to.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 0282985da592 ("[SCSI] zfcp: Report fc_host_port_type as NPIV")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_fsf.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -3,7 +3,7 @@
  *
  * Implementation of FSF commands.
  *
- * Copyright IBM Corp. 2002, 2013
+ * Copyright IBM Corp. 2002, 2015
  */
 
 #define KMSG_COMPONENT "zfcp"
@@ -508,7 +508,10 @@ static int zfcp_fsf_exchange_config_eval
 		fc_host_port_type(shost) = FC_PORTTYPE_PTP;
 		break;
 	case FSF_TOPO_FABRIC:
-		fc_host_port_type(shost) = FC_PORTTYPE_NPORT;
+		if (bottom->connection_features & FSF_FEATURE_NPIV_MODE)
+			fc_host_port_type(shost) = FC_PORTTYPE_NPIV;
+		else
+			fc_host_port_type(shost) = FC_PORTTYPE_NPORT;
 		break;
 	case FSF_TOPO_AL:
 		fc_host_port_type(shost) = FC_PORTTYPE_NLPORT;
@@ -613,7 +616,6 @@ static void zfcp_fsf_exchange_port_evalu
 
 	if (adapter->connection_features & FSF_FEATURE_NPIV_MODE) {
 		fc_host_permanent_port_name(shost) = bottom->wwpn;
-		fc_host_port_type(shost) = FC_PORTTYPE_NPIV;
 	} else
 		fc_host_permanent_port_name(shost) = fc_host_port_name(shost);
 	fc_host_maxframe_size(shost) = bottom->maximum_frame_size;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 051/140] zfcp: fix ELS/GS request&response length for hardware data router
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (46 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 050/140] zfcp: fix fc_host port_type with NPIV Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 052/140] zfcp: close window with unblocked rport during rport gone Greg Kroah-Hartman
                     ` (86 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 70369f8e15b220f50a16348c79a61d3f7054813c upstream.

In the hardware data router case, introduced with kernel 3.2
commit 86a9668a8d29 ("[SCSI] zfcp: support for hardware data router")
the ELS/GS request&response length needs to be initialized
as in the chained SBAL case.

Otherwise, the FCP channel rejects ELS requests with
FSF_REQUEST_SIZE_TOO_LARGE.

Such ELS requests can be issued by user space through BSG / HBA API,
or zfcp itself uses ADISC ELS for remote port link test on RSCN.
The latter can cause a short path outage due to
unnecessary remote target port recovery because the always
failing ADISC cannot detect extremely short path interruptions
beyond the local FCP channel.

Below example is decoded with zfcpdbf from s390-tools:

Timestamp      : ...
Area           : SAN
Subarea        : 00
Level          : 1
Exception      : -
CPU id         : ..
Caller         : zfcp_dbf_san_req+0408
Record id      : 1
Tag            : fssels1
Request id     : 0x<reqid>
Destination ID : 0x00<target d_id>
Payload info   : 52000000 00000000 <our wwpn       >           [ADISC]
                 <our wwnn       > 00<s_id> 00000000
                 00000000 00000000 00000000 00000000

Timestamp      : ...
Area           : HBA
Subarea        : 00
Level          : 1
Exception      : -
CPU id         : ..
Caller         : zfcp_dbf_hba_fsf_res+0740
Record id      : 1
Tag            : fs_ferr
Request id     : 0x<reqid>
Request status : 0x00000010
FSF cmnd       : 0x0000000b               [FSF_QTCB_SEND_ELS]
FSF sequence no: 0x...
FSF issued     : ...
FSF stat       : 0x00000061		  [FSF_REQUEST_SIZE_TOO_LARGE]
FSF stat qual  : 00000000 00000000 00000000 00000000
Prot stat      : 0x00000100
Prot stat qual : 00000000 00000000 00000000 00000000

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 86a9668a8d29 ("[SCSI] zfcp: support for hardware data router")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_fsf.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -984,8 +984,12 @@ static int zfcp_fsf_setup_ct_els_sbals(s
 	if (zfcp_adapter_multi_buffer_active(adapter)) {
 		if (zfcp_qdio_sbals_from_sg(qdio, &req->qdio_req, sg_req))
 			return -EIO;
+		qtcb->bottom.support.req_buf_length =
+			zfcp_qdio_real_bytes(sg_req);
 		if (zfcp_qdio_sbals_from_sg(qdio, &req->qdio_req, sg_resp))
 			return -EIO;
+		qtcb->bottom.support.resp_buf_length =
+			zfcp_qdio_real_bytes(sg_resp);
 
 		zfcp_qdio_set_data_div(qdio, &req->qdio_req,
 					zfcp_qdio_sbale_count(sg_req));

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 052/140] zfcp: close window with unblocked rport during rport gone
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (47 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 051/140] zfcp: fix ELS/GS request&response length for hardware data router Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 053/140] zfcp: retain trace level for SCSI and HBA FSF response records Greg Kroah-Hartman
                     ` (85 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 4eeaa4f3f1d6c47b69f70e222297a4df4743363e upstream.

On a successful end of reopen port forced,
zfcp_erp_strategy_followup_success() re-uses the port erp_action
and the subsequent zfcp_erp_action_cleanup() now
sees ZFCP_ERP_SUCCEEDED with
erp_action->action==ZFCP_ERP_ACTION_REOPEN_PORT
instead of ZFCP_ERP_ACTION_REOPEN_PORT_FORCED
but must not perform zfcp_scsi_schedule_rport_register().

We can detect this because the fresh port reopen erp_action
is in its very first step ZFCP_ERP_STEP_UNINITIALIZED.

Otherwise this opens a time window with unblocked rport
(until the followup port reopen recovery would block it again).
If a scsi_cmnd timeout occurs during this time window
fc_timed_out() cannot work as desired and such command
would indeed time out and trigger scsi_eh. This prevents
a clean and timely path failover.
This should not happen if the path issue can be recovered
on FC transport layer such as path issues involving RSCNs.

Also, unnecessary and repeated DID_IMM_RETRY for pending and
undesired new requests occur because internally zfcp still
has its zfcp_port blocked.

As follow-on errors with scsi_eh, it can cause,
in the worst case, permanently lost paths due to one of:
sd <scsidev>: [<scsidisk>] Medium access timeout failure. Offlining disk!
sd <scsidev>: Device offlined - not ready after error recovery

For fix validation and to aid future debugging with other recoveries
we now also trace (un)blocking of rports.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 5767620c383a ("[SCSI] zfcp: Do not unblock rport from REOPEN_PORT_FORCED")
Fixes: a2fa0aede07c ("[SCSI] zfcp: Block FC transport rports early on errors")
Fixes: 5f852be9e11d ("[SCSI] zfcp: Fix deadlock between zfcp ERP and SCSI")
Fixes: 338151e06608 ("[SCSI] zfcp: make use of fc_remote_port_delete when target port is unavailable")
Fixes: 3859f6a248cb ("[PATCH] zfcp: add rports to enable scsi_add_device to work again")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.h  |    7 ++++++-
 drivers/s390/scsi/zfcp_erp.c  |   12 +++++++++---
 drivers/s390/scsi/zfcp_scsi.c |    8 +++++++-
 3 files changed, 22 insertions(+), 5 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.h
+++ b/drivers/s390/scsi/zfcp_dbf.h
@@ -2,7 +2,7 @@
  * zfcp device driver
  * debug feature declarations
  *
- * Copyright IBM Corp. 2008, 2010
+ * Copyright IBM Corp. 2008, 2015
  */
 
 #ifndef ZFCP_DBF_H
@@ -17,6 +17,11 @@
 
 #define ZFCP_DBF_INVALID_LUN	0xFFFFFFFFFFFFFFFFull
 
+enum zfcp_dbf_pseudo_erp_act_type {
+	ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD = 0xff,
+	ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL = 0xfe,
+};
+
 /**
  * struct zfcp_dbf_rec_trigger - trace record for triggered recovery action
  * @ready: number of ready recovery actions
--- a/drivers/s390/scsi/zfcp_erp.c
+++ b/drivers/s390/scsi/zfcp_erp.c
@@ -3,7 +3,7 @@
  *
  * Error Recovery Procedures (ERP).
  *
- * Copyright IBM Corp. 2002, 2010
+ * Copyright IBM Corp. 2002, 2015
  */
 
 #define KMSG_COMPONENT "zfcp"
@@ -1217,8 +1217,14 @@ static void zfcp_erp_action_cleanup(stru
 		break;
 
 	case ZFCP_ERP_ACTION_REOPEN_PORT:
-		if (result == ZFCP_ERP_SUCCEEDED)
-			zfcp_scsi_schedule_rport_register(port);
+		/* This switch case might also happen after a forced reopen
+		 * was successfully done and thus overwritten with a new
+		 * non-forced reopen at `ersfs_2'. In this case, we must not
+		 * do the clean-up of the non-forced version.
+		 */
+		if (act->step != ZFCP_ERP_STEP_UNINITIALIZED)
+			if (result == ZFCP_ERP_SUCCEEDED)
+				zfcp_scsi_schedule_rport_register(port);
 		/* fall through */
 	case ZFCP_ERP_ACTION_REOPEN_PORT_FORCED:
 		put_device(&port->dev);
--- a/drivers/s390/scsi/zfcp_scsi.c
+++ b/drivers/s390/scsi/zfcp_scsi.c
@@ -3,7 +3,7 @@
  *
  * Interface to Linux SCSI midlayer.
  *
- * Copyright IBM Corp. 2002, 2013
+ * Copyright IBM Corp. 2002, 2015
  */
 
 #define KMSG_COMPONENT "zfcp"
@@ -556,6 +556,9 @@ static void zfcp_scsi_rport_register(str
 	ids.port_id = port->d_id;
 	ids.roles = FC_RPORT_ROLE_FCP_TARGET;
 
+	zfcp_dbf_rec_trig("scpaddy", port->adapter, port, NULL,
+			  ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD,
+			  ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD);
 	rport = fc_remote_port_add(port->adapter->scsi_host, 0, &ids);
 	if (!rport) {
 		dev_err(&port->adapter->ccw_device->dev,
@@ -577,6 +580,9 @@ static void zfcp_scsi_rport_block(struct
 	struct fc_rport *rport = port->rport;
 
 	if (rport) {
+		zfcp_dbf_rec_trig("scpdely", port->adapter, port, NULL,
+				  ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL,
+				  ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL);
 		fc_remote_port_delete(rport);
 		port->rport = NULL;
 	}

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 053/140] zfcp: retain trace level for SCSI and HBA FSF response records
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (48 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 052/140] zfcp: close window with unblocked rport during rport gone Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 054/140] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace Greg Kroah-Hartman
                     ` (84 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 35f040df97fa0e94c7851c054ec71533c88b4b81 upstream.

While retaining the actual filtering according to trace level,
the following commits started to write such filtered records
with a hardcoded record level of 1 instead of the actual record level:
commit 250a1352b95e1db3216e5c5d4f4365bea5122f4a
("[SCSI] zfcp: Redesign of the debug tracing for SCSI records.")
commit a54ca0f62f953898b05549391ac2a8a4dad6482b
("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")

Now we can distinguish written records again for offline level filtering.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 250a1352b95e ("[SCSI] zfcp: Redesign of the debug tracing for SCSI records.")
Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |   11 ++++++-----
 drivers/s390/scsi/zfcp_dbf.h |    4 ++--
 drivers/s390/scsi/zfcp_ext.h |    7 ++++---
 3 files changed, 12 insertions(+), 10 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -3,7 +3,7 @@
  *
  * Debug traces for zfcp.
  *
- * Copyright IBM Corp. 2002, 2013
+ * Copyright IBM Corp. 2002, 2015
  */
 
 #define KMSG_COMPONENT "zfcp"
@@ -65,7 +65,7 @@ void zfcp_dbf_pl_write(struct zfcp_dbf *
  * @tag: tag indicating which kind of unsolicited status has been received
  * @req: request for which a response was received
  */
-void zfcp_dbf_hba_fsf_res(char *tag, struct zfcp_fsf_req *req)
+void zfcp_dbf_hba_fsf_res(char *tag, int level, struct zfcp_fsf_req *req)
 {
 	struct zfcp_dbf *dbf = req->adapter->dbf;
 	struct fsf_qtcb_prefix *q_pref = &req->qtcb->prefix;
@@ -97,7 +97,7 @@ void zfcp_dbf_hba_fsf_res(char *tag, str
 				  rec->pl_len, "fsf_res", req->req_id);
 	}
 
-	debug_event(dbf->hba, 1, rec, sizeof(*rec));
+	debug_event(dbf->hba, level, rec, sizeof(*rec));
 	spin_unlock_irqrestore(&dbf->hba_lock, flags);
 }
 
@@ -399,7 +399,8 @@ void zfcp_dbf_san_in_els(char *tag, stru
  * @sc: pointer to struct scsi_cmnd
  * @fsf: pointer to struct zfcp_fsf_req
  */
-void zfcp_dbf_scsi(char *tag, struct scsi_cmnd *sc, struct zfcp_fsf_req *fsf)
+void zfcp_dbf_scsi(char *tag, int level, struct scsi_cmnd *sc,
+		   struct zfcp_fsf_req *fsf)
 {
 	struct zfcp_adapter *adapter =
 		(struct zfcp_adapter *) sc->device->host->hostdata[0];
@@ -442,7 +443,7 @@ void zfcp_dbf_scsi(char *tag, struct scs
 		}
 	}
 
-	debug_event(dbf->scsi, 1, rec, sizeof(*rec));
+	debug_event(dbf->scsi, level, rec, sizeof(*rec));
 	spin_unlock_irqrestore(&dbf->scsi_lock, flags);
 }
 
--- a/drivers/s390/scsi/zfcp_dbf.h
+++ b/drivers/s390/scsi/zfcp_dbf.h
@@ -284,7 +284,7 @@ static inline
 void zfcp_dbf_hba_fsf_resp(char *tag, int level, struct zfcp_fsf_req *req)
 {
 	if (debug_level_enabled(req->adapter->dbf->hba, level))
-		zfcp_dbf_hba_fsf_res(tag, req);
+		zfcp_dbf_hba_fsf_res(tag, level, req);
 }
 
 /**
@@ -323,7 +323,7 @@ void _zfcp_dbf_scsi(char *tag, int level
 					scmd->device->host->hostdata[0];
 
 	if (debug_level_enabled(adapter->dbf->scsi, level))
-		zfcp_dbf_scsi(tag, scmd, req);
+		zfcp_dbf_scsi(tag, level, scmd, req);
 }
 
 /**
--- a/drivers/s390/scsi/zfcp_ext.h
+++ b/drivers/s390/scsi/zfcp_ext.h
@@ -3,7 +3,7 @@
  *
  * External function declarations.
  *
- * Copyright IBM Corp. 2002, 2010
+ * Copyright IBM Corp. 2002, 2015
  */
 
 #ifndef ZFCP_EXT_H
@@ -36,7 +36,7 @@ extern void zfcp_dbf_rec_trig(char *, st
 			      struct zfcp_port *, struct scsi_device *, u8, u8);
 extern void zfcp_dbf_rec_run(char *, struct zfcp_erp_action *);
 extern void zfcp_dbf_hba_fsf_uss(char *, struct zfcp_fsf_req *);
-extern void zfcp_dbf_hba_fsf_res(char *, struct zfcp_fsf_req *);
+extern void zfcp_dbf_hba_fsf_res(char *, int, struct zfcp_fsf_req *);
 extern void zfcp_dbf_hba_bit_err(char *, struct zfcp_fsf_req *);
 extern void zfcp_dbf_hba_berr(struct zfcp_dbf *, struct zfcp_fsf_req *);
 extern void zfcp_dbf_hba_def_err(struct zfcp_adapter *, u64, u16, void **);
@@ -44,7 +44,8 @@ extern void zfcp_dbf_hba_basic(char *, s
 extern void zfcp_dbf_san_req(char *, struct zfcp_fsf_req *, u32);
 extern void zfcp_dbf_san_res(char *, struct zfcp_fsf_req *);
 extern void zfcp_dbf_san_in_els(char *, struct zfcp_fsf_req *);
-extern void zfcp_dbf_scsi(char *, struct scsi_cmnd *, struct zfcp_fsf_req *);
+extern void zfcp_dbf_scsi(char *, int, struct scsi_cmnd *,
+			  struct zfcp_fsf_req *);
 
 /* zfcp_erp.c */
 extern void zfcp_erp_set_adapter_status(struct zfcp_adapter *, u32);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 054/140] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (49 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 053/140] zfcp: retain trace level for SCSI and HBA FSF response records Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 055/140] zfcp: trace on request for open and close of WKA port Greg Kroah-Hartman
                     ` (83 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 0102a30a6ff60f4bb4c07358ca3b1f92254a6c25 upstream.

bring back
commit d21e9daa63e009ce5b87bbcaa6d11ce48e07bbbe
("[SCSI] zfcp: Dont use 0 to indicate invalid LUN in rec trace")
which was lost with
commit ae0904f60fab7cb20c48d32eefdd735e478b91fb
("[SCSI] zfcp: Redesign of the debug tracing for recovery actions.")

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: ae0904f60fab ("[SCSI] zfcp: Redesign of the debug tracing for recovery actions.")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -241,7 +241,8 @@ static void zfcp_dbf_set_common(struct z
 	if (sdev) {
 		rec->lun_status = atomic_read(&sdev_to_zfcp(sdev)->status);
 		rec->lun = zfcp_scsi_dev_lun(sdev);
-	}
+	} else
+		rec->lun = ZFCP_DBF_INVALID_LUN;
 }
 
 /**

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 055/140] zfcp: trace on request for open and close of WKA port
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (50 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 054/140] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 056/140] zfcp: restore tracing of handle for port and LUN with HBA records Greg Kroah-Hartman
                     ` (82 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit d27a7cb91960cf1fdd11b10071e601828cbf4b1f upstream.

Since commit a54ca0f62f953898b05549391ac2a8a4dad6482b
("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
HBA records no longer contain WWPN, D_ID, or LUN
to reduce duplicate information which is already in REC records.
In contrast to "regular" target ports, we don't use recovery to open
WKA ports such as directory/nameserver, so we don't get REC records.
Therefore, introduce pseudo REC running records without any
actual recovery action but including D_ID of WKA port on open/close.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |   32 ++++++++++++++++++++++++++++++++
 drivers/s390/scsi/zfcp_ext.h |    1 +
 drivers/s390/scsi/zfcp_fsf.c |    8 ++++++--
 3 files changed, 39 insertions(+), 2 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -321,6 +321,38 @@ void zfcp_dbf_rec_run(char *tag, struct
 	spin_unlock_irqrestore(&dbf->rec_lock, flags);
 }
 
+/**
+ * zfcp_dbf_rec_run_wka - trace wka port event with info like running recovery
+ * @tag: identifier for event
+ * @wka_port: well known address port
+ * @req_id: request ID to correlate with potential HBA trace record
+ */
+void zfcp_dbf_rec_run_wka(char *tag, struct zfcp_fc_wka_port *wka_port,
+			  u64 req_id)
+{
+	struct zfcp_dbf *dbf = wka_port->adapter->dbf;
+	struct zfcp_dbf_rec *rec = &dbf->rec_buf;
+	unsigned long flags;
+
+	spin_lock_irqsave(&dbf->rec_lock, flags);
+	memset(rec, 0, sizeof(*rec));
+
+	rec->id = ZFCP_DBF_REC_RUN;
+	memcpy(rec->tag, tag, ZFCP_DBF_TAG_LEN);
+	rec->port_status = wka_port->status;
+	rec->d_id = wka_port->d_id;
+	rec->lun = ZFCP_DBF_INVALID_LUN;
+
+	rec->u.run.fsf_req_id = req_id;
+	rec->u.run.rec_status = ~0;
+	rec->u.run.rec_step = ~0;
+	rec->u.run.rec_action = ~0;
+	rec->u.run.rec_count = ~0;
+
+	debug_event(dbf->rec, 1, rec, sizeof(*rec));
+	spin_unlock_irqrestore(&dbf->rec_lock, flags);
+}
+
 static inline
 void zfcp_dbf_san(char *tag, struct zfcp_dbf *dbf, void *data, u8 id, u16 len,
 		  u64 req_id, u32 d_id)
--- a/drivers/s390/scsi/zfcp_ext.h
+++ b/drivers/s390/scsi/zfcp_ext.h
@@ -35,6 +35,7 @@ extern void zfcp_dbf_adapter_unregister(
 extern void zfcp_dbf_rec_trig(char *, struct zfcp_adapter *,
 			      struct zfcp_port *, struct scsi_device *, u8, u8);
 extern void zfcp_dbf_rec_run(char *, struct zfcp_erp_action *);
+extern void zfcp_dbf_rec_run_wka(char *, struct zfcp_fc_wka_port *, u64);
 extern void zfcp_dbf_hba_fsf_uss(char *, struct zfcp_fsf_req *);
 extern void zfcp_dbf_hba_fsf_res(char *, int, struct zfcp_fsf_req *);
 extern void zfcp_dbf_hba_bit_err(char *, struct zfcp_fsf_req *);
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -1581,7 +1581,7 @@ out:
 int zfcp_fsf_open_wka_port(struct zfcp_fc_wka_port *wka_port)
 {
 	struct zfcp_qdio *qdio = wka_port->adapter->qdio;
-	struct zfcp_fsf_req *req;
+	struct zfcp_fsf_req *req = NULL;
 	int retval = -EIO;
 
 	spin_lock_irq(&qdio->req_q_lock);
@@ -1610,6 +1610,8 @@ int zfcp_fsf_open_wka_port(struct zfcp_f
 		zfcp_fsf_req_free(req);
 out:
 	spin_unlock_irq(&qdio->req_q_lock);
+	if (req && !IS_ERR(req))
+		zfcp_dbf_rec_run_wka("fsowp_1", wka_port, req->req_id);
 	return retval;
 }
 
@@ -1634,7 +1636,7 @@ static void zfcp_fsf_close_wka_port_hand
 int zfcp_fsf_close_wka_port(struct zfcp_fc_wka_port *wka_port)
 {
 	struct zfcp_qdio *qdio = wka_port->adapter->qdio;
-	struct zfcp_fsf_req *req;
+	struct zfcp_fsf_req *req = NULL;
 	int retval = -EIO;
 
 	spin_lock_irq(&qdio->req_q_lock);
@@ -1663,6 +1665,8 @@ int zfcp_fsf_close_wka_port(struct zfcp_
 		zfcp_fsf_req_free(req);
 out:
 	spin_unlock_irq(&qdio->req_q_lock);
+	if (req && !IS_ERR(req))
+		zfcp_dbf_rec_run_wka("fscwp_1", wka_port, req->req_id);
 	return retval;
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 056/140] zfcp: restore tracing of handle for port and LUN with HBA records
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (51 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 055/140] zfcp: trace on request for open and close of WKA port Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 057/140] zfcp: fix D_ID field with actual value on tracing SAN responses Greg Kroah-Hartman
                     ` (81 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 7c964ffe586bc0c3d9febe9bf97a2e4b2866e5b7 upstream.

This information was lost with
commit a54ca0f62f953898b05549391ac2a8a4dad6482b
("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
but is required to debug e.g. invalid handle situations.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |    2 ++
 drivers/s390/scsi/zfcp_dbf.h |    2 ++
 2 files changed, 4 insertions(+)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -85,6 +85,8 @@ void zfcp_dbf_hba_fsf_res(char *tag, int
 	rec->u.res.req_issued = req->issued;
 	rec->u.res.prot_status = q_pref->prot_status;
 	rec->u.res.fsf_status = q_head->fsf_status;
+	rec->u.res.port_handle = q_head->port_handle;
+	rec->u.res.lun_handle = q_head->lun_handle;
 
 	memcpy(rec->u.res.prot_status_qual, &q_pref->prot_status_qual,
 	       FSF_PROT_STATUS_QUAL_SIZE);
--- a/drivers/s390/scsi/zfcp_dbf.h
+++ b/drivers/s390/scsi/zfcp_dbf.h
@@ -131,6 +131,8 @@ struct zfcp_dbf_hba_res {
 	u8  prot_status_qual[FSF_PROT_STATUS_QUAL_SIZE];
 	u32 fsf_status;
 	u8  fsf_status_qual[FSF_STATUS_QUALIFIER_SIZE];
+	u32 port_handle;
+	u32 lun_handle;
 } __packed;
 
 /**

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 057/140] zfcp: fix D_ID field with actual value on tracing SAN responses
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (52 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 056/140] zfcp: restore tracing of handle for port and LUN with HBA records Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 058/140] zfcp: fix payload trace length for SAN request&response Greg Kroah-Hartman
                     ` (80 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Benjamin Block,
	Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 771bf03537ddfa4a4dde62ef9dfbc82e4f77ab20 upstream.

With commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
we lost the N_Port-ID where an ELS response comes from.
With commit 7c7dc196814b9e1d5cc254dc579a5fa78ae524f7
("[SCSI] zfcp: Simplify handling of ct and els requests")
we lost the N_Port-ID where a CT response comes from.
It's especially useful if the request SAN trace record
with D_ID was already lost due to trace buffer wrap.

GS uses an open WKA port handle and ELS just a D_ID, and
only for ELS we could get D_ID from QTCB bottom via zfcp_fsf_req.
To cover both cases, add a new field to zfcp_fsf_ct_els
and fill it in on request to use in SAN response trace.
Strictly speaking the D_ID on SAN response is the FC frame's S_ID.
We don't need a field for the other end which is always us.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Fixes: 7c7dc196814b ("[SCSI] zfcp: Simplify handling of ct and els requests")
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |    2 +-
 drivers/s390/scsi/zfcp_fsf.c |    2 ++
 drivers/s390/scsi/zfcp_fsf.h |    4 +++-
 3 files changed, 6 insertions(+), 2 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -407,7 +407,7 @@ void zfcp_dbf_san_res(char *tag, struct
 
 	length = (u16)(ct_els->resp->length + FC_CT_HDR_LEN);
 	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->resp), ZFCP_DBF_SAN_RES, length,
-		     fsf->req_id, 0);
+		     fsf->req_id, ct_els->d_id);
 }
 
 /**
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -1079,6 +1079,7 @@ int zfcp_fsf_send_ct(struct zfcp_fc_wka_
 
 	req->handler = zfcp_fsf_send_ct_handler;
 	req->qtcb->header.port_handle = wka_port->handle;
+	ct->d_id = wka_port->d_id;
 	req->data = ct;
 
 	zfcp_dbf_san_req("fssct_1", req, wka_port->d_id);
@@ -1175,6 +1176,7 @@ int zfcp_fsf_send_els(struct zfcp_adapte
 
 	hton24(req->qtcb->bottom.support.d_id, d_id);
 	req->handler = zfcp_fsf_send_els_handler;
+	els->d_id = d_id;
 	req->data = els;
 
 	zfcp_dbf_san_req("fssels1", req, d_id);
--- a/drivers/s390/scsi/zfcp_fsf.h
+++ b/drivers/s390/scsi/zfcp_fsf.h
@@ -3,7 +3,7 @@
  *
  * Interface to the FSF support functions.
  *
- * Copyright IBM Corp. 2002, 2010
+ * Copyright IBM Corp. 2002, 2015
  */
 
 #ifndef FSF_H
@@ -436,6 +436,7 @@ struct zfcp_blk_drv_data {
  * @handler_data: data passed to handler function
  * @port: Optional pointer to port for zfcp internal ELS (only test link ADISC)
  * @status: used to pass error status to calling function
+ * @d_id: Destination ID of either open WKA port for CT or of D_ID for ELS
  */
 struct zfcp_fsf_ct_els {
 	struct scatterlist *req;
@@ -444,6 +445,7 @@ struct zfcp_fsf_ct_els {
 	void *handler_data;
 	struct zfcp_port *port;
 	int status;
+	u32 d_id;
 };
 
 #endif				/* FSF_H */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 058/140] zfcp: fix payload trace length for SAN request&response
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (53 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 057/140] zfcp: fix D_ID field with actual value on tracing SAN responses Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:21   ` [PATCH 4.8 059/140] zfcp: trace full payload of all SAN records (req,resp,iels) Greg Kroah-Hartman
                     ` (79 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Alexey Ishchuk,
	Benjamin Block, Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 94db3725f049ead24c96226df4a4fb375b880a77 upstream.

commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
started to add FC_CT_HDR_LEN which made zfcp dump random data
out of bounds for RSPN GS responses because u.rspn.rsp
is the largest and last field in the union of struct zfcp_fc_req.
Other request/response types only happened to stay within bounds
due to the padding of the union or
due to the trace capping of u.gspn.rsp to ZFCP_DBF_SAN_MAX_PAYLOAD.

Timestamp      : ...
Area           : SAN
Subarea        : 00
Level          : 1
Exception      : -
CPU id         : ..
Caller         : ...
Record id      : 2
Tag            : fsscth2
Request id     : 0x...
Destination ID : 0x00fffffc
Payload short  : 01000000 fc020000 80020000 00000000
                 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx <===
                 00000000 00000000 00000000 00000000
Payload length : 32                                  <===

struct zfcp_fc_req {
    [0] struct zfcp_fsf_ct_els ct_els;
   [56] struct scatterlist sg_req;
   [96] struct scatterlist sg_rsp;
        union {
            struct {req; rsp;} adisc;    SIZE: 28+28=   56
            struct {req; rsp;} gid_pn;   SIZE: 24+20=   44
            struct {rspsg; req;} gpn_ft; SIZE: 40*4+20=180
            struct {req; rsp;} gspn;     SIZE: 20+273= 293
            struct {req; rsp;} rspn;     SIZE: 277+16= 293
  [136] } u;
}
SIZE: 432

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Reviewed-by: Alexey Ishchuk <aishchuk@linux.vnet.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -389,7 +389,7 @@ void zfcp_dbf_san_req(char *tag, struct
 	struct zfcp_fsf_ct_els *ct_els = fsf->data;
 	u16 length;
 
-	length = (u16)(ct_els->req->length + FC_CT_HDR_LEN);
+	length = (u16)(ct_els->req->length);
 	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->req), ZFCP_DBF_SAN_REQ, length,
 		     fsf->req_id, d_id);
 }
@@ -405,7 +405,7 @@ void zfcp_dbf_san_res(char *tag, struct
 	struct zfcp_fsf_ct_els *ct_els = fsf->data;
 	u16 length;
 
-	length = (u16)(ct_els->resp->length + FC_CT_HDR_LEN);
+	length = (u16)(ct_els->resp->length);
 	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->resp), ZFCP_DBF_SAN_RES, length,
 		     fsf->req_id, ct_els->d_id);
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 059/140] zfcp: trace full payload of all SAN records (req,resp,iels)
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (54 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 058/140] zfcp: fix payload trace length for SAN request&response Greg Kroah-Hartman
@ 2016-10-26 12:21   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 060/140] scsi: zfcp: spin_lock_irqsave() is not nestable Greg Kroah-Hartman
                     ` (78 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Alexey Ishchuk,
	Benjamin Block, Hannes Reinecke, Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit aceeffbb59bb91404a0bda32a542d7ebf878433a upstream.

This was lost with commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
but is necessary for problem determination, e.g. to see the
currently active zone set during automatic port scan.

For the large GPN_FT response (4 pages), save space by not dumping
any empty residual entries.

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Reviewed-by: Alexey Ishchuk <aishchuk@linux.vnet.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |  116 ++++++++++++++++++++++++++++++++++++++-----
 drivers/s390/scsi/zfcp_dbf.h |    1 
 2 files changed, 104 insertions(+), 13 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -3,7 +3,7 @@
  *
  * Debug traces for zfcp.
  *
- * Copyright IBM Corp. 2002, 2015
+ * Copyright IBM Corp. 2002, 2016
  */
 
 #define KMSG_COMPONENT "zfcp"
@@ -356,12 +356,15 @@ void zfcp_dbf_rec_run_wka(char *tag, str
 }
 
 static inline
-void zfcp_dbf_san(char *tag, struct zfcp_dbf *dbf, void *data, u8 id, u16 len,
-		  u64 req_id, u32 d_id)
+void zfcp_dbf_san(char *tag, struct zfcp_dbf *dbf,
+		  char *paytag, struct scatterlist *sg, u8 id, u16 len,
+		  u64 req_id, u32 d_id, u16 cap_len)
 {
 	struct zfcp_dbf_san *rec = &dbf->san_buf;
 	u16 rec_len;
 	unsigned long flags;
+	struct zfcp_dbf_pay *payload = &dbf->pay_buf;
+	u16 pay_sum = 0;
 
 	spin_lock_irqsave(&dbf->san_lock, flags);
 	memset(rec, 0, sizeof(*rec));
@@ -369,10 +372,41 @@ void zfcp_dbf_san(char *tag, struct zfcp
 	rec->id = id;
 	rec->fsf_req_id = req_id;
 	rec->d_id = d_id;
-	rec_len = min(len, (u16)ZFCP_DBF_SAN_MAX_PAYLOAD);
-	memcpy(rec->payload, data, rec_len);
 	memcpy(rec->tag, tag, ZFCP_DBF_TAG_LEN);
+	rec->pl_len = len; /* full length even if we cap pay below */
+	if (!sg)
+		goto out;
+	rec_len = min_t(unsigned int, sg->length, ZFCP_DBF_SAN_MAX_PAYLOAD);
+	memcpy(rec->payload, sg_virt(sg), rec_len); /* part of 1st sg entry */
+	if (len <= rec_len)
+		goto out; /* skip pay record if full content in rec->payload */
+
+	/* if (len > rec_len):
+	 * dump data up to cap_len ignoring small duplicate in rec->payload
+	 */
+	spin_lock_irqsave(&dbf->pay_lock, flags);
+	memset(payload, 0, sizeof(*payload));
+	memcpy(payload->area, paytag, ZFCP_DBF_TAG_LEN);
+	payload->fsf_req_id = req_id;
+	payload->counter = 0;
+	for (; sg && pay_sum < cap_len; sg = sg_next(sg)) {
+		u16 pay_len, offset = 0;
+
+		while (offset < sg->length && pay_sum < cap_len) {
+			pay_len = min((u16)ZFCP_DBF_PAY_MAX_REC,
+				      (u16)(sg->length - offset));
+			/* cap_len <= pay_sum < cap_len+ZFCP_DBF_PAY_MAX_REC */
+			memcpy(payload->data, sg_virt(sg) + offset, pay_len);
+			debug_event(dbf->pay, 1, payload,
+				    zfcp_dbf_plen(pay_len));
+			payload->counter++;
+			offset += pay_len;
+			pay_sum += pay_len;
+		}
+	}
+	spin_unlock(&dbf->pay_lock);
 
+out:
 	debug_event(dbf->san, 1, rec, sizeof(*rec));
 	spin_unlock_irqrestore(&dbf->san_lock, flags);
 }
@@ -389,9 +423,62 @@ void zfcp_dbf_san_req(char *tag, struct
 	struct zfcp_fsf_ct_els *ct_els = fsf->data;
 	u16 length;
 
-	length = (u16)(ct_els->req->length);
-	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->req), ZFCP_DBF_SAN_REQ, length,
-		     fsf->req_id, d_id);
+	length = (u16)zfcp_qdio_real_bytes(ct_els->req);
+	zfcp_dbf_san(tag, dbf, "san_req", ct_els->req, ZFCP_DBF_SAN_REQ,
+		     length, fsf->req_id, d_id, length);
+}
+
+static u16 zfcp_dbf_san_res_cap_len_if_gpn_ft(char *tag,
+					      struct zfcp_fsf_req *fsf,
+					      u16 len)
+{
+	struct zfcp_fsf_ct_els *ct_els = fsf->data;
+	struct fc_ct_hdr *reqh = sg_virt(ct_els->req);
+	struct fc_ns_gid_ft *reqn = (struct fc_ns_gid_ft *)(reqh + 1);
+	struct scatterlist *resp_entry = ct_els->resp;
+	struct fc_gpn_ft_resp *acc;
+	int max_entries, x, last = 0;
+
+	if (!(memcmp(tag, "fsscth2", 7) == 0
+	      && ct_els->d_id == FC_FID_DIR_SERV
+	      && reqh->ct_rev == FC_CT_REV
+	      && reqh->ct_in_id[0] == 0
+	      && reqh->ct_in_id[1] == 0
+	      && reqh->ct_in_id[2] == 0
+	      && reqh->ct_fs_type == FC_FST_DIR
+	      && reqh->ct_fs_subtype == FC_NS_SUBTYPE
+	      && reqh->ct_options == 0
+	      && reqh->_ct_resvd1 == 0
+	      && reqh->ct_cmd == FC_NS_GPN_FT
+	      /* reqh->ct_mr_size can vary so do not match but read below */
+	      && reqh->_ct_resvd2 == 0
+	      && reqh->ct_reason == 0
+	      && reqh->ct_explan == 0
+	      && reqh->ct_vendor == 0
+	      && reqn->fn_resvd == 0
+	      && reqn->fn_domain_id_scope == 0
+	      && reqn->fn_area_id_scope == 0
+	      && reqn->fn_fc4_type == FC_TYPE_FCP))
+		return len; /* not GPN_FT response so do not cap */
+
+	acc = sg_virt(resp_entry);
+	max_entries = (reqh->ct_mr_size * 4 / sizeof(struct fc_gpn_ft_resp))
+		+ 1 /* zfcp_fc_scan_ports: bytes correct, entries off-by-one
+		     * to account for header as 1st pseudo "entry" */;
+
+	/* the basic CT_IU preamble is the same size as one entry in the GPN_FT
+	 * response, allowing us to skip special handling for it - just skip it
+	 */
+	for (x = 1; x < max_entries && !last; x++) {
+		if (x % (ZFCP_FC_GPN_FT_ENT_PAGE + 1))
+			acc++;
+		else
+			acc = sg_virt(++resp_entry);
+
+		last = acc->fp_flags & FC_NS_FID_LAST;
+	}
+	len = min(len, (u16)(x * sizeof(struct fc_gpn_ft_resp)));
+	return len; /* cap after last entry */
 }
 
 /**
@@ -405,9 +492,10 @@ void zfcp_dbf_san_res(char *tag, struct
 	struct zfcp_fsf_ct_els *ct_els = fsf->data;
 	u16 length;
 
-	length = (u16)(ct_els->resp->length);
-	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->resp), ZFCP_DBF_SAN_RES, length,
-		     fsf->req_id, ct_els->d_id);
+	length = (u16)zfcp_qdio_real_bytes(ct_els->resp);
+	zfcp_dbf_san(tag, dbf, "san_res", ct_els->resp, ZFCP_DBF_SAN_RES,
+		     length, fsf->req_id, ct_els->d_id,
+		     zfcp_dbf_san_res_cap_len_if_gpn_ft(tag, fsf, length));
 }
 
 /**
@@ -421,11 +509,13 @@ void zfcp_dbf_san_in_els(char *tag, stru
 	struct fsf_status_read_buffer *srb =
 		(struct fsf_status_read_buffer *) fsf->data;
 	u16 length;
+	struct scatterlist sg;
 
 	length = (u16)(srb->length -
 			offsetof(struct fsf_status_read_buffer, payload));
-	zfcp_dbf_san(tag, dbf, srb->payload.data, ZFCP_DBF_SAN_ELS, length,
-		     fsf->req_id, ntoh24(srb->d_id));
+	sg_init_one(&sg, srb->payload.data, length);
+	zfcp_dbf_san(tag, dbf, "san_els", &sg, ZFCP_DBF_SAN_ELS, length,
+		     fsf->req_id, ntoh24(srb->d_id), length);
 }
 
 /**
--- a/drivers/s390/scsi/zfcp_dbf.h
+++ b/drivers/s390/scsi/zfcp_dbf.h
@@ -115,6 +115,7 @@ struct zfcp_dbf_san {
 	u32 d_id;
 #define ZFCP_DBF_SAN_MAX_PAYLOAD (FC_CT_HDR_LEN + 32)
 	char payload[ZFCP_DBF_SAN_MAX_PAYLOAD];
+	u16 pl_len;
 } __packed;
 
 /**

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 060/140] scsi: zfcp: spin_lock_irqsave() is not nestable
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (55 preceding siblings ...)
  2016-10-26 12:21   ` [PATCH 4.8 059/140] zfcp: trace full payload of all SAN records (req,resp,iels) Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 061/140] fbdev/efifb: Fix 16 color palette entry calculation Greg Kroah-Hartman
                     ` (77 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Steffen Maier,
	Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

commit e7cb08e894a0b876443ef8fdb0706575dc00a5d2 upstream.

We accidentally overwrite the original saved value of "flags" so that we
can't re-enable IRQs at the end of the function.  Presumably this
function is mostly called with IRQs disabled or it would be obvious in
testing.

Fixes: aceeffbb59bb ("zfcp: trace full payload of all SAN records (req,resp,iels)")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -384,7 +384,7 @@ void zfcp_dbf_san(char *tag, struct zfcp
 	/* if (len > rec_len):
 	 * dump data up to cap_len ignoring small duplicate in rec->payload
 	 */
-	spin_lock_irqsave(&dbf->pay_lock, flags);
+	spin_lock(&dbf->pay_lock);
 	memset(payload, 0, sizeof(*payload));
 	memcpy(payload->area, paytag, ZFCP_DBF_TAG_LEN);
 	payload->fsf_req_id = req_id;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 061/140] fbdev/efifb: Fix 16 color palette entry calculation
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (56 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 060/140] scsi: zfcp: spin_lock_irqsave() is not nestable Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 062/140] ovl: Fix info leak in ovl_lookup_temp() Greg Kroah-Hartman
                     ` (76 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Max Staudt, Peter Jones, Tomi Valkeinen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Max Staudt <mstaudt@suse.de>

commit d50b3f43db739f03fcf8c0a00664b3d2fed0496e upstream.

When using efifb with a 16-bit (5:6:5) visual, fbcon's text is rendered
in the wrong colors - e.g. text gray (#aaaaaa) is rendered as green
(#50bc50) and neighboring pixels have slightly different values
(such as #50bc78).

The reason is that fbcon loads its 16 color palette through
efifb_setcolreg(), which in turn calculates a 32-bit value to write
into memory for each palette index.
Until now, this code could only handle 8-bit visuals and didn't mask
overlapping values when ORing them.

With this patch, fbcon displays the correct colors when a qemu VM is
booted in 16-bit mode (in GRUB: "set gfxpayload=800x600x16").

Fixes: 7c83172b98e5 ("x86_64 EFI boot support: EFI frame buffer driver")  # v2.6.24+
Signed-off-by: Max Staudt <mstaudt@suse.de>
Acked-By: Peter Jones <pjones@redhat.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/video/fbdev/efifb.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/video/fbdev/efifb.c
+++ b/drivers/video/fbdev/efifb.c
@@ -50,9 +50,9 @@ static int efifb_setcolreg(unsigned regn
 		return 1;
 
 	if (regno < 16) {
-		red   >>= 8;
-		green >>= 8;
-		blue  >>= 8;
+		red   >>= 16 - info->var.red.length;
+		green >>= 16 - info->var.green.length;
+		blue  >>= 16 - info->var.blue.length;
 		((u32 *)(info->pseudo_palette))[regno] =
 			(red   << info->var.red.offset)   |
 			(green << info->var.green.offset) |

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 062/140] ovl: Fix info leak in ovl_lookup_temp()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (57 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 061/140] fbdev/efifb: Fix 16 color palette entry calculation Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 063/140] ovl: copy_up_xattr(): use strnlen Greg Kroah-Hartman
                     ` (75 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Richard Weinberger, Kees Cook,
	Miklos Szeredi

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Richard Weinberger <richard@nod.at>

commit 6a45b3628ce4dcf7498b39c87d475bab6e2a9b24 upstream.

The function uses the memory address of a struct dentry as unique id.
While the address-based directory entry is only visible to root it is IMHO
still worth fixing since the temporary name does not have to be a kernel
address.  It can be any unique number.  Replace it by an atomic integer
which is allowed to wrap around.

Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: e9be9d5e76e3 ("overlay filesystem")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/overlayfs/dir.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -14,6 +14,7 @@
 #include <linux/cred.h>
 #include <linux/posix_acl.h>
 #include <linux/posix_acl_xattr.h>
+#include <linux/atomic.h>
 #include "overlayfs.h"
 
 void ovl_cleanup(struct inode *wdir, struct dentry *wdentry)
@@ -37,8 +38,10 @@ struct dentry *ovl_lookup_temp(struct de
 {
 	struct dentry *temp;
 	char name[20];
+	static atomic_t temp_id = ATOMIC_INIT(0);
 
-	snprintf(name, sizeof(name), "#%lx", (unsigned long) dentry);
+	/* counter is allowed to wrap, since temp dentries are ephemeral */
+	snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id));
 
 	temp = lookup_one_len(name, workdir, strlen(name));
 	if (!IS_ERR(temp) && temp->d_inode) {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 063/140] ovl: copy_up_xattr(): use strnlen
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (58 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 062/140] ovl: Fix info leak in ovl_lookup_temp() Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 064/140] [media] mb86a20s: fix the locking logic Greg Kroah-Hartman
                     ` (74 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miklos Szeredi

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Miklos Szeredi <mszeredi@redhat.com>

commit 8b326c61de08f5ca4bc454a168f19e7e43c4cc2a upstream.

Be defensive about what underlying fs provides us in the returned xattr
list buffer.  strlen() may overrun the buffer, so use strnlen() and WARN if
the contents are not properly null terminated.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/overlayfs/copy_up.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -57,6 +57,7 @@ int ovl_copy_xattr(struct dentry *old, s
 	ssize_t list_size, size, value_size = 0;
 	char *buf, *name, *value = NULL;
 	int uninitialized_var(error);
+	size_t slen;
 
 	if (!old->d_inode->i_op->getxattr ||
 	    !new->d_inode->i_op->getxattr)
@@ -79,7 +80,16 @@ int ovl_copy_xattr(struct dentry *old, s
 		goto out;
 	}
 
-	for (name = buf; name < (buf + list_size); name += strlen(name) + 1) {
+	for (name = buf; list_size; name += slen) {
+		slen = strnlen(name, list_size) + 1;
+
+		/* underlying fs providing us with an broken xattr list? */
+		if (WARN_ON(slen > list_size)) {
+			error = -EIO;
+			break;
+		}
+		list_size -= slen;
+
 		if (ovl_is_private_xattr(name))
 			continue;
 retry:

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 064/140] [media] mb86a20s: fix the locking logic
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (59 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 063/140] ovl: copy_up_xattr(): use strnlen Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 065/140] [media] mb86a20s: fix demod settings Greg Kroah-Hartman
                     ` (73 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

commit dafb65fb98d85d8e78405e82c83e81975e5d5480 upstream.

On this frontend, it takes a while to start output normal
TS data. That only happens on state S9. On S8, the TS output
is enabled, but it is not reliable enough.

However, the zigzag loop is too fast to let it sync.

As, on practical tests, the zigzag software loop doesn't
seem to be helping, but just slowing down the tuning, let's
switch to hardware algorithm, as the tuners used on such
devices are capable of work with frequency drifts without
any help from software.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/dvb-frontends/mb86a20s.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- a/drivers/media/dvb-frontends/mb86a20s.c
+++ b/drivers/media/dvb-frontends/mb86a20s.c
@@ -318,7 +318,11 @@ static int mb86a20s_read_status(struct d
 	if (val >= 7)
 		*status |= FE_HAS_SYNC;
 
-	if (val >= 8)				/* Maybe 9? */
+	/*
+	 * Actually, on state S8, it starts receiving TS, but the TS
+	 * output is only on normal state after the transition to S9.
+	 */
+	if (val >= 9)
 		*status |= FE_HAS_LOCK;
 
 	dev_dbg(&state->i2c->dev, "%s: Status = 0x%02x (state = %d)\n",
@@ -2058,6 +2062,11 @@ static void mb86a20s_release(struct dvb_
 	kfree(state);
 }
 
+static int mb86a20s_get_frontend_algo(struct dvb_frontend *fe)
+{
+        return DVBFE_ALGO_HW;
+}
+
 static struct dvb_frontend_ops mb86a20s_ops;
 
 struct dvb_frontend *mb86a20s_attach(const struct mb86a20s_config *config,
@@ -2130,6 +2139,7 @@ static struct dvb_frontend_ops mb86a20s_
 	.read_status = mb86a20s_read_status_and_stats,
 	.read_signal_strength = mb86a20s_read_signal_strength_from_cache,
 	.tune = mb86a20s_tune,
+	.get_frontend_algo = mb86a20s_get_frontend_algo,
 };
 
 MODULE_DESCRIPTION("DVB Frontend module for Fujitsu mb86A20s hardware");

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 065/140] [media] mb86a20s: fix demod settings
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (60 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 064/140] [media] mb86a20s: fix the locking logic Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 066/140] [media] cx231xx: dont return error on success Greg Kroah-Hartman
                     ` (72 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

commit 505a0ea706fc1db4381baa6c6bd2e596e730a55e upstream.

With the current settings, only one channel locks properly.
That's likely because, when this driver was written, Brazil
were still using experimental transmissions.

Change it to reproduce the settings used by the newer drivers.
That makes it lock on other channels.

Tested with both PixelView SBTVD Hybrid (cx231xx-based) and
C3Tech Digital Duo HDTV/SDTV (em28xx-based) devices.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/dvb-frontends/mb86a20s.c |   92 +++++++++++++++------------------
 1 file changed, 42 insertions(+), 50 deletions(-)

--- a/drivers/media/dvb-frontends/mb86a20s.c
+++ b/drivers/media/dvb-frontends/mb86a20s.c
@@ -71,25 +71,27 @@ static struct regdata mb86a20s_init1[] =
 };
 
 static struct regdata mb86a20s_init2[] = {
-	{ 0x28, 0x22 }, { 0x29, 0x00 }, { 0x2a, 0x1f }, { 0x2b, 0xf0 },
+	{ 0x50, 0xd1 }, { 0x51, 0x22 },
+	{ 0x39, 0x01 },
+	{ 0x71, 0x00 },
 	{ 0x3b, 0x21 },
-	{ 0x3c, 0x38 },
+	{ 0x3c, 0x3a },
 	{ 0x01, 0x0d },
-	{ 0x04, 0x08 }, { 0x05, 0x03 },
+	{ 0x04, 0x08 }, { 0x05, 0x05 },
 	{ 0x04, 0x0e }, { 0x05, 0x00 },
-	{ 0x04, 0x0f }, { 0x05, 0x37 },
-	{ 0x04, 0x0b }, { 0x05, 0x78 },
+	{ 0x04, 0x0f }, { 0x05, 0x14 },
+	{ 0x04, 0x0b }, { 0x05, 0x8c },
 	{ 0x04, 0x00 }, { 0x05, 0x00 },
-	{ 0x04, 0x01 }, { 0x05, 0x1e },
-	{ 0x04, 0x02 }, { 0x05, 0x07 },
-	{ 0x04, 0x03 }, { 0x05, 0xd0 },
+	{ 0x04, 0x01 }, { 0x05, 0x07 },
+	{ 0x04, 0x02 }, { 0x05, 0x0f },
+	{ 0x04, 0x03 }, { 0x05, 0xa0 },
 	{ 0x04, 0x09 }, { 0x05, 0x00 },
 	{ 0x04, 0x0a }, { 0x05, 0xff },
-	{ 0x04, 0x27 }, { 0x05, 0x00 },
+	{ 0x04, 0x27 }, { 0x05, 0x64 },
 	{ 0x04, 0x28 }, { 0x05, 0x00 },
-	{ 0x04, 0x1e }, { 0x05, 0x00 },
-	{ 0x04, 0x29 }, { 0x05, 0x64 },
-	{ 0x04, 0x32 }, { 0x05, 0x02 },
+	{ 0x04, 0x1e }, { 0x05, 0xff },
+	{ 0x04, 0x29 }, { 0x05, 0x0a },
+	{ 0x04, 0x32 }, { 0x05, 0x0a },
 	{ 0x04, 0x14 }, { 0x05, 0x02 },
 	{ 0x04, 0x04 }, { 0x05, 0x00 },
 	{ 0x04, 0x05 }, { 0x05, 0x22 },
@@ -97,8 +99,6 @@ static struct regdata mb86a20s_init2[] =
 	{ 0x04, 0x07 }, { 0x05, 0xd8 },
 	{ 0x04, 0x12 }, { 0x05, 0x00 },
 	{ 0x04, 0x13 }, { 0x05, 0xff },
-	{ 0x04, 0x15 }, { 0x05, 0x4e },
-	{ 0x04, 0x16 }, { 0x05, 0x20 },
 
 	/*
 	 * On this demod, when the bit count reaches the count below,
@@ -152,42 +152,36 @@ static struct regdata mb86a20s_init2[] =
 	{ 0x50, 0x51 }, { 0x51, 0x04 },		/* MER symbol 4 */
 	{ 0x45, 0x04 },				/* CN symbol 4 */
 	{ 0x48, 0x04 },				/* CN manual mode */
-
+	{ 0x50, 0xd5 }, { 0x51, 0x01 },
 	{ 0x50, 0xd6 }, { 0x51, 0x1f },
 	{ 0x50, 0xd2 }, { 0x51, 0x03 },
-	{ 0x50, 0xd7 }, { 0x51, 0xbf },
-	{ 0x28, 0x74 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0xff },
-	{ 0x28, 0x46 }, { 0x29, 0x00 }, { 0x2a, 0x1a }, { 0x2b, 0x0c },
-
-	{ 0x04, 0x40 }, { 0x05, 0x00 },
-	{ 0x28, 0x00 }, { 0x2b, 0x08 },
-	{ 0x28, 0x05 }, { 0x2b, 0x00 },
+	{ 0x50, 0xd7 }, { 0x51, 0x3f },
 	{ 0x1c, 0x01 },
-	{ 0x28, 0x06 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x1f },
-	{ 0x28, 0x07 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x18 },
-	{ 0x28, 0x08 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x12 },
-	{ 0x28, 0x09 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x30 },
-	{ 0x28, 0x0a }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x37 },
-	{ 0x28, 0x0b }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x02 },
-	{ 0x28, 0x0c }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x09 },
-	{ 0x28, 0x0d }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x06 },
-	{ 0x28, 0x0e }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x7b },
-	{ 0x28, 0x0f }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x76 },
-	{ 0x28, 0x10 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x7d },
-	{ 0x28, 0x11 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x08 },
-	{ 0x28, 0x12 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x0b },
-	{ 0x28, 0x13 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x00 },
-	{ 0x28, 0x14 }, { 0x29, 0x00 }, { 0x2a, 0x01 }, { 0x2b, 0xf2 },
-	{ 0x28, 0x15 }, { 0x29, 0x00 }, { 0x2a, 0x01 }, { 0x2b, 0xf3 },
-	{ 0x28, 0x16 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x05 },
-	{ 0x28, 0x17 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x16 },
-	{ 0x28, 0x18 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x0f },
-	{ 0x28, 0x19 }, { 0x29, 0x00 }, { 0x2a, 0x07 }, { 0x2b, 0xef },
-	{ 0x28, 0x1a }, { 0x29, 0x00 }, { 0x2a, 0x07 }, { 0x2b, 0xd8 },
-	{ 0x28, 0x1b }, { 0x29, 0x00 }, { 0x2a, 0x07 }, { 0x2b, 0xf1 },
-	{ 0x28, 0x1c }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x3d },
-	{ 0x28, 0x1d }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x94 },
-	{ 0x28, 0x1e }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0xba },
+	{ 0x28, 0x06 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x03 },
+	{ 0x28, 0x07 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x0d },
+	{ 0x28, 0x08 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x02 },
+	{ 0x28, 0x09 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x01 },
+	{ 0x28, 0x0a }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x21 },
+	{ 0x28, 0x0b }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x29 },
+	{ 0x28, 0x0c }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x16 },
+	{ 0x28, 0x0d }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x31 },
+	{ 0x28, 0x0e }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x0e },
+	{ 0x28, 0x0f }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x4e },
+	{ 0x28, 0x10 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x46 },
+	{ 0x28, 0x11 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x0f },
+	{ 0x28, 0x12 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x56 },
+	{ 0x28, 0x13 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x35 },
+	{ 0x28, 0x14 }, { 0x29, 0x00 }, { 0x2a, 0x01 }, { 0x2b, 0xbe },
+	{ 0x28, 0x15 }, { 0x29, 0x00 }, { 0x2a, 0x01 }, { 0x2b, 0x84 },
+	{ 0x28, 0x16 }, { 0x29, 0x00 }, { 0x2a, 0x03 }, { 0x2b, 0xee },
+	{ 0x28, 0x17 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x98 },
+	{ 0x28, 0x18 }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x9f },
+	{ 0x28, 0x19 }, { 0x29, 0x00 }, { 0x2a, 0x07 }, { 0x2b, 0xb2 },
+	{ 0x28, 0x1a }, { 0x29, 0x00 }, { 0x2a, 0x06 }, { 0x2b, 0xc2 },
+	{ 0x28, 0x1b }, { 0x29, 0x00 }, { 0x2a, 0x07 }, { 0x2b, 0x4a },
+	{ 0x28, 0x1c }, { 0x29, 0x00 }, { 0x2a, 0x01 }, { 0x2b, 0xbc },
+	{ 0x28, 0x1d }, { 0x29, 0x00 }, { 0x2a, 0x04 }, { 0x2b, 0xba },
+	{ 0x28, 0x1e }, { 0x29, 0x00 }, { 0x2a, 0x06 }, { 0x2b, 0x14 },
 	{ 0x50, 0x1e }, { 0x51, 0x5d },
 	{ 0x50, 0x22 }, { 0x51, 0x00 },
 	{ 0x50, 0x23 }, { 0x51, 0xc8 },
@@ -196,9 +190,7 @@ static struct regdata mb86a20s_init2[] =
 	{ 0x50, 0x26 }, { 0x51, 0x00 },
 	{ 0x50, 0x27 }, { 0x51, 0xc3 },
 	{ 0x50, 0x39 }, { 0x51, 0x02 },
-	{ 0xec, 0x0f },
-	{ 0xeb, 0x1f },
-	{ 0x28, 0x6a }, { 0x29, 0x00 }, { 0x2a, 0x00 }, { 0x2b, 0x00 },
+	{ 0x50, 0xd5 }, { 0x51, 0x01 },
 	{ 0xd0, 0x00 },
 };
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 066/140] [media] cx231xx: dont return error on success
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (61 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 065/140] [media] mb86a20s: fix demod settings Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 067/140] [media] cx231xx: fix GPIOs for Pixelview SBTVD hybrid Greg Kroah-Hartman
                     ` (71 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

commit 1871d718a9db649b70f0929d2778dc01bc49b286 upstream.

The cx231xx_set_agc_analog_digital_mux_select() callers
expect it to return 0 or an error. Returning a positive value
makes the first attempt to switch between analog/digital to fail.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/usb/cx231xx/cx231xx-avcore.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/drivers/media/usb/cx231xx/cx231xx-avcore.c
+++ b/drivers/media/usb/cx231xx/cx231xx-avcore.c
@@ -1264,7 +1264,10 @@ int cx231xx_set_agc_analog_digital_mux_s
 				   dev->board.agc_analog_digital_select_gpio,
 				   analog_or_digital);
 
-	return status;
+	if (status < 0)
+		return status;
+
+	return 0;
 }
 
 int cx231xx_enable_i2c_port_3(struct cx231xx *dev, bool is_port_3)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 067/140] [media] cx231xx: fix GPIOs for Pixelview SBTVD hybrid
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (62 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 066/140] [media] cx231xx: dont return error on success Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 068/140] [media] cx231xx: cant proceed if I2C bus register fails Greg Kroah-Hartman
                     ` (70 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

commit 24b923f073ac37eb744f56a2c7f77107b8219ab2 upstream.

This device uses GPIOs: 28 to switch between analog and
digital modes: on digital mode, it should be set to 1.

The code that sets it on analog mode is OK, but it misses
the logic that sets it on digital mode.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/usb/cx231xx/cx231xx-cards.c |    2 +-
 drivers/media/usb/cx231xx/cx231xx-core.c  |    3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/media/usb/cx231xx/cx231xx-cards.c
+++ b/drivers/media/usb/cx231xx/cx231xx-cards.c
@@ -486,7 +486,7 @@ struct cx231xx_board cx231xx_boards[] =
 		.output_mode = OUT_MODE_VIP11,
 		.demod_xfer_mode = 0,
 		.ctl_pin_status_mask = 0xFFFFFFC4,
-		.agc_analog_digital_select_gpio = 0x00,	/* According with PV cxPolaris.inf file */
+		.agc_analog_digital_select_gpio = 0x1c,
 		.tuner_sif_gpio = -1,
 		.tuner_scl_gpio = -1,
 		.tuner_sda_gpio = -1,
--- a/drivers/media/usb/cx231xx/cx231xx-core.c
+++ b/drivers/media/usb/cx231xx/cx231xx-core.c
@@ -712,6 +712,7 @@ int cx231xx_set_mode(struct cx231xx *dev
 			break;
 		case CX231XX_BOARD_CNXT_RDE_253S:
 		case CX231XX_BOARD_CNXT_RDU_253S:
+		case CX231XX_BOARD_PV_PLAYTV_USB_HYBRID:
 			errCode = cx231xx_set_agc_analog_digital_mux_select(dev, 1);
 			break;
 		case CX231XX_BOARD_HAUPPAUGE_EXETER:
@@ -738,7 +739,7 @@ int cx231xx_set_mode(struct cx231xx *dev
 		case CX231XX_BOARD_PV_PLAYTV_USB_HYBRID:
 		case CX231XX_BOARD_HAUPPAUGE_USB2_FM_PAL:
 		case CX231XX_BOARD_HAUPPAUGE_USB2_FM_NTSC:
-		errCode = cx231xx_set_agc_analog_digital_mux_select(dev, 0);
+			errCode = cx231xx_set_agc_analog_digital_mux_select(dev, 0);
 			break;
 		default:
 			break;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 068/140] [media] cx231xx: cant proceed if I2C bus register fails
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (63 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 067/140] [media] cx231xx: fix GPIOs for Pixelview SBTVD hybrid Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 069/140] ALSA: hda - Fix a failure of micmute led when having multi adcs Greg Kroah-Hartman
                     ` (69 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab@s-opensource.com>

commit 461af077d349b11106ca084e9ef2973a753d33ff upstream.

The driver should not ignore errors while registering the I2C
bus, as this device can't even minimally work without the buses,
as it uses those buses internally to talk with the several IP
blocks inside the chip.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/usb/cx231xx/cx231xx-core.c |   24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

--- a/drivers/media/usb/cx231xx/cx231xx-core.c
+++ b/drivers/media/usb/cx231xx/cx231xx-core.c
@@ -1302,15 +1302,29 @@ int cx231xx_dev_init(struct cx231xx *dev
 	dev->i2c_bus[2].i2c_reserve = 0;
 
 	/* register I2C buses */
-	cx231xx_i2c_register(&dev->i2c_bus[0]);
-	cx231xx_i2c_register(&dev->i2c_bus[1]);
-	cx231xx_i2c_register(&dev->i2c_bus[2]);
+	errCode = cx231xx_i2c_register(&dev->i2c_bus[0]);
+	if (errCode < 0)
+		return errCode;
+	errCode = cx231xx_i2c_register(&dev->i2c_bus[1]);
+	if (errCode < 0)
+		return errCode;
+	errCode = cx231xx_i2c_register(&dev->i2c_bus[2]);
+	if (errCode < 0)
+		return errCode;
 
 	errCode = cx231xx_i2c_mux_create(dev);
+	if (errCode < 0) {
+		dev_err(dev->dev,
+			"%s: Failed to create I2C mux\n", __func__);
+		return errCode;
+	}
+	errCode = cx231xx_i2c_mux_register(dev, 0);
+	if (errCode < 0)
+		return errCode;
+
+	errCode = cx231xx_i2c_mux_register(dev, 1);
 	if (errCode < 0)
 		return errCode;
-	cx231xx_i2c_mux_register(dev, 0);
-	cx231xx_i2c_mux_register(dev, 1);
 
 	/* scan the real bus segments in the order of physical port numbers */
 	cx231xx_do_i2c_scan(dev, I2C_0);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 069/140] ALSA: hda - Fix a failure of micmute led when having multi adcs
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (64 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 068/140] [media] cx231xx: cant proceed if I2C bus register fails Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 071/140] MIPS: ptrace: Fix regs_return_value for kernel context Greg Kroah-Hartman
                     ` (68 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hui Wang <hui.wang@canonical.com>

commit 4875a5f7218068cdeea5f998330dfa3d118b2fea upstream.

On a Dell laptop, there is no global adcs for all input devices, so
the input devices use the different adc, as a result, dyn_adc_switch
is set to true.

In this situation, it is safe to control the micmute led according to
user's choice of muting/unmuting the current input device, since only
current input device path is active, while other input device paths
are inactive and powered down.

Fixes: 00ef99408b6c ('ALSA: hda - add mic mute led hook for dell machines')
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/pci/hda/dell_wmi_helper.c |    2 +-
 sound/pci/hda/thinkpad_helper.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/sound/pci/hda/dell_wmi_helper.c
+++ b/sound/pci/hda/dell_wmi_helper.c
@@ -49,7 +49,7 @@ static void alc_fixup_dell_wmi(struct hd
 		removefunc = true;
 		if (dell_led_set_func(DELL_LED_MICMUTE, false) >= 0) {
 			dell_led_value = 0;
-			if (spec->gen.num_adc_nids > 1)
+			if (spec->gen.num_adc_nids > 1 && !spec->gen.dyn_adc_switch)
 				codec_dbg(codec, "Skipping micmute LED control due to several ADCs");
 			else {
 				dell_old_cap_hook = spec->gen.cap_sync_hook;
--- a/sound/pci/hda/thinkpad_helper.c
+++ b/sound/pci/hda/thinkpad_helper.c
@@ -62,7 +62,7 @@ static void hda_fixup_thinkpad_acpi(stru
 			removefunc = false;
 		}
 		if (led_set_func(TPACPI_LED_MICMUTE, false) >= 0) {
-			if (spec->num_adc_nids > 1)
+			if (spec->num_adc_nids > 1 && !spec->dyn_adc_switch)
 				codec_dbg(codec,
 					  "Skipping micmute LED control due to several ADCs");
 			else {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 071/140] MIPS: ptrace: Fix regs_return_value for kernel context
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (65 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 069/140] ALSA: hda - Fix a failure of micmute led when having multi adcs Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 072/140] Input: i8042 - skip selftest on ASUS laptops Greg Kroah-Hartman
                     ` (67 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marcin Nowakowski, linux-mips, Ralf Baechle

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marcin Nowakowski <marcin.nowakowski@imgtec.com>

commit 74f1077b5b783e7bf4fa3007cefdc8dbd6c07518 upstream.

Currently regs_return_value always negates reg[2] if it determines
the syscall has failed, but when called in kernel context this check is
invalid and may result in returning a wrong value.

This fixes errors reported by CONFIG_KPROBES_SANITY_TEST

Fixes: d7e7528bcd45 ("Audit: push audit success and retcode into arch ptrace.h")
Signed-off-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/14381/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/include/asm/ptrace.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/mips/include/asm/ptrace.h
+++ b/arch/mips/include/asm/ptrace.h
@@ -152,7 +152,7 @@ static inline int is_syscall_success(str
 
 static inline long regs_return_value(struct pt_regs *regs)
 {
-	if (is_syscall_success(regs))
+	if (is_syscall_success(regs) || !user_mode(regs))
 		return regs->regs[2];
 	else
 		return -regs->regs[2];

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 072/140] Input: i8042 - skip selftest on ASUS laptops
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (66 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 071/140] MIPS: ptrace: Fix regs_return_value for kernel context Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 073/140] Input: elantech - force needed quirks on Fujitsu H760 Greg Kroah-Hartman
                     ` (66 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marcos Paulo de Souza, Dmitry Torokhov

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

commit 930e19248e9b61da36c967687ca79c4d5f977919 upstream.

On suspend/resume cycle, selftest is executed to reset i8042 controller.
But when this is done in Asus devices, subsequent calls to detect/init
functions to elantech driver fails. Skipping selftest fixes this problem.

An easier step to reproduce this problem is adding i8042.reset=1 as a
kernel parameter. On Asus laptops, it'll make the system to start with the
touchpad already stuck, since psmouse_probe forcibly calls the selftest
function.

This patch was inspired by John Hiesey's change[1], but, since this problem
affects a lot of models of Asus, let's avoid running selftests on them.

All models affected by this problem:
A455LD
K401LB
K501LB
K501LX
R409L
V502LX
X302LA
X450LCP
X450LD
X455LAB
X455LDB
X455LF
Z450LA

[1]: https://marc.info/?l=linux-input&m=144312209020616&w=2

Fixes: "ETPS/2 Elantech Touchpad dies after resume from suspend"
(https://bugzilla.kernel.org/show_bug.cgi?id=107971)

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 Documentation/kernel-parameters.txt     |    9 ++-
 drivers/input/serio/i8042-io.h          |    2 
 drivers/input/serio/i8042-ip22io.h      |    2 
 drivers/input/serio/i8042-ppcio.h       |    2 
 drivers/input/serio/i8042-sparcio.h     |    2 
 drivers/input/serio/i8042-unicore32io.h |    2 
 drivers/input/serio/i8042-x86ia64io.h   |   96 +++++++++++++++++++++++++++++++-
 drivers/input/serio/i8042.c             |   55 ++++++++++++++----
 8 files changed, 150 insertions(+), 20 deletions(-)

--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1457,7 +1457,14 @@ bytes respectively. Such letter suffixes
 	i8042.nopnp	[HW] Don't use ACPIPnP / PnPBIOS to discover KBD/AUX
 			     controllers
 	i8042.notimeout	[HW] Ignore timeout condition signalled by controller
-	i8042.reset	[HW] Reset the controller during init and cleanup
+	i8042.reset	[HW] Reset the controller during init, cleanup and
+			     suspend-to-ram transitions, only during s2r
+			     transitions, or never reset
+			Format: { 1 | Y | y | 0 | N | n }
+			1, Y, y: always reset controller
+			0, N, n: don't ever reset controller
+			Default: only on s2r transitions on x86; most other
+			architectures force reset to be always executed
 	i8042.unlock	[HW] Unlock (ignore) the keylock
 	i8042.kbdreset  [HW] Reset device connected to KBD port
 
--- a/drivers/input/serio/i8042-io.h
+++ b/drivers/input/serio/i8042-io.h
@@ -81,7 +81,7 @@ static inline int i8042_platform_init(vo
 		return -EBUSY;
 #endif
 
-	i8042_reset = 1;
+	i8042_reset = I8042_RESET_ALWAYS;
 	return 0;
 }
 
--- a/drivers/input/serio/i8042-ip22io.h
+++ b/drivers/input/serio/i8042-ip22io.h
@@ -61,7 +61,7 @@ static inline int i8042_platform_init(vo
 		return -EBUSY;
 #endif
 
-	i8042_reset = 1;
+	i8042_reset = I8042_RESET_ALWAYS;
 
 	return 0;
 }
--- a/drivers/input/serio/i8042-ppcio.h
+++ b/drivers/input/serio/i8042-ppcio.h
@@ -44,7 +44,7 @@ static inline void i8042_write_command(i
 
 static inline int i8042_platform_init(void)
 {
-	i8042_reset = 1;
+	i8042_reset = I8042_RESET_ALWAYS;
 	return 0;
 }
 
--- a/drivers/input/serio/i8042-sparcio.h
+++ b/drivers/input/serio/i8042-sparcio.h
@@ -130,7 +130,7 @@ static int __init i8042_platform_init(vo
 		}
 	}
 
-	i8042_reset = 1;
+	i8042_reset = I8042_RESET_ALWAYS;
 
 	return 0;
 }
--- a/drivers/input/serio/i8042-unicore32io.h
+++ b/drivers/input/serio/i8042-unicore32io.h
@@ -61,7 +61,7 @@ static inline int i8042_platform_init(vo
 	if (!request_mem_region(I8042_REGION_START, I8042_REGION_SIZE, "i8042"))
 		return -EBUSY;
 
-	i8042_reset = 1;
+	i8042_reset = I8042_RESET_ALWAYS;
 	return 0;
 }
 
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -510,6 +510,90 @@ static const struct dmi_system_id __init
 	{ }
 };
 
+/*
+ * On some Asus laptops, just running self tests cause problems.
+ */
+static const struct dmi_system_id i8042_dmi_noselftest_table[] = {
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "A455LD"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "K401LB"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "K501LB"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "K501LX"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "R409L"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "V502LX"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "X302LA"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "X450LCP"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "X450LD"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "X455LAB"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "X455LDB"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "X455LF"),
+		},
+	},
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+			DMI_MATCH(DMI_PRODUCT_NAME, "Z450LA"),
+		},
+	},
+	{ }
+};
 static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
 	{
 		/* MSI Wind U-100 */
@@ -1072,12 +1156,18 @@ static int __init i8042_platform_init(vo
 		return retval;
 
 #if defined(__ia64__)
-        i8042_reset = true;
+        i8042_reset = I8042_RESET_ALWAYS;
 #endif
 
 #ifdef CONFIG_X86
-	if (dmi_check_system(i8042_dmi_reset_table))
-		i8042_reset = true;
+	/* Honor module parameter when value is not default */
+	if (i8042_reset == I8042_RESET_DEFAULT) {
+		if (dmi_check_system(i8042_dmi_reset_table))
+			i8042_reset = I8042_RESET_ALWAYS;
+
+		if (dmi_check_system(i8042_dmi_noselftest_table))
+			i8042_reset = I8042_RESET_NEVER;
+	}
 
 	if (dmi_check_system(i8042_dmi_noloop_table))
 		i8042_noloop = true;
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -48,9 +48,39 @@ static bool i8042_unlock;
 module_param_named(unlock, i8042_unlock, bool, 0);
 MODULE_PARM_DESC(unlock, "Ignore keyboard lock.");
 
-static bool i8042_reset;
-module_param_named(reset, i8042_reset, bool, 0);
-MODULE_PARM_DESC(reset, "Reset controller during init and cleanup.");
+enum i8042_controller_reset_mode {
+	I8042_RESET_NEVER,
+	I8042_RESET_ALWAYS,
+	I8042_RESET_ON_S2RAM,
+#define I8042_RESET_DEFAULT	I8042_RESET_ON_S2RAM
+};
+static enum i8042_controller_reset_mode i8042_reset = I8042_RESET_DEFAULT;
+static int i8042_set_reset(const char *val, const struct kernel_param *kp)
+{
+	enum i8042_controller_reset_mode *arg = kp->arg;
+	int error;
+	bool reset;
+
+	if (val) {
+		error = kstrtobool(val, &reset);
+		if (error)
+			return error;
+	} else {
+		reset = true;
+	}
+
+	*arg = reset ? I8042_RESET_ALWAYS : I8042_RESET_NEVER;
+	return 0;
+}
+
+static const struct kernel_param_ops param_ops_reset_param = {
+	.flags = KERNEL_PARAM_OPS_FL_NOARG,
+	.set = i8042_set_reset,
+};
+#define param_check_reset_param(name, p)	\
+	__param_check(name, p, enum i8042_controller_reset_mode)
+module_param_named(reset, i8042_reset, reset_param, 0);
+MODULE_PARM_DESC(reset, "Reset controller on resume, cleanup or both");
 
 static bool i8042_direct;
 module_param_named(direct, i8042_direct, bool, 0);
@@ -1019,7 +1049,7 @@ static int i8042_controller_init(void)
  * Reset the controller and reset CRT to the original value set by BIOS.
  */
 
-static void i8042_controller_reset(bool force_reset)
+static void i8042_controller_reset(bool s2r_wants_reset)
 {
 	i8042_flush();
 
@@ -1044,8 +1074,10 @@ static void i8042_controller_reset(bool
  * Reset the controller if requested.
  */
 
-	if (i8042_reset || force_reset)
+	if (i8042_reset == I8042_RESET_ALWAYS ||
+	    (i8042_reset == I8042_RESET_ON_S2RAM && s2r_wants_reset)) {
 		i8042_controller_selftest();
+	}
 
 /*
  * Restore the original control register setting.
@@ -1110,7 +1142,7 @@ static void i8042_dritek_enable(void)
  * before suspending.
  */
 
-static int i8042_controller_resume(bool force_reset)
+static int i8042_controller_resume(bool s2r_wants_reset)
 {
 	int error;
 
@@ -1118,7 +1150,8 @@ static int i8042_controller_resume(bool
 	if (error)
 		return error;
 
-	if (i8042_reset || force_reset) {
+	if (i8042_reset == I8042_RESET_ALWAYS ||
+	    (i8042_reset == I8042_RESET_ON_S2RAM && s2r_wants_reset)) {
 		error = i8042_controller_selftest();
 		if (error)
 			return error;
@@ -1195,7 +1228,7 @@ static int i8042_pm_resume_noirq(struct
 
 static int i8042_pm_resume(struct device *dev)
 {
-	bool force_reset;
+	bool want_reset;
 	int i;
 
 	for (i = 0; i < I8042_NUM_PORTS; i++) {
@@ -1218,9 +1251,9 @@ static int i8042_pm_resume(struct device
 	 * off control to the platform firmware, otherwise we can simply restore
 	 * the mode.
 	 */
-	force_reset = pm_resume_via_firmware();
+	want_reset = pm_resume_via_firmware();
 
-	return i8042_controller_resume(force_reset);
+	return i8042_controller_resume(want_reset);
 }
 
 static int i8042_pm_thaw(struct device *dev)
@@ -1482,7 +1515,7 @@ static int __init i8042_probe(struct pla
 
 	i8042_platform_device = dev;
 
-	if (i8042_reset) {
+	if (i8042_reset == I8042_RESET_ALWAYS) {
 		error = i8042_controller_selftest();
 		if (error)
 			return error;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 073/140] Input: elantech - force needed quirks on Fujitsu H760
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (67 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 072/140] Input: i8042 - skip selftest on ASUS laptops Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 074/140] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled Greg Kroah-Hartman
                     ` (65 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Matti Kurkela, Dmitry Torokhov

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matti Kurkela <Matti.Kurkela@iki.fi>

commit f9a703a54d16ba2470391c4b12236ee56591d50c upstream.

Just like Fujitsu CELSIUS H730, the H760 also has an Elantech touchpad with
the same quirks. Without this patch, the touchpad is useless out-of-the-box
as the mouse pointer won't move.

This patch makes the driver aware of both the crc_enabled=1 requirement and
the middle button, making the touchpad fully functional out-of-the-box.

Signed-off-by: Matti Kurkela <Matti.Kurkela@iki.fi>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/input/mouse/elantech.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -1159,6 +1159,13 @@ static const struct dmi_system_id elante
 			DMI_MATCH(DMI_PRODUCT_NAME, "CELSIUS H730"),
 		},
 	},
+	{
+		/* Fujitsu H760 also has a middle button */
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "CELSIUS H760"),
+		},
+	},
 #endif
 	{ }
 };
@@ -1503,6 +1510,13 @@ static const struct dmi_system_id elante
 		},
 	},
 	{
+		/* Fujitsu H760 does not work with crc_enabled == 0 */
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "CELSIUS H760"),
+		},
+	},
+	{
 		/* Fujitsu LIFEBOOK E554  does not work with crc_enabled == 0 */
 		.matches = {
 			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 074/140] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (68 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 073/140] Input: elantech - force needed quirks on Fujitsu H760 Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 075/140] sunrpc: fix write space race causing stalls Greg Kroah-Hartman
                     ` (64 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, William Linna, Benjamin Tissoires,
	Dmitry Torokhov

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dmitry Torokhov <dmitry.torokhov@gmail.com>

commit 62837b3c1a95535d1a287c9c8c6563bbd8d37033 upstream.

Another Lifebook machine that needs the same quirk as other similar
models to make the driver working.

Also let's reorder elantech_dmi_force_crc_enabled list so LIfebook enries
are in alphabetical order.

Reported-by: William Linna <william.linna@gmail.com>
Tested-by: William Linna <william.linna@gmail.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/input/mouse/elantech.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -1517,6 +1517,13 @@ static const struct dmi_system_id elante
 		},
 	},
 	{
+		/* Fujitsu LIFEBOOK E544  does not work with crc_enabled == 0 */
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E544"),
+		},
+	},
+	{
 		/* Fujitsu LIFEBOOK E554  does not work with crc_enabled == 0 */
 		.matches = {
 			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
@@ -1524,10 +1531,10 @@ static const struct dmi_system_id elante
 		},
 	},
 	{
-		/* Fujitsu LIFEBOOK E544  does not work with crc_enabled == 0 */
+		/* Fujitsu LIFEBOOK E556 does not work with crc_enabled == 0 */
 		.matches = {
 			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
-			DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E544"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E556"),
 		},
 	},
 	{

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 075/140] sunrpc: fix write space race causing stalls
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (69 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 074/140] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 076/140] NFSD: fix corruption in notifier registration Greg Kroah-Hartman
                     ` (63 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Trond Myklebust, David Vrabel,
	Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Vrabel <david.vrabel@citrix.com>

commit d48f9ce73c997573e1b512893fa6eddf353a6f69 upstream.

Write space becoming available may race with putting the task to sleep
in xprt_wait_for_buffer_space().  The existing mechanism to avoid the
race does not work.

This (edited) partial trace illustrates the problem:

   [1] rpc_task_run_action: task:43546@5 ... action=call_transmit
   [2] xs_write_space <-xs_tcp_write_space
   [3] xprt_write_space <-xs_write_space
   [4] rpc_task_sleep: task:43546@5 ...
   [5] xs_write_space <-xs_tcp_write_space

[1] Task 43546 runs but is out of write space.

[2] Space becomes available, xs_write_space() clears the
    SOCKWQ_ASYNC_NOSPACE bit.

[3] xprt_write_space() attemts to wake xprt->snd_task (== 43546), but
    this has not yet been queued and the wake up is lost.

[4] xs_nospace() is called which calls xprt_wait_for_buffer_space()
    which queues task 43546.

[5] The call to sk->sk_write_space() at the end of xs_nospace() (which
    is supposed to handle the above race) does not call
    xprt_write_space() as the SOCKWQ_ASYNC_NOSPACE bit is clear and
    thus the task is not woken.

Fix the race by resetting the SOCKWQ_ASYNC_NOSPACE bit in xs_nospace()
so the second call to sk->sk_write_space() calls xprt_write_space().

Suggested-by: Trond Myklebust <trondmy@primarydata.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/sunrpc/xprtsock.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -473,7 +473,16 @@ static int xs_nospace(struct rpc_task *t
 	spin_unlock_bh(&xprt->transport_lock);
 
 	/* Race breaker in case memory is freed before above code is called */
-	sk->sk_write_space(sk);
+	if (ret == -EAGAIN) {
+		struct socket_wq *wq;
+
+		rcu_read_lock();
+		wq = rcu_dereference(sk->sk_wq);
+		set_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags);
+		rcu_read_unlock();
+
+		sk->sk_write_space(sk);
+	}
 	return ret;
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 076/140] NFSD: fix corruption in notifier registration
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (70 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 075/140] sunrpc: fix write space race causing stalls Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 077/140] NFS: Fix inode corruption in nfs_prime_dcache() Greg Kroah-Hartman
                     ` (62 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vasily Averin, Jeff Layton, J. Bruce Fields

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vasily Averin <vvs@virtuozzo.com>

commit 1eca45f8a840987d0df355e0176921653e4f7ec2 upstream.

By design notifier can be registered once only, however nfsd registers
the same inetaddr notifiers per net-namespace.  When this happen it
corrupts list of notifiers, as result some notifiers can be not called
on proper event, traverse on list can be cycled forever, and second
unregister can access already freed memory.

fixes: 36684996 ("nfsd: Register callbacks on the inetaddr_chain and inet6addr_chain")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfsd/nfssvc.c |   18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -366,14 +366,21 @@ static struct notifier_block nfsd_inet6a
 };
 #endif
 
+/* Only used under nfsd_mutex, so this atomic may be overkill: */
+static atomic_t nfsd_notifier_refcount = ATOMIC_INIT(0);
+
 static void nfsd_last_thread(struct svc_serv *serv, struct net *net)
 {
 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
 
-	unregister_inetaddr_notifier(&nfsd_inetaddr_notifier);
+	/* check if the notifier still has clients */
+	if (atomic_dec_return(&nfsd_notifier_refcount) == 0) {
+		unregister_inetaddr_notifier(&nfsd_inetaddr_notifier);
 #if IS_ENABLED(CONFIG_IPV6)
-	unregister_inet6addr_notifier(&nfsd_inet6addr_notifier);
+		unregister_inet6addr_notifier(&nfsd_inet6addr_notifier);
 #endif
+	}
+
 	/*
 	 * write_ports can create the server without actually starting
 	 * any threads--if we get shut down before any threads are
@@ -488,10 +495,13 @@ int nfsd_create_serv(struct net *net)
 	}
 
 	set_max_drc();
-	register_inetaddr_notifier(&nfsd_inetaddr_notifier);
+	/* check if the notifier is already set */
+	if (atomic_inc_return(&nfsd_notifier_refcount) == 1) {
+		register_inetaddr_notifier(&nfsd_inetaddr_notifier);
 #if IS_ENABLED(CONFIG_IPV6)
-	register_inet6addr_notifier(&nfsd_inet6addr_notifier);
+		register_inet6addr_notifier(&nfsd_inet6addr_notifier);
 #endif
+	}
 	do_gettimeofday(&nn->nfssvc_boot);		/* record boot time */
 	return 0;
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 077/140] NFS: Fix inode corruption in nfs_prime_dcache()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (71 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 076/140] NFSD: fix corruption in notifier registration Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 078/140] NFSv4: Dont report revoked delegations as valid in nfs_have_delegation() Greg Kroah-Hartman
                     ` (61 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Oleg Drokin, Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit 7dc72d5f7a0ec97a53e126c46e2cbd2560757955 upstream.

Due to inode number reuse in filesystems, we can end up corrupting the
inode on our client if we apply the file attributes without ensuring that
the filehandle matches.
Typical symptoms include spurious "mode changed" reports in the syslog.

We still do want to ensure that we don't invalidate the dentry if the
inode number matches, but we don't have a filehandle.

Fixes: fa9233699cc1 ("NFS: Don't require a filehandle to refresh...")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Tested-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/dir.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -435,11 +435,11 @@ int nfs_same_file(struct dentry *dentry,
 		return 0;
 
 	nfsi = NFS_I(inode);
-	if (entry->fattr->fileid == nfsi->fileid)
-		return 1;
-	if (nfs_compare_fh(entry->fh, &nfsi->fh) == 0)
-		return 1;
-	return 0;
+	if (entry->fattr->fileid != nfsi->fileid)
+		return 0;
+	if (entry->fh->size && nfs_compare_fh(entry->fh, &nfsi->fh) != 0)
+		return 0;
+	return 1;
 }
 
 static
@@ -517,6 +517,8 @@ again:
 					&entry->fattr->fsid))
 			goto out;
 		if (nfs_same_file(dentry, entry)) {
+			if (!entry->fh->size)
+				goto out;
 			nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
 			status = nfs_refresh_inode(d_inode(dentry), entry->fattr);
 			if (!status)
@@ -529,6 +531,10 @@ again:
 			goto again;
 		}
 	}
+	if (!entry->fh->size) {
+		d_lookup_done(dentry);
+		goto out;
+	}
 
 	inode = nfs_fhget(dentry->d_sb, entry->fh, entry->fattr, entry->label);
 	alias = d_splice_alias(inode, dentry);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 078/140] NFSv4: Dont report revoked delegations as valid in nfs_have_delegation()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (72 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 077/140] NFS: Fix inode corruption in nfs_prime_dcache() Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 079/140] NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid Greg Kroah-Hartman
                     ` (60 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Oleg Drokin, Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit b3f9e7239074613aa6bdafa4caf7c104fe1e7276 upstream.

If the delegation is revoked, then it can't be used for caching.

Fixes: 869f9dfa4d6d ("NFSv4: Fix races between nfs_remove_bad_delegation()...")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Tested-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/delegation.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -51,6 +51,7 @@ nfs4_do_check_delegation(struct inode *i
 	rcu_read_lock();
 	delegation = rcu_dereference(NFS_I(inode)->delegation);
 	if (delegation != NULL && (delegation->type & flags) == flags &&
+	    !test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) &&
 	    !test_bit(NFS_DELEGATION_RETURNING, &delegation->flags)) {
 		if (mark)
 			nfs_mark_delegation_referenced(delegation);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 079/140] NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (73 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 078/140] NFSv4: Dont report revoked delegations as valid in nfs_have_delegation() Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 080/140] NFSv4: Open state recovery must account for file permission changes Greg Kroah-Hartman
                     ` (59 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Oleg Drokin, Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit aa05c87f23efe417adc7ff9b4193b7201ec0dd79 upstream.

We must not allow the use of delegations that have been revoked or are
being returned.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Fixes: 869f9dfa4d6d ("NFSv4: Fix races between nfs_remove_bad_delegation()...")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Tested-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/delegation.c |   17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -41,6 +41,17 @@ void nfs_mark_delegation_referenced(stru
 	set_bit(NFS_DELEGATION_REFERENCED, &delegation->flags);
 }
 
+static bool
+nfs4_is_valid_delegation(const struct nfs_delegation *delegation,
+		fmode_t flags)
+{
+	if (delegation != NULL && (delegation->type & flags) == flags &&
+	    !test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) &&
+	    !test_bit(NFS_DELEGATION_RETURNING, &delegation->flags))
+		return true;
+	return false;
+}
+
 static int
 nfs4_do_check_delegation(struct inode *inode, fmode_t flags, bool mark)
 {
@@ -50,9 +61,7 @@ nfs4_do_check_delegation(struct inode *i
 	flags &= FMODE_READ|FMODE_WRITE;
 	rcu_read_lock();
 	delegation = rcu_dereference(NFS_I(inode)->delegation);
-	if (delegation != NULL && (delegation->type & flags) == flags &&
-	    !test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) &&
-	    !test_bit(NFS_DELEGATION_RETURNING, &delegation->flags)) {
+	if (nfs4_is_valid_delegation(delegation, flags)) {
 		if (mark)
 			nfs_mark_delegation_referenced(delegation);
 		ret = 1;
@@ -894,7 +903,7 @@ bool nfs4_copy_delegation_stateid(struct
 	flags &= FMODE_READ|FMODE_WRITE;
 	rcu_read_lock();
 	delegation = rcu_dereference(nfsi->delegation);
-	ret = (delegation != NULL && (delegation->type & flags) == flags);
+	ret = nfs4_is_valid_delegation(delegation, flags);
 	if (ret) {
 		nfs4_stateid_copy(dst, &delegation->stateid);
 		nfs_mark_delegation_referenced(delegation);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 080/140] NFSv4: Open state recovery must account for file permission changes
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (74 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 079/140] NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 081/140] NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic Greg Kroah-Hartman
                     ` (58 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Oleg Drokin, Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit 304020fe48c6c7fff8b5a38f382b54404f0f79d3 upstream.

If the file permissions change on the server, then we may not be able to
recover open state. If so, we need to ensure that we mark the file
descriptor appropriately.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Tested-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs4state.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1498,6 +1498,9 @@ restart:
 					__func__, status);
 			case -ENOENT:
 			case -ENOMEM:
+			case -EACCES:
+			case -EROFS:
+			case -EIO:
 			case -ESTALE:
 				/* Open state on this file cannot be recovered */
 				nfs4_state_mark_recovery_failed(state, status);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 081/140] NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (75 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 080/140] NFSv4: Open state recovery must account for file permission changes Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 082/140] pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary Greg Kroah-Hartman
                     ` (57 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jeff Layton, Trond Myklebust, Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jeff Layton <jlayton@poochiereds.net>

commit 3f807e5ae5597bd65a6fff684083e8eaa21f3fa7 upstream.

The caller of rpc_run_task also gets a reference that must be put.

Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs42proc.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -443,6 +443,7 @@ int nfs42_proc_layoutstats_generic(struc
 	task = rpc_run_task(&task_setup);
 	if (IS_ERR(task))
 		return PTR_ERR(task);
+	rpc_put_task(task);
 	return 0;
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 082/140] pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (76 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 081/140] NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 083/140] scsi: Fix use-after-free Greg Kroah-Hartman
                     ` (56 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Benjamin Coddington,
	Christoph Hellwig, Anna Schumaker

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Benjamin Coddington <bcodding@redhat.com>

commit a3f9d1b58a9ffce011ef4f074bfa36ae30eade28 upstream.

Commit 41963c10c47a35185e68cb9049f7a3493c94d2d7 sets the block layout's
last written byte to the offset of the end of the extent rather than the
end of the write which incorrectly updates the inode's size for
partial-page writes.

Fixes: 41963c10c47a ("pnfs/blocklayout: update last_write_offset atomically with extents")
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/blocklayout/blocklayout.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/nfs/blocklayout/blocklayout.c
+++ b/fs/nfs/blocklayout/blocklayout.c
@@ -344,9 +344,10 @@ static void bl_write_cleanup(struct work
 		u64 start = hdr->args.offset & (loff_t)PAGE_MASK;
 		u64 end = (hdr->args.offset + hdr->args.count +
 			PAGE_SIZE - 1) & (loff_t)PAGE_MASK;
+		u64 lwb = hdr->args.offset + hdr->args.count;
 
 		ext_tree_mark_written(bl, start >> SECTOR_SHIFT,
-					(end - start) >> SECTOR_SHIFT, end);
+					(end - start) >> SECTOR_SHIFT, lwb);
 	}
 
 	pnfs_ld_write_done(hdr);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 083/140] scsi: Fix use-after-free
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (77 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 082/140] pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 085/140] watchdog: mt7621_wdt: Remove assignment of dev pointer Greg Kroah-Hartman
                     ` (55 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Ming Lei,
	Martin K. Petersen

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ming Lei <tom.leiming@gmail.com>

commit bcd8f2e94808fcddf6ef3af5f060a36820dcc432 upstream.

This patch fixes one use-after-free report[1] by KASAN.

In __scsi_scan_target(), when a type 31 device is probed,
SCSI_SCAN_TARGET_PRESENT is returned and the target will be scanned
again.

Inside the following scsi_report_lun_scan(), one new scsi_device
instance is allocated, and scsi_probe_and_add_lun() is called again to
probe the target and still see type 31 device, finally
__scsi_remove_device() is called to remove & free the device at the end
of scsi_probe_and_add_lun(), so cause use-after-free in
scsi_report_lun_scan().

And the following SCSI log can be observed:

	scsi 0:0:2:0: scsi scan: INQUIRY pass 1 length 36
	scsi 0:0:2:0: scsi scan: INQUIRY successful with code 0x0
	scsi 0:0:2:0: scsi scan: peripheral device type of 31, no device added
	scsi 0:0:2:0: scsi scan: Sending REPORT LUNS to (try 0)
	scsi 0:0:2:0: scsi scan: REPORT LUNS successful (try 0) result 0x0
	scsi 0:0:2:0: scsi scan: REPORT LUN scan
	scsi 0:0:2:0: scsi scan: INQUIRY pass 1 length 36
	scsi 0:0:2:0: scsi scan: INQUIRY successful with code 0x0
	scsi 0:0:2:0: scsi scan: peripheral device type of 31, no device added
	BUG: KASAN: use-after-free in __scsi_scan_target+0xbf8/0xe40 at addr ffff88007b44a104

This patch fixes the issue by moving the putting reference at
the end of scsi_report_lun_scan().

[1] KASAN report
==================================================================
[    3.274597] PM: Adding info for serio:serio1
[    3.275127] BUG: KASAN: use-after-free in __scsi_scan_target+0xd87/0xdf0 at addr ffff880254d8c304
[    3.275653] Read of size 4 by task kworker/u10:0/27
[    3.275903] CPU: 3 PID: 27 Comm: kworker/u10:0 Not tainted 4.8.0 #2121
[    3.276258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[    3.276797] Workqueue: events_unbound async_run_entry_fn
[    3.277083]  ffff880254d8c380 ffff880259a37870 ffffffff94bbc6c1 ffff880078402d80
[    3.277532]  ffff880254d8bb80 ffff880259a37898 ffffffff9459fec1 ffff880259a37930
[    3.277989]  ffff880254d8bb80 ffff880078402d80 ffff880259a37920 ffffffff945a0165
[    3.278436] Call Trace:
[    3.278528]  [<ffffffff94bbc6c1>] dump_stack+0x65/0x84
[    3.278797]  [<ffffffff9459fec1>] kasan_object_err+0x21/0x70
[    3.279063] device: 'psaux': device_add
[    3.279616]  [<ffffffff945a0165>] kasan_report_error+0x205/0x500
[    3.279651] PM: Adding info for No Bus:psaux
[    3.280202]  [<ffffffff944ecd22>] ? kfree_const+0x22/0x30
[    3.280486]  [<ffffffff94bc2dc9>] ? kobject_release+0x119/0x370
[    3.280805]  [<ffffffff945a0543>] __asan_report_load4_noabort+0x43/0x50
[    3.281170]  [<ffffffff9507e1f7>] ? __scsi_scan_target+0xd87/0xdf0
[    3.281506]  [<ffffffff9507e1f7>] __scsi_scan_target+0xd87/0xdf0
[    3.281848]  [<ffffffff9507d470>] ? scsi_add_device+0x30/0x30
[    3.282156]  [<ffffffff94f7f660>] ? pm_runtime_autosuspend_expiration+0x60/0x60
[    3.282570]  [<ffffffff956ddb07>] ? _raw_spin_lock+0x17/0x40
[    3.282880]  [<ffffffff9507e505>] scsi_scan_channel+0x105/0x160
[    3.283200]  [<ffffffff9507e8a2>] scsi_scan_host_selected+0x212/0x2f0
[    3.283563]  [<ffffffff9507eb3c>] do_scsi_scan_host+0x1bc/0x250
[    3.283882]  [<ffffffff9507efc1>] do_scan_async+0x41/0x450
[    3.284173]  [<ffffffff941c1fee>] async_run_entry_fn+0xfe/0x610
[    3.284492]  [<ffffffff941a8954>] ? pwq_dec_nr_in_flight+0x124/0x2a0
[    3.284876]  [<ffffffff941d1770>] ? preempt_count_add+0x130/0x160
[    3.285207]  [<ffffffff941a9a84>] process_one_work+0x544/0x12d0
[    3.285526]  [<ffffffff941aa8e9>] worker_thread+0xd9/0x12f0
[    3.285844]  [<ffffffff941aa810>] ? process_one_work+0x12d0/0x12d0
[    3.286182]  [<ffffffff941bb365>] kthread+0x1c5/0x260
[    3.286443]  [<ffffffff940855cd>] ? __switch_to+0x88d/0x1430
[    3.286745]  [<ffffffff941bb1a0>] ? kthread_worker_fn+0x5a0/0x5a0
[    3.287085]  [<ffffffff956dde9f>] ret_from_fork+0x1f/0x40
[    3.287368]  [<ffffffff941bb1a0>] ? kthread_worker_fn+0x5a0/0x5a0
[    3.287697] Object at ffff880254d8bb80, in cache kmalloc-2048 size: 2048
[    3.288064] Allocated:
[    3.288147] PID = 27
[    3.288218]  [<ffffffff940b27ab>] save_stack_trace+0x2b/0x50
[    3.288531]  [<ffffffff9459f246>] save_stack+0x46/0xd0
[    3.288806]  [<ffffffff9459f4bd>] kasan_kmalloc+0xad/0xe0
[    3.289098]  [<ffffffff9459c07e>] __kmalloc+0x13e/0x250
[    3.289378]  [<ffffffff95078e5a>] scsi_alloc_sdev+0xea/0xcf0
[    3.289701]  [<ffffffff9507de76>] __scsi_scan_target+0xa06/0xdf0
[    3.290034]  [<ffffffff9507e505>] scsi_scan_channel+0x105/0x160
[    3.290362]  [<ffffffff9507e8a2>] scsi_scan_host_selected+0x212/0x2f0
[    3.290724]  [<ffffffff9507eb3c>] do_scsi_scan_host+0x1bc/0x250
[    3.291055]  [<ffffffff9507efc1>] do_scan_async+0x41/0x450
[    3.291354]  [<ffffffff941c1fee>] async_run_entry_fn+0xfe/0x610
[    3.291695]  [<ffffffff941a9a84>] process_one_work+0x544/0x12d0
[    3.292022]  [<ffffffff941aa8e9>] worker_thread+0xd9/0x12f0
[    3.292325]  [<ffffffff941bb365>] kthread+0x1c5/0x260
[    3.292594]  [<ffffffff956dde9f>] ret_from_fork+0x1f/0x40
[    3.292886] Freed:
[    3.292945] PID = 27
[    3.293016]  [<ffffffff940b27ab>] save_stack_trace+0x2b/0x50
[    3.293327]  [<ffffffff9459f246>] save_stack+0x46/0xd0
[    3.293600]  [<ffffffff9459fa61>] kasan_slab_free+0x71/0xb0
[    3.293916]  [<ffffffff9459bac2>] kfree+0xa2/0x1f0
[    3.294168]  [<ffffffff9508158a>] scsi_device_dev_release_usercontext+0x50a/0x730
[    3.294598]  [<ffffffff941ace9a>] execute_in_process_context+0xda/0x130
[    3.294974]  [<ffffffff9508107c>] scsi_device_dev_release+0x1c/0x20
[    3.295322]  [<ffffffff94f566f6>] device_release+0x76/0x1e0
[    3.295626]  [<ffffffff94bc2db7>] kobject_release+0x107/0x370
[    3.295942]  [<ffffffff94bc29ce>] kobject_put+0x4e/0xa0
[    3.296222]  [<ffffffff94f56e17>] put_device+0x17/0x20
[    3.296497]  [<ffffffff9505201c>] scsi_device_put+0x7c/0xa0
[    3.296801]  [<ffffffff9507e1bc>] __scsi_scan_target+0xd4c/0xdf0
[    3.297132]  [<ffffffff9507e505>] scsi_scan_channel+0x105/0x160
[    3.297458]  [<ffffffff9507e8a2>] scsi_scan_host_selected+0x212/0x2f0
[    3.297829]  [<ffffffff9507eb3c>] do_scsi_scan_host+0x1bc/0x250
[    3.298156]  [<ffffffff9507efc1>] do_scan_async+0x41/0x450
[    3.298453]  [<ffffffff941c1fee>] async_run_entry_fn+0xfe/0x610
[    3.298777]  [<ffffffff941a9a84>] process_one_work+0x544/0x12d0
[    3.299105]  [<ffffffff941aa8e9>] worker_thread+0xd9/0x12f0
[    3.299408]  [<ffffffff941bb365>] kthread+0x1c5/0x260
[    3.299676]  [<ffffffff956dde9f>] ret_from_fork+0x1f/0x40
[    3.299967] Memory state around the buggy address:
[    3.300209]  ffff880254d8c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    3.300608]  ffff880254d8c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    3.300986] >ffff880254d8c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    3.301408]                    ^
[    3.301550]  ffff880254d8c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[    3.301987]  ffff880254d8c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    3.302396]
==================================================================

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/scsi_scan.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/scsi/scsi_scan.c
+++ b/drivers/scsi/scsi_scan.c
@@ -1472,12 +1472,12 @@ retry:
  out_err:
 	kfree(lun_data);
  out:
-	scsi_device_put(sdev);
 	if (scsi_device_created(sdev))
 		/*
 		 * the sdev we used didn't appear in the report luns scan
 		 */
 		__scsi_remove_device(sdev);
+	scsi_device_put(sdev);
 	return ret;
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 085/140] watchdog: mt7621_wdt: Remove assignment of dev pointer
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (78 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 083/140] scsi: Fix use-after-free Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 086/140] metag: Only define atomic_dec_if_positive conditionally Greg Kroah-Hartman
                     ` (54 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Wim Van Sebroeck

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Guenter Roeck <linux@roeck-us.net>

commit 8355b3f94425ac8b9683869354be935795f055ca upstream.

Commit 0254e953537c ("watchdog: Drop pointer to watchdog device from
struct watchdog_device") removed the dev pointer from struct
watchdog_device, but this driver was still assigning it, leading to
a compilation error:

drivers/watchdog/mt7621_wdt.c: In function 'mt7621_wdt_probe':
drivers/watchdog/mt7621_wdt.c:142:16: error:
	'struct watchdog_device' has no member named 'dev'

Fix this by removing the assignment.

Fixes: 0254e953537c ("watchdog: Drop pointer to watchdog device ...")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/watchdog/mt7621_wdt.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/watchdog/mt7621_wdt.c
+++ b/drivers/watchdog/mt7621_wdt.c
@@ -139,7 +139,6 @@ static int mt7621_wdt_probe(struct platf
 	if (!IS_ERR(mt7621_wdt_reset))
 		reset_control_deassert(mt7621_wdt_reset);
 
-	mt7621_wdt_dev.dev = &pdev->dev;
 	mt7621_wdt_dev.bootstatus = mt7621_wdt_bootcause();
 
 	watchdog_init_timeout(&mt7621_wdt_dev, mt7621_wdt_dev.max_timeout,

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 086/140] metag: Only define atomic_dec_if_positive conditionally
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (79 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 085/140] watchdog: mt7621_wdt: Remove assignment of dev pointer Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 087/140] soc/fsl/qe: fix gpio save_regs functions Greg Kroah-Hartman
                     ` (53 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, James Hogan

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Guenter Roeck <linux@roeck-us.net>

commit 35d04077ad96ed33ceea2501f5a4f1eacda77218 upstream.

The definition of atomic_dec_if_positive() assumes that
atomic_sub_if_positive() exists, which is only the case if
metag specific atomics are used. This results in the following
build error when trying to build metag1_defconfig.

kernel/ucount.c: In function 'dec_ucount':
kernel/ucount.c:211: error:
	implicit declaration of function 'atomic_sub_if_positive'

Moving the definition of atomic_dec_if_positive() into the metag
conditional code fixes the problem.

Fixes: 6006c0d8ce94 ("metag: Atomics, locks and bitops")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/metag/include/asm/atomic.h |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/arch/metag/include/asm/atomic.h
+++ b/arch/metag/include/asm/atomic.h
@@ -39,11 +39,10 @@
 #define atomic_dec(v) atomic_sub(1, (v))
 
 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+#define atomic_dec_if_positive(v)       atomic_sub_if_positive(1, v)
 
 #endif
 
-#define atomic_dec_if_positive(v)       atomic_sub_if_positive(1, v)
-
 #include <asm-generic/atomic64.h>
 
 #endif /* __ASM_METAG_ATOMIC_H */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 087/140] soc/fsl/qe: fix gpio save_regs functions
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (80 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 086/140] metag: Only define atomic_dec_if_positive conditionally Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 088/140] soc/fsl/qe: fix Oops on CPM1 (and likely CPM2) Greg Kroah-Hartman
                     ` (52 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Linus Walleij, Scott Wood

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christophe Leroy <christophe.leroy@c-s.fr>

commit 5dc6f3fedee58efa343e822558fc3e2f0eb2ad1f upstream.

of_mm_gpiochip_add_data() calls mm_gc->save_regs() before
setting the data. Therefore ->save_regs() cannot use
gpiochip_get_data()

An Oops is encountered without this fix.

fixes: 1e714e54b5ca5 ("powerpc: qe_lib-gpio: use gpiochip data pointer")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Scott Wood <oss@buserror.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/soc/fsl/qe/gpio.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/soc/fsl/qe/gpio.c
+++ b/drivers/soc/fsl/qe/gpio.c
@@ -41,7 +41,8 @@ struct qe_gpio_chip {
 
 static void qe_gpio_save_regs(struct of_mm_gpio_chip *mm_gc)
 {
-	struct qe_gpio_chip *qe_gc = gpiochip_get_data(&mm_gc->gc);
+	struct qe_gpio_chip *qe_gc =
+		container_of(mm_gc, struct qe_gpio_chip, mm_gc);
 	struct qe_pio_regs __iomem *regs = mm_gc->regs;
 
 	qe_gc->cpdata = in_be32(&regs->cpdata);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 088/140] soc/fsl/qe: fix Oops on CPM1 (and likely CPM2)
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (81 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 087/140] soc/fsl/qe: fix gpio save_regs functions Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 089/140] arm64: KVM: VHE: reset PSTATE.PAN on entry to EL2 Greg Kroah-Hartman
                     ` (51 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Scott Wood

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christophe Leroy <christophe.leroy@c-s.fr>

commit 4d486e0083796b54d5aeddd7a5794f897fca1008 upstream.

Commit 0e6e01ff694ee ("CPM/QE: use genalloc to manage CPM/QE muram")
has changed the way muram is managed.
genalloc uses kmalloc(), hence requires the SLAB to be up and running.

On powerpc 8xx, cpm_reset() is called early during startup.
cpm_reset() then calls cpm_muram_init() before SLAB is available,
hence the following Oops.

cpm_reset() cannot be called during initcalls because the CPM is
needed for console.

This patch removes the call to cpm_muram_init() from cpm_reset().
cpm_muram_init() will be called from a new function called cpm_init()
which is declared as subsys_initcall, unless cpm_muram_alloc() is
called earlier for the serial console in which case cpm_muram_init()
will be called from there.

The reason for calling it from two places is that some drivers
(e.g. i2c-cpm) need some of the initialisations done by
cpm_muram_init() but don't call cpm_muram_alloc(). The console
driver calls cpm_muram_alloc() but some platforms might not use
the CPM serial ports for console.

[    0.000000] Unable to handle kernel paging request for data at address 0x00000008
[    0.000000] Faulting instruction address: 0xc01acce0
[    0.000000] Oops: Kernel access of bad area, sig: 11 [#1]
[    0.000000] PREEMPT CMPC885
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.14-g0886ed8 #5
[    0.000000] task: c05183e0 ti: c0536000 task.ti: c0536000
[    0.000000] NIP: c01acce0 LR: c0011068 CTR: 00000000
[    0.000000] REGS: c0537e50 TRAP: 0300   Not tainted (4.4.14-s3k-dev-g0886ed8-svn)
[    0.000000] MSR: 00001032 <ME,IR,DR,RI>  CR: 28044428  XER: 00000000
[    0.000000] DAR: 00000008 DSISR: c0000000
GPR00: c0011068 c0537f00 c05183e0 00000000 00009000 ffffffff 00000bc0 ffffffff
GPR08: ff003000 ff00b000 ff003bbf 00000000 22044422 100d43a8 00000000 07ff94e8
GPR16: 00000000 07bb5d70 00000000 07ff81f4 07ff81f4 07ff81f4 00000000 00000000
GPR24: 07ffb3a0 07fe7628 c0550000 c7ffa190 c0540000 ff003bbf 00000000 00000001
[    0.000000] NIP [c01acce0] gen_pool_add_virt+0x14/0xdc
[    0.000000] LR [c0011068] cpm_muram_init+0xd4/0x18c
[    0.000000] Call Trace:
[    0.000000] [c0537f00] [00000200] 0x200 (unreliable)
[    0.000000] [c0537f20] [c0011068] cpm_muram_init+0xd4/0x18c
[    0.000000] [c0537f70] [c0494684] cpm_reset+0xb4/0xc8
[    0.000000] [c0537f90] [c0494c64] cmpc885_setup_arch+0x10/0x30
[    0.000000] [c0537fa0] [c0493cd4] setup_arch+0x130/0x168
[    0.000000] [c0537fb0] [c04906bc] start_kernel+0x88/0x380
[    0.000000] [c0537ff0] [c0002224] start_here+0x38/0x98
[    0.000000] Instruction dump:
[    0.000000] 91430010 91430014 80010014 83e1000c 7c0803a6 38210010 4e800020 7c0802a6
[    0.000000] 9421ffe0 bf61000c 90010024 7c7e1b78 <80630008> 7c9c2378 7cc31c30 3863001f
[    0.000000] ---[ end trace dc8fa200cb88537f ]---

fixes: 0e6e01ff694ee ("CPM/QE: use genalloc to manage CPM/QE muram")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
[scottwood: Removed some string changes unrelated to bugfix]
Signed-off-by: Scott Wood <oss@buserror.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/sysdev/cpm1.c       |    2 --
 arch/powerpc/sysdev/cpm2.c       |    4 ----
 arch/powerpc/sysdev/cpm_common.c |   15 +++++++++++++++
 drivers/soc/fsl/qe/qe_common.c   |    8 ++++++++
 4 files changed, 23 insertions(+), 6 deletions(-)

--- a/arch/powerpc/sysdev/cpm1.c
+++ b/arch/powerpc/sysdev/cpm1.c
@@ -233,8 +233,6 @@ void __init cpm_reset(void)
 	else
 		out_be32(&siu_conf->sc_sdcr, 1);
 	immr_unmap(siu_conf);
-
-	cpm_muram_init();
 }
 
 static DEFINE_SPINLOCK(cmd_lock);
--- a/arch/powerpc/sysdev/cpm2.c
+++ b/arch/powerpc/sysdev/cpm2.c
@@ -66,10 +66,6 @@ void __init cpm2_reset(void)
 	cpm2_immr = ioremap(get_immrbase(), CPM_MAP_SIZE);
 #endif
 
-	/* Reclaim the DP memory for our use.
-	 */
-	cpm_muram_init();
-
 	/* Tell everyone where the comm processor resides.
 	 */
 	cpmp = &cpm2_immr->im_cpm;
--- a/arch/powerpc/sysdev/cpm_common.c
+++ b/arch/powerpc/sysdev/cpm_common.c
@@ -37,6 +37,21 @@
 #include <linux/of_gpio.h>
 #endif
 
+static int __init cpm_init(void)
+{
+	struct device_node *np;
+
+	np = of_find_compatible_node(NULL, NULL, "fsl,cpm1");
+	if (!np)
+		np = of_find_compatible_node(NULL, NULL, "fsl,cpm2");
+	if (!np)
+		return -ENODEV;
+	cpm_muram_init();
+	of_node_put(np);
+	return 0;
+}
+subsys_initcall(cpm_init);
+
 #ifdef CONFIG_PPC_EARLY_DEBUG_CPM
 static u32 __iomem *cpm_udbg_txdesc;
 static u8 __iomem *cpm_udbg_txbuf;
--- a/drivers/soc/fsl/qe/qe_common.c
+++ b/drivers/soc/fsl/qe/qe_common.c
@@ -70,6 +70,11 @@ int cpm_muram_init(void)
 	}
 
 	muram_pool = gen_pool_create(0, -1);
+	if (!muram_pool) {
+		pr_err("Cannot allocate memory pool for CPM/QE muram");
+		ret = -ENOMEM;
+		goto out_muram;
+	}
 	muram_pbase = of_translate_address(np, zero);
 	if (muram_pbase == (phys_addr_t)OF_BAD_ADDR) {
 		pr_err("Cannot translate zero through CPM muram node");
@@ -116,6 +121,9 @@ static unsigned long cpm_muram_alloc_com
 	struct muram_block *entry;
 	unsigned long start;
 
+	if (!muram_pool && cpm_muram_init())
+		goto out2;
+
 	start = gen_pool_alloc_algo(muram_pool, size, algo, data);
 	if (!start)
 		goto out2;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 089/140] arm64: KVM: VHE: reset PSTATE.PAN on entry to EL2
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (82 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 088/140] soc/fsl/qe: fix Oops on CPM1 (and likely CPM2) Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 090/140] arc: dont leak bits of kernel stack into coredump Greg Kroah-Hartman
                     ` (50 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vladimir Murzin, James Morse,
	Marc Zyngier, Christoffer Dall

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vladimir Murzin <vladimir.murzin@arm.com>

commit cb96408da4e11698674abd04aeac941c1bed2038 upstream.

SCTLR_EL2.SPAN bit controls what happens with the PSTATE.PAN bit on an
exception. However, this bit has no effect on the PSTATE.PAN when
HCR_EL2.E2H or HCR_EL2.TGE is unset. Thus when VHE is used and
exception taken from a guest PSTATE.PAN bit left unchanged and we
continue with a value guest has set.

To address that always reset PSTATE.PAN on entry from EL1.

Fixes: 1f364c8c48a0 ("arm64: VHE: Add support for running Linux in EL2 mode")

Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
Reviewed-by: James Morse <james.morse@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
[ rebased for v4.7+ ]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 arch/arm64/kvm/hyp/entry.S |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/arm64/kvm/hyp/entry.S
+++ b/arch/arm64/kvm/hyp/entry.S
@@ -98,6 +98,8 @@ ENTRY(__guest_exit)
 	// x4-x29,lr: vcpu regs
 	// vcpu x0-x3 on the stack
 
+	ALTERNATIVE(nop, SET_PSTATE_PAN(1), ARM64_HAS_PAN, CONFIG_ARM64_PAN)
+
 	add	x2, x0, #VCPU_CONTEXT
 
 	stp	x4, x5,   [x2, #CPU_XREG_OFFSET(4)]

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 090/140] arc: dont leak bits of kernel stack into coredump
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (83 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 089/140] arm64: KVM: VHE: reset PSTATE.PAN on entry to EL2 Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 091/140] fs/super.c: fix race between freeze_super() and thaw_super() Greg Kroah-Hartman
                     ` (49 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Al Viro <viro@zeniv.linux.org.uk>

commit 7798bf2140ebcc36eafec6a4194fffd8d585d471 upstream.

On faulting sigreturn we do get SIGSEGV, all right, but anything
we'd put into pt_regs could end up in the coredump.  And since
__copy_from_user() never zeroed on arc, we'd better bugger off
on its failure without copying random uninitialized bits of
kernel stack into pt_regs...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arc/kernel/signal.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/arch/arc/kernel/signal.c
+++ b/arch/arc/kernel/signal.c
@@ -107,13 +107,13 @@ static int restore_usr_regs(struct pt_re
 	struct user_regs_struct uregs;
 
 	err = __copy_from_user(&set, &sf->uc.uc_sigmask, sizeof(set));
-	if (!err)
-		set_current_blocked(&set);
-
 	err |= __copy_from_user(&uregs.scratch,
 				&(sf->uc.uc_mcontext.regs.scratch),
 				sizeof(sf->uc.uc_mcontext.regs.scratch));
+	if (err)
+		return err;
 
+	set_current_blocked(&set);
 	regs->bta	= uregs.scratch.bta;
 	regs->lp_start	= uregs.scratch.lp_start;
 	regs->lp_end	= uregs.scratch.lp_end;
@@ -138,7 +138,7 @@ static int restore_usr_regs(struct pt_re
 	regs->r0	= uregs.scratch.r0;
 	regs->sp	= uregs.scratch.sp;
 
-	return err;
+	return 0;
 }
 
 static inline int is_do_ss_needed(unsigned int magic)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 091/140] fs/super.c: fix race between freeze_super() and thaw_super()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (84 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 090/140] arc: dont leak bits of kernel stack into coredump Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 092/140] cifs: Limit the overall credit acquired Greg Kroah-Hartman
                     ` (48 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Al Viro

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Oleg Nesterov <oleg@redhat.com>

commit 89f39af129382a40d7cd1f6914617282cfeee28e upstream.

Change thaw_super() to check frozen != SB_FREEZE_COMPLETE rather than
frozen == SB_UNFROZEN, otherwise it can race with freeze_super() which
drops sb->s_umount after SB_FREEZE_WRITE to preserve the lock ordering.

In this case thaw_super() will wrongly call s_op->unfreeze_fs() before
it was actually frozen, and call sb_freeze_unlock() which leads to the
unbalanced percpu_up_write(). Unfortunately lockdep can't detect this,
so this triggers misc BUG_ON()'s in kernel/rcu/sync.c.

Reported-and-tested-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/super.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/fs/super.c
+++ b/fs/super.c
@@ -1379,8 +1379,8 @@ int freeze_super(struct super_block *sb)
 		}
 	}
 	/*
-	 * This is just for debugging purposes so that fs can warn if it
-	 * sees write activity when frozen is set to SB_FREEZE_COMPLETE.
+	 * For debugging purposes so that fs can warn if it sees write activity
+	 * when frozen is set to SB_FREEZE_COMPLETE, and for thaw_super().
 	 */
 	sb->s_writers.frozen = SB_FREEZE_COMPLETE;
 	up_write(&sb->s_umount);
@@ -1399,7 +1399,7 @@ int thaw_super(struct super_block *sb)
 	int error;
 
 	down_write(&sb->s_umount);
-	if (sb->s_writers.frozen == SB_UNFROZEN) {
+	if (sb->s_writers.frozen != SB_FREEZE_COMPLETE) {
 		up_write(&sb->s_umount);
 		return -EINVAL;
 	}

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 092/140] cifs: Limit the overall credit acquired
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (85 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 091/140] fs/super.c: fix race between freeze_super() and thaw_super() Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 093/140] fs/cifs: keep guid when assigning fid to fileinfo Greg Kroah-Hartman
                     ` (47 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ross Lagerwall, Steve French

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ross Lagerwall <ross.lagerwall@citrix.com>

commit 7d414f396c91a3382e51cf628c1cf0709ad0188b upstream.

The kernel client requests 2 credits for many operations even though
they only use 1 credit (presumably to build up a buffer of credit).
Some servers seem to give the client as much credit as is requested.  In
this case, the amount of credit the client has continues increasing to
the point where (server->credits * MAX_BUFFER_SIZE) overflows in
smb2_wait_mtu_credits().

Fix this by throttling the credit requests if an set limit is reached.
For async requests where the credit charge may be > 1, request as much
credit as what is charged.
The limit is chosen somewhat arbitrarily. The Windows client
defaults to 128 credits, the Windows server allows clients up to
512 credits (or 8192 for Windows 2016), and the NetApp server
(and at least one other) does not limit clients at all.
Choose a high enough value such that the client shouldn't limit
performance.

This behavior was seen with a NetApp filer (NetApp Release 9.0RC2).

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb2glob.h |   10 ++++++++++
 fs/cifs/smb2pdu.c  |   18 +++++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

--- a/fs/cifs/smb2glob.h
+++ b/fs/cifs/smb2glob.h
@@ -61,4 +61,14 @@
 /* Maximum buffer size value we can send with 1 credit */
 #define SMB2_MAX_BUFFER_SIZE 65536
 
+/*
+ * Maximum number of credits to keep available.
+ * This value is chosen somewhat arbitrarily. The Windows client
+ * defaults to 128 credits, the Windows server allows clients up to
+ * 512 credits, and the NetApp server does not limit clients at all.
+ * Choose a high enough value such that the client shouldn't limit
+ * performance.
+ */
+#define SMB2_MAX_CREDITS_AVAILABLE 32000
+
 #endif	/* _SMB2_GLOB_H */
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -100,7 +100,21 @@ smb2_hdr_assemble(struct smb2_hdr *hdr,
 	hdr->ProtocolId = SMB2_PROTO_NUMBER;
 	hdr->StructureSize = cpu_to_le16(64);
 	hdr->Command = smb2_cmd;
-	hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */
+	if (tcon && tcon->ses && tcon->ses->server) {
+		struct TCP_Server_Info *server = tcon->ses->server;
+
+		spin_lock(&server->req_lock);
+		/* Request up to 2 credits but don't go over the limit. */
+		if (server->credits >= SMB2_MAX_CREDITS_AVAILABLE)
+			hdr->CreditRequest = cpu_to_le16(0);
+		else
+			hdr->CreditRequest = cpu_to_le16(
+				min_t(int, SMB2_MAX_CREDITS_AVAILABLE -
+						server->credits, 2));
+		spin_unlock(&server->req_lock);
+	} else {
+		hdr->CreditRequest = cpu_to_le16(2);
+	}
 	hdr->ProcessId = cpu_to_le32((__u16)current->tgid);
 
 	if (!tcon)
@@ -2057,6 +2071,7 @@ smb2_async_readv(struct cifs_readdata *r
 	if (rdata->credits) {
 		buf->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
 						SMB2_MAX_BUFFER_SIZE));
+		buf->CreditRequest = buf->CreditCharge;
 		spin_lock(&server->req_lock);
 		server->credits += rdata->credits -
 						le16_to_cpu(buf->CreditCharge);
@@ -2243,6 +2258,7 @@ smb2_async_writev(struct cifs_writedata
 	if (wdata->credits) {
 		req->hdr.CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
 						    SMB2_MAX_BUFFER_SIZE));
+		req->hdr.CreditRequest = req->hdr.CreditCharge;
 		spin_lock(&server->req_lock);
 		server->credits += wdata->credits -
 					le16_to_cpu(req->hdr.CreditCharge);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 093/140] fs/cifs: keep guid when assigning fid to fileinfo
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (86 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 092/140] cifs: Limit the overall credit acquired Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 094/140] Clarify locking of cifs file and tcon structures and make more granular Greg Kroah-Hartman
                     ` (46 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aurelien Aptel, Steve French

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aurelien Aptel <aaptel@suse.com>

commit 94f873717571c759b7928399cbbddfa3d569bd01 upstream.

When we open a durable handle we give a Globally Unique
Identifier (GUID) to the server which we must keep for later reference
e.g. when reopening persistent handles on reconnection.

Without this the GUID generated for a new persistent handle was lost and
16 zero bytes were used instead on re-opening.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb2ops.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -541,6 +541,7 @@ smb2_set_fid(struct cifsFileInfo *cfile,
 	server->ops->set_oplock_level(cinode, oplock, fid->epoch,
 				      &fid->purge_cache);
 	cinode->can_cache_brlcks = CIFS_CACHE_WRITE(cinode);
+	memcpy(cfile->fid.create_guid, fid->create_guid, 16);
 }
 
 static void

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 094/140] Clarify locking of cifs file and tcon structures and make more granular
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (87 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 093/140] fs/cifs: keep guid when assigning fid to fileinfo Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 095/140] Display number of credits available Greg Kroah-Hartman
                     ` (45 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve French, Pavel Shilovsky,
	Aurelien Aptel, Germano Percossi

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <smfrench@gmail.com>

commit 3afca265b5f53a0b15b79531c13858049505582d upstream.

Remove the global file_list_lock to simplify cifs/smb3 locking and
have spinlocks that more closely match the information they are
protecting.

Add new tcon->open_file_lock and file->file_info_lock spinlocks.
Locks continue to follow a heirachy,
	cifs_socket --> cifs_ses --> cifs_tcon --> cifs_file
where global tcp_ses_lock still protects socket and cifs_ses, while the
the newer locks protect the lower level structure's information
(tcon and cifs_file respectively).

Signed-off-by: Steve French <steve.french@primarydata.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Germano Percossi <germano.percossi@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/cifsfs.c   |    1 
 fs/cifs/cifsglob.h |   30 ++++++++++++------------
 fs/cifs/cifssmb.c  |    4 +--
 fs/cifs/file.c     |   66 +++++++++++++++++++++++++++++++----------------------
 fs/cifs/misc.c     |   15 ++++++------
 fs/cifs/readdir.c  |    6 ++--
 fs/cifs/smb2misc.c |   16 ++++++------
 7 files changed, 75 insertions(+), 63 deletions(-)

--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1271,7 +1271,6 @@ init_cifs(void)
 	GlobalTotalActiveXid = 0;
 	GlobalMaxActiveXid = 0;
 	spin_lock_init(&cifs_tcp_ses_lock);
-	spin_lock_init(&cifs_file_list_lock);
 	spin_lock_init(&GlobalMid_Lock);
 
 	get_random_bytes(&cifs_lock_secret, sizeof(cifs_lock_secret));
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -833,6 +833,7 @@ struct cifs_tcon {
 	struct list_head tcon_list;
 	int tc_count;
 	struct list_head openFileList;
+	spinlock_t open_file_lock; /* protects list above */
 	struct cifs_ses *ses;	/* pointer to session associated with */
 	char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */
 	char *nativeFileSystem;
@@ -889,7 +890,7 @@ struct cifs_tcon {
 #endif /* CONFIG_CIFS_STATS2 */
 	__u64    bytes_read;
 	__u64    bytes_written;
-	spinlock_t stat_lock;
+	spinlock_t stat_lock;  /* protects the two fields above */
 #endif /* CONFIG_CIFS_STATS */
 	FILE_SYSTEM_DEVICE_INFO fsDevInfo;
 	FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* ok if fs name truncated */
@@ -1040,8 +1041,10 @@ struct cifs_fid_locks {
 };
 
 struct cifsFileInfo {
+	/* following two lists are protected by tcon->open_file_lock */
 	struct list_head tlist;	/* pointer to next fid owned by tcon */
 	struct list_head flist;	/* next fid (file instance) for this inode */
+	/* lock list below protected by cifsi->lock_sem */
 	struct cifs_fid_locks *llist;	/* brlocks held by this fid */
 	kuid_t uid;		/* allows finding which FileInfo structure */
 	__u32 pid;		/* process id who opened file */
@@ -1049,11 +1052,12 @@ struct cifsFileInfo {
 	/* BB add lock scope info here if needed */ ;
 	/* lock scope id (0 if none) */
 	struct dentry *dentry;
-	unsigned int f_flags;
 	struct tcon_link *tlink;
+	unsigned int f_flags;
 	bool invalidHandle:1;	/* file closed via session abend */
 	bool oplock_break_cancelled:1;
-	int count;		/* refcount protected by cifs_file_list_lock */
+	int count;
+	spinlock_t file_info_lock; /* protects four flag/count fields above */
 	struct mutex fh_mutex; /* prevents reopen race after dead ses*/
 	struct cifs_search_info srch_inf;
 	struct work_struct oplock_break; /* work for oplock breaks */
@@ -1120,7 +1124,7 @@ struct cifs_writedata {
 
 /*
  * Take a reference on the file private data. Must be called with
- * cifs_file_list_lock held.
+ * cfile->file_info_lock held.
  */
 static inline void
 cifsFileInfo_get_locked(struct cifsFileInfo *cifs_file)
@@ -1514,8 +1518,10 @@ require use of the stronger protocol */
  *  GlobalMid_Lock protects:
  *	list operations on pending_mid_q and oplockQ
  *      updates to XID counters, multiplex id  and SMB sequence numbers
- *  cifs_file_list_lock protects:
- *	list operations on tcp and SMB session lists and tCon lists
+ *  tcp_ses_lock protects:
+ *	list operations on tcp and SMB session lists
+ *  tcon->open_file_lock protects the list of open files hanging off the tcon
+ *  cfile->file_info_lock protects counters and fields in cifs file struct
  *  f_owner.lock protects certain per file struct operations
  *  mapping->page_lock protects certain per page operations
  *
@@ -1547,18 +1553,12 @@ GLOBAL_EXTERN struct list_head		cifs_tcp
  * tcp session, and the list of tcon's per smb session. It also protects
  * the reference counters for the server, smb session, and tcon. Finally,
  * changes to the tcon->tidStatus should be done while holding this lock.
+ * generally the locks should be taken in order tcp_ses_lock before
+ * tcon->open_file_lock and that before file->file_info_lock since the
+ * structure order is cifs_socket-->cifs_ses-->cifs_tcon-->cifs_file
  */
 GLOBAL_EXTERN spinlock_t		cifs_tcp_ses_lock;
 
-/*
- * This lock protects the cifs_file->llist and cifs_file->flist
- * list operations, and updates to some flags (cifs_file->invalidHandle)
- * It will be moved to either use the tcon->stat_lock or equivalent later.
- * If cifs_tcp_ses_lock and the lock below are both needed to be held, then
- * the cifs_tcp_ses_lock must be grabbed first and released last.
- */
-GLOBAL_EXTERN spinlock_t	cifs_file_list_lock;
-
 #ifdef CONFIG_CIFS_DNOTIFY_EXPERIMENTAL /* unused temporarily */
 /* Outstanding dir notify requests */
 GLOBAL_EXTERN struct list_head GlobalDnotifyReqList;
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -98,13 +98,13 @@ cifs_mark_open_files_invalid(struct cifs
 	struct list_head *tmp1;
 
 	/* list all files open on tree connection and mark them invalid */
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tcon->open_file_lock);
 	list_for_each_safe(tmp, tmp1, &tcon->openFileList) {
 		open_file = list_entry(tmp, struct cifsFileInfo, tlist);
 		open_file->invalidHandle = true;
 		open_file->oplock_break_cancelled = true;
 	}
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tcon->open_file_lock);
 	/*
 	 * BB Add call to invalidate_inodes(sb) for all superblocks mounted
 	 * to this tcon.
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -305,6 +305,7 @@ cifs_new_fileinfo(struct cifs_fid *fid,
 	cfile->tlink = cifs_get_tlink(tlink);
 	INIT_WORK(&cfile->oplock_break, cifs_oplock_break);
 	mutex_init(&cfile->fh_mutex);
+	spin_lock_init(&cfile->file_info_lock);
 
 	cifs_sb_active(inode->i_sb);
 
@@ -317,7 +318,7 @@ cifs_new_fileinfo(struct cifs_fid *fid,
 		oplock = 0;
 	}
 
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tcon->open_file_lock);
 	if (fid->pending_open->oplock != CIFS_OPLOCK_NO_CHANGE && oplock)
 		oplock = fid->pending_open->oplock;
 	list_del(&fid->pending_open->olist);
@@ -326,12 +327,13 @@ cifs_new_fileinfo(struct cifs_fid *fid,
 	server->ops->set_fid(cfile, fid, oplock);
 
 	list_add(&cfile->tlist, &tcon->openFileList);
+
 	/* if readable file instance put first in list*/
 	if (file->f_mode & FMODE_READ)
 		list_add(&cfile->flist, &cinode->openFileList);
 	else
 		list_add_tail(&cfile->flist, &cinode->openFileList);
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tcon->open_file_lock);
 
 	if (fid->purge_cache)
 		cifs_zap_mapping(inode);
@@ -343,16 +345,16 @@ cifs_new_fileinfo(struct cifs_fid *fid,
 struct cifsFileInfo *
 cifsFileInfo_get(struct cifsFileInfo *cifs_file)
 {
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&cifs_file->file_info_lock);
 	cifsFileInfo_get_locked(cifs_file);
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&cifs_file->file_info_lock);
 	return cifs_file;
 }
 
 /*
  * Release a reference on the file private data. This may involve closing
  * the filehandle out on the server. Must be called without holding
- * cifs_file_list_lock.
+ * tcon->open_file_lock and cifs_file->file_info_lock.
  */
 void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
 {
@@ -367,11 +369,15 @@ void cifsFileInfo_put(struct cifsFileInf
 	struct cifs_pending_open open;
 	bool oplock_break_cancelled;
 
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tcon->open_file_lock);
+
+	spin_lock(&cifs_file->file_info_lock);
 	if (--cifs_file->count > 0) {
-		spin_unlock(&cifs_file_list_lock);
+		spin_unlock(&cifs_file->file_info_lock);
+		spin_unlock(&tcon->open_file_lock);
 		return;
 	}
+	spin_unlock(&cifs_file->file_info_lock);
 
 	if (server->ops->get_lease_key)
 		server->ops->get_lease_key(inode, &fid);
@@ -395,7 +401,8 @@ void cifsFileInfo_put(struct cifsFileInf
 			set_bit(CIFS_INO_INVALID_MAPPING, &cifsi->flags);
 		cifs_set_oplock_level(cifsi, 0);
 	}
-	spin_unlock(&cifs_file_list_lock);
+
+	spin_unlock(&tcon->open_file_lock);
 
 	oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break);
 
@@ -772,10 +779,10 @@ int cifs_closedir(struct inode *inode, s
 	server = tcon->ses->server;
 
 	cifs_dbg(FYI, "Freeing private data in close dir\n");
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&cfile->file_info_lock);
 	if (server->ops->dir_needs_close(cfile)) {
 		cfile->invalidHandle = true;
-		spin_unlock(&cifs_file_list_lock);
+		spin_unlock(&cfile->file_info_lock);
 		if (server->ops->close_dir)
 			rc = server->ops->close_dir(xid, tcon, &cfile->fid);
 		else
@@ -784,7 +791,7 @@ int cifs_closedir(struct inode *inode, s
 		/* not much we can do if it fails anyway, ignore rc */
 		rc = 0;
 	} else
-		spin_unlock(&cifs_file_list_lock);
+		spin_unlock(&cfile->file_info_lock);
 
 	buf = cfile->srch_inf.ntwrk_buf_start;
 	if (buf) {
@@ -1728,12 +1735,13 @@ struct cifsFileInfo *find_readable_file(
 {
 	struct cifsFileInfo *open_file = NULL;
 	struct cifs_sb_info *cifs_sb = CIFS_SB(cifs_inode->vfs_inode.i_sb);
+	struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb);
 
 	/* only filter by fsuid on multiuser mounts */
 	if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
 		fsuid_only = false;
 
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tcon->open_file_lock);
 	/* we could simply get the first_list_entry since write-only entries
 	   are always at the end of the list but since the first entry might
 	   have a close pending, we go through the whole list */
@@ -1744,8 +1752,8 @@ struct cifsFileInfo *find_readable_file(
 			if (!open_file->invalidHandle) {
 				/* found a good file */
 				/* lock it so it will not be closed on us */
-				cifsFileInfo_get_locked(open_file);
-				spin_unlock(&cifs_file_list_lock);
+				cifsFileInfo_get(open_file);
+				spin_unlock(&tcon->open_file_lock);
 				return open_file;
 			} /* else might as well continue, and look for
 			     another, or simply have the caller reopen it
@@ -1753,7 +1761,7 @@ struct cifsFileInfo *find_readable_file(
 		} else /* write only file */
 			break; /* write only files are last so must be done */
 	}
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tcon->open_file_lock);
 	return NULL;
 }
 
@@ -1762,6 +1770,7 @@ struct cifsFileInfo *find_writable_file(
 {
 	struct cifsFileInfo *open_file, *inv_file = NULL;
 	struct cifs_sb_info *cifs_sb;
+	struct cifs_tcon *tcon;
 	bool any_available = false;
 	int rc;
 	unsigned int refind = 0;
@@ -1777,15 +1786,16 @@ struct cifsFileInfo *find_writable_file(
 	}
 
 	cifs_sb = CIFS_SB(cifs_inode->vfs_inode.i_sb);
+	tcon = cifs_sb_master_tcon(cifs_sb);
 
 	/* only filter by fsuid on multiuser mounts */
 	if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
 		fsuid_only = false;
 
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tcon->open_file_lock);
 refind_writable:
 	if (refind > MAX_REOPEN_ATT) {
-		spin_unlock(&cifs_file_list_lock);
+		spin_unlock(&tcon->open_file_lock);
 		return NULL;
 	}
 	list_for_each_entry(open_file, &cifs_inode->openFileList, flist) {
@@ -1796,8 +1806,8 @@ refind_writable:
 		if (OPEN_FMODE(open_file->f_flags) & FMODE_WRITE) {
 			if (!open_file->invalidHandle) {
 				/* found a good writable file */
-				cifsFileInfo_get_locked(open_file);
-				spin_unlock(&cifs_file_list_lock);
+				cifsFileInfo_get(open_file);
+				spin_unlock(&tcon->open_file_lock);
 				return open_file;
 			} else {
 				if (!inv_file)
@@ -1813,24 +1823,24 @@ refind_writable:
 
 	if (inv_file) {
 		any_available = false;
-		cifsFileInfo_get_locked(inv_file);
+		cifsFileInfo_get(inv_file);
 	}
 
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tcon->open_file_lock);
 
 	if (inv_file) {
 		rc = cifs_reopen_file(inv_file, false);
 		if (!rc)
 			return inv_file;
 		else {
-			spin_lock(&cifs_file_list_lock);
+			spin_lock(&tcon->open_file_lock);
 			list_move_tail(&inv_file->flist,
 					&cifs_inode->openFileList);
-			spin_unlock(&cifs_file_list_lock);
+			spin_unlock(&tcon->open_file_lock);
 			cifsFileInfo_put(inv_file);
-			spin_lock(&cifs_file_list_lock);
 			++refind;
 			inv_file = NULL;
+			spin_lock(&tcon->open_file_lock);
 			goto refind_writable;
 		}
 	}
@@ -3618,15 +3628,17 @@ static int cifs_readpage(struct file *fi
 static int is_inode_writable(struct cifsInodeInfo *cifs_inode)
 {
 	struct cifsFileInfo *open_file;
+	struct cifs_tcon *tcon =
+		cifs_sb_master_tcon(CIFS_SB(cifs_inode->vfs_inode.i_sb));
 
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tcon->open_file_lock);
 	list_for_each_entry(open_file, &cifs_inode->openFileList, flist) {
 		if (OPEN_FMODE(open_file->f_flags) & FMODE_WRITE) {
-			spin_unlock(&cifs_file_list_lock);
+			spin_unlock(&tcon->open_file_lock);
 			return 1;
 		}
 	}
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tcon->open_file_lock);
 	return 0;
 }
 
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -120,6 +120,7 @@ tconInfoAlloc(void)
 		++ret_buf->tc_count;
 		INIT_LIST_HEAD(&ret_buf->openFileList);
 		INIT_LIST_HEAD(&ret_buf->tcon_list);
+		spin_lock_init(&ret_buf->open_file_lock);
 #ifdef CONFIG_CIFS_STATS
 		spin_lock_init(&ret_buf->stat_lock);
 #endif
@@ -465,7 +466,7 @@ is_valid_oplock_break(char *buffer, stru
 				continue;
 
 			cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
-			spin_lock(&cifs_file_list_lock);
+			spin_lock(&tcon->open_file_lock);
 			list_for_each(tmp2, &tcon->openFileList) {
 				netfile = list_entry(tmp2, struct cifsFileInfo,
 						     tlist);
@@ -495,11 +496,11 @@ is_valid_oplock_break(char *buffer, stru
 					   &netfile->oplock_break);
 				netfile->oplock_break_cancelled = false;
 
-				spin_unlock(&cifs_file_list_lock);
+				spin_unlock(&tcon->open_file_lock);
 				spin_unlock(&cifs_tcp_ses_lock);
 				return true;
 			}
-			spin_unlock(&cifs_file_list_lock);
+			spin_unlock(&tcon->open_file_lock);
 			spin_unlock(&cifs_tcp_ses_lock);
 			cifs_dbg(FYI, "No matching file for oplock break\n");
 			return true;
@@ -613,9 +614,9 @@ backup_cred(struct cifs_sb_info *cifs_sb
 void
 cifs_del_pending_open(struct cifs_pending_open *open)
 {
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tlink_tcon(open->tlink)->open_file_lock);
 	list_del(&open->olist);
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
 }
 
 void
@@ -635,7 +636,7 @@ void
 cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
 		      struct cifs_pending_open *open)
 {
-	spin_lock(&cifs_file_list_lock);
+	spin_lock(&tlink_tcon(tlink)->open_file_lock);
 	cifs_add_pending_open_locked(fid, tlink, open);
-	spin_unlock(&cifs_file_list_lock);
+	spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
 }
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -597,14 +597,14 @@ find_cifs_entry(const unsigned int xid,
 	     is_dir_changed(file)) || (index_to_find < first_entry_in_buffer)) {
 		/* close and restart search */
 		cifs_dbg(FYI, "search backing up - close and restart search\n");
-		spin_lock(&cifs_file_list_lock);
+		spin_lock(&cfile->file_info_lock);
 		if (server->ops->dir_needs_close(cfile)) {
 			cfile->invalidHandle = true;
-			spin_unlock(&cifs_file_list_lock);
+			spin_unlock(&cfile->file_info_lock);
 			if (server->ops->close_dir)
 				server->ops->close_dir(xid, tcon, &cfile->fid);
 		} else
-			spin_unlock(&cifs_file_list_lock);
+			spin_unlock(&cfile->file_info_lock);
 		if (cfile->srch_inf.ntwrk_buf_start) {
 			cifs_dbg(FYI, "freeing SMB ff cache buf on search rewind\n");
 			if (cfile->srch_inf.smallBuf)
--- a/fs/cifs/smb2misc.c
+++ b/fs/cifs/smb2misc.c
@@ -549,19 +549,19 @@ smb2_is_valid_lease_break(char *buffer)
 		list_for_each(tmp1, &server->smb_ses_list) {
 			ses = list_entry(tmp1, struct cifs_ses, smb_ses_list);
 
-			spin_lock(&cifs_file_list_lock);
 			list_for_each(tmp2, &ses->tcon_list) {
 				tcon = list_entry(tmp2, struct cifs_tcon,
 						  tcon_list);
+				spin_lock(&tcon->open_file_lock);
 				cifs_stats_inc(
 				    &tcon->stats.cifs_stats.num_oplock_brks);
 				if (smb2_tcon_has_lease(tcon, rsp, lw)) {
-					spin_unlock(&cifs_file_list_lock);
+					spin_unlock(&tcon->open_file_lock);
 					spin_unlock(&cifs_tcp_ses_lock);
 					return true;
 				}
+				spin_unlock(&tcon->open_file_lock);
 			}
-			spin_unlock(&cifs_file_list_lock);
 		}
 	}
 	spin_unlock(&cifs_tcp_ses_lock);
@@ -603,7 +603,7 @@ smb2_is_valid_oplock_break(char *buffer,
 			tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
 
 			cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
-			spin_lock(&cifs_file_list_lock);
+			spin_lock(&tcon->open_file_lock);
 			list_for_each(tmp2, &tcon->openFileList) {
 				cfile = list_entry(tmp2, struct cifsFileInfo,
 						     tlist);
@@ -615,7 +615,7 @@ smb2_is_valid_oplock_break(char *buffer,
 
 				cifs_dbg(FYI, "file id match, oplock break\n");
 				cinode = CIFS_I(d_inode(cfile->dentry));
-
+				spin_lock(&cfile->file_info_lock);
 				if (!CIFS_CACHE_WRITE(cinode) &&
 				    rsp->OplockLevel == SMB2_OPLOCK_LEVEL_NONE)
 					cfile->oplock_break_cancelled = true;
@@ -637,14 +637,14 @@ smb2_is_valid_oplock_break(char *buffer,
 					clear_bit(
 					   CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
 					   &cinode->flags);
-
+				spin_unlock(&cfile->file_info_lock);
 				queue_work(cifsiod_wq, &cfile->oplock_break);
 
-				spin_unlock(&cifs_file_list_lock);
+				spin_unlock(&tcon->open_file_lock);
 				spin_unlock(&cifs_tcp_ses_lock);
 				return true;
 			}
-			spin_unlock(&cifs_file_list_lock);
+			spin_unlock(&tcon->open_file_lock);
 			spin_unlock(&cifs_tcp_ses_lock);
 			cifs_dbg(FYI, "No matching file for oplock break\n");
 			return true;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 095/140] Display number of credits available
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (88 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 094/140] Clarify locking of cifs file and tcon structures and make more granular Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 096/140] Set previous session id correctly on SMB3 reconnect Greg Kroah-Hartman
                     ` (44 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, Germano Percossi

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <smfrench@gmail.com>

commit 9742805d6b1bfb45d7f267648c34fb5bcd347397 upstream.

In debugging smb3, it is useful to display the number
of credits available, so we can see when the server has not granted
sufficient operations for the client to make progress, or alternatively
the client has requested too many credits (as we saw in a recent bug)
so we can compare with the number of credits the server thinks
we have.

Add a /proc/fs/cifs/DebugData line to display the client view
on how many credits are available.

Signed-off-by: Steve French <steve.french@primarydata.com>
Reported-by: Germano Percossi <germano.percossi@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/cifs_debug.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -152,6 +152,7 @@ static int cifs_debug_data_proc_show(str
 	list_for_each(tmp1, &cifs_tcp_ses_list) {
 		server = list_entry(tmp1, struct TCP_Server_Info,
 				    tcp_ses_list);
+		seq_printf(m, "\nNumber of credits: %d", server->credits);
 		i++;
 		list_for_each(tmp2, &server->smb_ses_list) {
 			ses = list_entry(tmp2, struct cifs_ses,

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 096/140] Set previous session id correctly on SMB3 reconnect
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (89 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 095/140] Display number of credits available Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 097/140] SMB3: GUIDs should be constructed as random but valid uuids Greg Kroah-Hartman
                     ` (43 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, David Goebel

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <smfrench@gmail.com>

commit c2afb8147e69819885493edf3a7c1ce03aaf2d4e upstream.

Signed-off-by: Steve French <steve.french@primarydata.com>
Reported-by: David Goebel <davidgoe@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb2pdu.c |    5 +++++
 fs/cifs/smb2pdu.h |    2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -604,6 +604,7 @@ SMB2_sess_setup(const unsigned int xid,
 	char *security_blob = NULL;
 	unsigned char *ntlmssp_blob = NULL;
 	bool use_spnego = false; /* else use raw ntlmssp */
+	u64 previous_session = ses->Suid;
 
 	cifs_dbg(FYI, "Session Setup\n");
 
@@ -641,6 +642,10 @@ ssetup_ntlmssp_authenticate:
 		return rc;
 
 	req->hdr.SessionId = 0; /* First session, not a reauthenticate */
+
+	/* if reconnect, we need to send previous sess id, otherwise it is 0 */
+	req->PreviousSessionId = previous_session;
+
 	req->Flags = 0; /* MBZ */
 	/* to enable echos and oplocks */
 	req->hdr.CreditRequest = cpu_to_le16(3);
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -276,7 +276,7 @@ struct smb2_sess_setup_req {
 	__le32 Channel;
 	__le16 SecurityBufferOffset;
 	__le16 SecurityBufferLength;
-	__le64 PreviousSessionId;
+	__u64 PreviousSessionId;
 	__u8   Buffer[1];	/* variable length GSS security buffer */
 } __packed;
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 097/140] SMB3: GUIDs should be constructed as random but valid uuids
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (90 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 096/140] Set previous session id correctly on SMB3 reconnect Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 098/140] Do not send SMB3 SET_INFO request if nothing is changing Greg Kroah-Hartman
                     ` (42 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve French, Aurelien Aptel, David Goebels

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <smfrench@gmail.com>

commit fa70b87cc6641978b20e12cc5d517e9ffc0086d4 upstream.

GUIDs although random, and 16 bytes, need to be generated as
proper uuids.

Signed-off-by: Steve French <steve.french@primarydata.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reported-by: David Goebels <davidgoe@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/cifsfs.c  |    2 +-
 fs/cifs/connect.c |    2 +-
 fs/cifs/smb2ops.c |    2 +-
 fs/cifs/smb2pdu.c |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -271,7 +271,7 @@ cifs_alloc_inode(struct super_block *sb)
 	cifs_inode->createtime = 0;
 	cifs_inode->epoch = 0;
 #ifdef CONFIG_CIFS_SMB2
-	get_random_bytes(cifs_inode->lease_key, SMB2_LEASE_KEY_SIZE);
+	generate_random_uuid(cifs_inode->lease_key);
 #endif
 	/*
 	 * Can not set i_flags here - they get immediately overwritten to zero
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2163,7 +2163,7 @@ cifs_get_tcp_session(struct smb_vol *vol
 	memcpy(&tcp_ses->dstaddr, &volume_info->dstaddr,
 		sizeof(tcp_ses->dstaddr));
 #ifdef CONFIG_CIFS_SMB2
-	get_random_bytes(tcp_ses->client_guid, SMB2_CLIENT_GUID_SIZE);
+	generate_random_uuid(tcp_ses->client_guid);
 #endif
 	/*
 	 * at this point we are the only ones with the pointer
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1042,7 +1042,7 @@ smb2_set_lease_key(struct inode *inode,
 static void
 smb2_new_lease_key(struct cifs_fid *fid)
 {
-	get_random_bytes(fid->lease_key, SMB2_LEASE_KEY_SIZE);
+	generate_random_uuid(fid->lease_key);
 }
 
 #define SMB2_SYMLINK_STRUCT_SIZE \
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1183,7 +1183,7 @@ create_durable_v2_buf(struct cifs_fid *p
 
 	buf->dcontext.Timeout = 0; /* Should this be configurable by workload */
 	buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
-	get_random_bytes(buf->dcontext.CreateGuid, 16);
+	generate_random_uuid(buf->dcontext.CreateGuid);
 	memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
 
 	/* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 098/140] Do not send SMB3 SET_INFO request if nothing is changing
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (91 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 097/140] SMB3: GUIDs should be constructed as random but valid uuids Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 099/140] Cleanup missing frees on some ioctls Greg Kroah-Hartman
                     ` (41 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <smfrench@gmail.com>

commit 18dd8e1a65ddae2351d0f0d6dd4a334f441fc5fa upstream.

[CIFS] We had cases where we sent a SMB2/SMB3 setinfo request with all
timestamp (and DOS attribute) fields marked as 0 (ie do not change)
e.g. on chmod or chown.

Signed-off-by: Steve French <steve.french@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb2inode.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/fs/cifs/smb2inode.c
+++ b/fs/cifs/smb2inode.c
@@ -266,9 +266,15 @@ smb2_set_file_info(struct inode *inode,
 	struct tcon_link *tlink;
 	int rc;
 
+	if ((buf->CreationTime == 0) && (buf->LastAccessTime == 0) &&
+	    (buf->LastWriteTime == 0) && (buf->ChangeTime) &&
+	    (buf->Attributes == 0))
+		return 0; /* would be a no op, no sense sending this */
+
 	tlink = cifs_sb_tlink(cifs_sb);
 	if (IS_ERR(tlink))
 		return PTR_ERR(tlink);
+
 	rc = smb2_open_op_close(xid, tlink_tcon(tlink), cifs_sb, full_path,
 				FILE_WRITE_ATTRIBUTES, FILE_OPEN, 0, buf,
 				SMB2_OP_SET_INFO);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 099/140] Cleanup missing frees on some ioctls
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (92 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 098/140] Do not send SMB3 SET_INFO request if nothing is changing Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 100/140] Fix regression which breaks DFS mounting Greg Kroah-Hartman
                     ` (40 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, Sachin Prabhu

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <smfrench@gmail.com>

commit 24df1483c272c99ed88b0cba135d0e1dfdee3930 upstream.

Cleanup some missing mem frees on some cifs ioctls, and
clarify others to make more obvious that no data is returned.

Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb2ops.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -287,7 +287,7 @@ SMB3_request_interfaces(const unsigned i
 		cifs_dbg(FYI, "Link Speed %lld\n",
 			le64_to_cpu(out_buf->LinkSpeed));
 	}
-
+	kfree(out_buf);
 	return rc;
 }
 #endif /* STATS2 */
@@ -700,6 +700,7 @@ smb2_clone_range(const unsigned int xid,
 
 cchunk_out:
 	kfree(pcchunk);
+	kfree(retbuf);
 	return rc;
 }
 
@@ -824,7 +825,6 @@ smb2_duplicate_extents(const unsigned in
 {
 	int rc;
 	unsigned int ret_data_len;
-	char *retbuf = NULL;
 	struct duplicate_extents_to_file dup_ext_buf;
 	struct cifs_tcon *tcon = tlink_tcon(trgtfile->tlink);
 
@@ -850,7 +850,7 @@ smb2_duplicate_extents(const unsigned in
 			FSCTL_DUPLICATE_EXTENTS_TO_FILE,
 			true /* is_fsctl */, (char *)&dup_ext_buf,
 			sizeof(struct duplicate_extents_to_file),
-			(char **)&retbuf,
+			NULL,
 			&ret_data_len);
 
 	if (ret_data_len > 0)
@@ -873,7 +873,6 @@ smb3_set_integrity(const unsigned int xi
 		   struct cifsFileInfo *cfile)
 {
 	struct fsctl_set_integrity_information_req integr_info;
-	char *retbuf = NULL;
 	unsigned int ret_data_len;
 
 	integr_info.ChecksumAlgorithm = cpu_to_le16(CHECKSUM_TYPE_UNCHANGED);
@@ -885,7 +884,7 @@ smb3_set_integrity(const unsigned int xi
 			FSCTL_SET_INTEGRITY_INFORMATION,
 			true /* is_fsctl */, (char *)&integr_info,
 			sizeof(struct fsctl_set_integrity_information_req),
-			(char **)&retbuf,
+			NULL,
 			&ret_data_len);
 
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 100/140] Fix regression which breaks DFS mounting
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (93 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 099/140] Cleanup missing frees on some ioctls Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 101/140] blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL Greg Kroah-Hartman
                     ` (39 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sachin Prabhu, Aurelien Aptel, Steve French

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sachin Prabhu <sprabhu@redhat.com>

commit d171356ff11ab1825e456dfb979755e01b3c54a1 upstream.

Patch a6b5058 results in -EREMOTE returned by is_path_accessible() in
cifs_mount() to be ignored which breaks DFS mounting.

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/connect.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3688,14 +3688,16 @@ remote_path_check:
 			goto mount_fail_check;
 		}
 
-		rc = cifs_are_all_path_components_accessible(server,
+		if (rc != -EREMOTE) {
+			rc = cifs_are_all_path_components_accessible(server,
 							     xid, tcon, cifs_sb,
 							     full_path);
-		if (rc != 0) {
-			cifs_dbg(VFS, "cannot query dirs between root and final path, "
-				 "enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
-			cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
-			rc = 0;
+			if (rc != 0) {
+				cifs_dbg(VFS, "cannot query dirs between root and final path, "
+					 "enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
+				cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
+				rc = 0;
+			}
 		}
 		kfree(full_path);
 	}

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 101/140] blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (94 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 100/140] Fix regression which breaks DFS mounting Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 102/140] x86/e820: Dont merge consecutive E820_PRAM ranges Greg Kroah-Hartman
                     ` (38 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Tejun Heo

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bart.vanassche@sandisk.com>

commit bbb427e342495df1cda10051d0566388697499c0 upstream.

Unlocking a mutex twice is wrong. Hence modify blkcg_policy_register()
such that blkcg_pol_mutex is unlocked once if cpd == NULL. This patch
avoids that smatch reports the following error:

block/blk-cgroup.c:1378: blkcg_policy_register() error: double unlock 'mutex:&blkcg_pol_mutex'

Fixes: 06b285bd1125 ("blkcg: fix blkcg_policy_data allocation bug")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 block/blk-cgroup.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -1340,10 +1340,8 @@ int blkcg_policy_register(struct blkcg_p
 			struct blkcg_policy_data *cpd;
 
 			cpd = pol->cpd_alloc_fn(GFP_KERNEL);
-			if (!cpd) {
-				mutex_unlock(&blkcg_pol_mutex);
+			if (!cpd)
 				goto err_free_cpds;
-			}
 
 			blkcg->cpd[pol->plid] = cpd;
 			cpd->blkcg = blkcg;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 102/140] x86/e820: Dont merge consecutive E820_PRAM ranges
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (95 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 101/140] blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 104/140] x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates Greg Kroah-Hartman
                     ` (37 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dave Chinner, Dan Williams,
	Andy Lutomirski, Borislav Petkov, Brian Gerst, Denys Vlasenko,
	H. Peter Anvin, Jeff Moyer, Josh Poimboeuf, Linus Torvalds,
	Peter Zijlstra, Thomas Gleixner, Zhang Yi, linux-nvdimm,
	Ingo Molnar

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Williams <dan.j.williams@intel.com>

commit 23446cb66c073b827779e5eb3dec301623299b32 upstream.

Commit:

  917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation")

... fixed up the broken manipulations of max_pfn in the presence of
E820_PRAM ranges.

However, it also broke the sanitize_e820_map() support for not merging
E820_PRAM ranges.

Re-introduce the enabling to keep resource boundaries between
consecutive defined ranges. Otherwise, for example, an environment that
boots with memmap=2G!8G,2G!10G will end up with a single 4G /dev/pmem0
device instead of a /dev/pmem0 and /dev/pmem1 device 2G in size.

Reported-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Zhang Yi <yizhan@redhat.com>
Cc: linux-nvdimm@lists.01.org
Fixes: 917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation")
Link: http://lkml.kernel.org/r/147629530854.10618.10383744751594021268.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/e820.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
@@ -348,7 +348,7 @@ int __init sanitize_e820_map(struct e820
 		 * continue building up new bios map based on this
 		 * information
 		 */
-		if (current_type != last_type) {
+		if (current_type != last_type || current_type == E820_PRAM) {
 			if (last_type != 0)	 {
 				new_bios[new_bios_entry].size =
 					change_point[chgidx]->addr - last_addr;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 104/140] x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (96 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 102/140] x86/e820: Dont merge consecutive E820_PRAM ranges Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 106/140] pinctrl: intel: Only restore pins that are used by the driver Greg Kroah-Hartman
                     ` (36 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alex Thorlton, Matt Fleming,
	Andy Lutomirski, Ard Biesheuvel, Borislav Petkov, Brian Gerst,
	Denys Vlasenko, Dimitri Sivanich, H. Peter Anvin, Josh Poimboeuf,
	Linus Torvalds, Masahiro Yamada, Mike Travis, Peter Zijlstra,
	Russ Anderson, Thomas Gleixner, linux-efi, Ingo Molnar

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alex Thorlton <athorlton@sgi.com>

commit caef78b6cdeddf4ad364f95910bba6b43b8eb9bf upstream.

Some time ago, we brought our UV BIOS callback code up to speed with the
new EFI memory mapping scheme, in commit:

    d1be84a232e3 ("x86/uv: Update uv_bios_call() to use efi_call_virt_pointer()")

By leveraging some changes that I made to a few of the EFI runtime
callback mechanisms, in commit:

    80e75596079f ("efi: Convert efi_call_virt() to efi_call_virt_pointer()")

This got everything running smoothly on UV, with the new EFI mapping
code.  However, this left one, small loose end, in that EFI_OLD_MEMMAP
(a.k.a. efi=old_map) will no longer work on UV, on kernels that include
the aforementioned changes.

At the time this was not a major issue (in fact, it still really isn't),
but there's no reason that EFI_OLD_MEMMAP *shouldn't* work on our
systems.  This commit adds a check into uv_bios_call(), to see if we have
the EFI_OLD_MEMMAP bit set in efi.flags.  If it is set, we fall back to
using our old callback method, which uses efi_call() directly on the __va()
of our function pointer.

Signed-off-by: Alex Thorlton <athorlton@sgi.com>
Acked-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dimitri Sivanich <sivanich@sgi.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Mike Travis <travis@sgi.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russ Anderson <rja@sgi.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1476928131-170101-1-git-send-email-athorlton@sgi.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/platform/uv/bios_uv.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/arch/x86/platform/uv/bios_uv.c
+++ b/arch/x86/platform/uv/bios_uv.c
@@ -40,7 +40,15 @@ s64 uv_bios_call(enum uv_bios_cmd which,
 		 */
 		return BIOS_STATUS_UNIMPLEMENTED;
 
-	ret = efi_call_virt_pointer(tab, function, (u64)which, a1, a2, a3, a4, a5);
+	/*
+	 * If EFI_OLD_MEMMAP is set, we need to fall back to using our old EFI
+	 * callback method, which uses efi_call() directly, with the kernel page tables:
+	 */
+	if (unlikely(test_bit(EFI_OLD_MEMMAP, &efi.flags)))
+		ret = efi_call((void *)__va(tab->function), (u64)which, a1, a2, a3, a4, a5);
+	else
+		ret = efi_call_virt_pointer(tab, function, (u64)which, a1, a2, a3, a4, a5);
+
 	return ret;
 }
 EXPORT_SYMBOL_GPL(uv_bios_call);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 106/140] pinctrl: intel: Only restore pins that are used by the driver
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (97 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 104/140] x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 108/140] sched/fair: Fix incorrect task group ->load_avg Greg Kroah-Hartman
                     ` (35 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, AceLan Kao, Mika Westerberg, Linus Walleij

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mika Westerberg <mika.westerberg@linux.intel.com>

commit c538b9436751a0be2e1246b48353bc23156bdbcc upstream.

Dell XPS 13 (and maybe some others) uses a GPIO (CPU_GP_1) during suspend
to explicitly disable USB touchscreen interrupt. This is done to prevent
situation where the lid is closed the touchscreen is left functional.

The pinctrl driver (wrongly) assumes it owns all pins which are owned by
host and not locked down. It is perfectly fine for BIOS to use those pins
as it is also considered as host in this context.

What happens is that when the lid of Dell XPS 13 is closed, the BIOS
configures CPU_GP_1 low disabling the touchscreen interrupt. During resume
we restore all host owned pins to the known state which includes CPU_GP_1
and this overwrites what the BIOS has programmed there causing the
touchscreen to fail as no interrupts are reaching the CPU anymore.

Fix this by restoring only those pins we know are explicitly requested by
the kernel one way or other.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=176361
Reported-by: AceLan Kao <acelan.kao@canonical.com>
Tested-by: AceLan Kao <acelan.kao@canonical.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pinctrl/intel/pinctrl-intel.c |   25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

--- a/drivers/pinctrl/intel/pinctrl-intel.c
+++ b/drivers/pinctrl/intel/pinctrl-intel.c
@@ -19,6 +19,7 @@
 #include <linux/pinctrl/pinconf.h>
 #include <linux/pinctrl/pinconf-generic.h>
 
+#include "../core.h"
 #include "pinctrl-intel.h"
 
 /* Offset from regs */
@@ -1079,6 +1080,26 @@ int intel_pinctrl_remove(struct platform
 EXPORT_SYMBOL_GPL(intel_pinctrl_remove);
 
 #ifdef CONFIG_PM_SLEEP
+static bool intel_pinctrl_should_save(struct intel_pinctrl *pctrl, unsigned pin)
+{
+	const struct pin_desc *pd = pin_desc_get(pctrl->pctldev, pin);
+
+	if (!pd || !intel_pad_usable(pctrl, pin))
+		return false;
+
+	/*
+	 * Only restore the pin if it is actually in use by the kernel (or
+	 * by userspace). It is possible that some pins are used by the
+	 * BIOS during resume and those are not always locked down so leave
+	 * them alone.
+	 */
+	if (pd->mux_owner || pd->gpio_owner ||
+	    gpiochip_line_is_irq(&pctrl->chip, pin))
+		return true;
+
+	return false;
+}
+
 int intel_pinctrl_suspend(struct device *dev)
 {
 	struct platform_device *pdev = to_platform_device(dev);
@@ -1092,7 +1113,7 @@ int intel_pinctrl_suspend(struct device
 		const struct pinctrl_pin_desc *desc = &pctrl->soc->pins[i];
 		u32 val;
 
-		if (!intel_pad_usable(pctrl, desc->number))
+		if (!intel_pinctrl_should_save(pctrl, desc->number))
 			continue;
 
 		val = readl(intel_get_padcfg(pctrl, desc->number, PADCFG0));
@@ -1153,7 +1174,7 @@ int intel_pinctrl_resume(struct device *
 		void __iomem *padcfg;
 		u32 val;
 
-		if (!intel_pad_usable(pctrl, desc->number))
+		if (!intel_pinctrl_should_save(pctrl, desc->number))
 			continue;
 
 		padcfg = intel_get_padcfg(pctrl, desc->number, PADCFG0);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 108/140] sched/fair: Fix incorrect task group ->load_avg
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (98 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 106/140] pinctrl: intel: Only restore pins that are used by the driver Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 109/140] sched/fair: Fix min_vruntime tracking Greg Kroah-Hartman
                     ` (34 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Joseph Salisbury, Dietmar Eggemann,
	Vincent Guittot, Peter Zijlstra, Linus Torvalds, Peter Zijlstra,
	Thomas Gleixner, joonwoop, Ingo Molnar

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vincent Guittot <vincent.guittot@linaro.org>

commit b5a9b340789b2b24c6896bcf7a065c31a4db671c upstream.

A scheduler performance regression has been reported by Joseph Salisbury,
which he bisected back to:

  3d30544f0212 ("sched/fair: Apply more PELT fixes)

The regression triggers when several levels of task groups are involved
(read: SystemD) and cpu_possible_mask != cpu_present_mask.

The root cause is that group entity's load (tg_child->se[i]->avg.load_avg)
is initialized to scale_load_down(se->load.weight). During the creation of
a child task group, its group entities on possible CPUs are attached to
parent's cfs_rq (tg_parent) and their loads are added to the parent's load
(tg_parent->load_avg) with update_tg_load_avg().

But only the load on online CPUs will then be updated to reflect real load,
whereas load on other CPUs will stay at the initial value.

The result is a tg_parent->load_avg that is higher than the real load, the
weight of group entities (tg_parent->se[i]->load.weight) on online CPUs is
smaller than it should be, and the task group gets a less running time than
what it could expect.

( This situation can be detected with /proc/sched_debug. The ".tg_load_avg"
  of the task group will be much higher than sum of ".tg_load_avg_contrib"
  of online cfs_rqs of the task group. )

The load of group entities don't have to be intialized to something else
than 0 because their load will increase when an entity is attached.

Reported-by: Joseph Salisbury <joseph.salisbury@canonical.com>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: joonwoop@codeaurora.org
Fixes: 3d30544f0212 ("sched/fair: Apply more PELT fixes)
Link: http://lkml.kernel.org/r/1476881123-10159-1-git-send-email-vincent.guittot@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/sched/fair.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -680,7 +680,14 @@ void init_entity_runnable_average(struct
 	 * will definitely be update (after enqueue).
 	 */
 	sa->period_contrib = 1023;
-	sa->load_avg = scale_load_down(se->load.weight);
+	/*
+	 * Tasks are intialized with full load to be seen as heavy tasks until
+	 * they get a chance to stabilize to their real load level.
+	 * Group entities are intialized with zero load to reflect the fact that
+	 * nothing has been attached to the task group yet.
+	 */
+	if (entity_is_task(se))
+		sa->load_avg = scale_load_down(se->load.weight);
 	sa->load_sum = sa->load_avg * LOAD_AVG_MAX;
 	/*
 	 * At this point, util_avg won't be used in select_task_rq_fair anyway

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 109/140] sched/fair: Fix min_vruntime tracking
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (99 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 108/140] sched/fair: Fix incorrect task group ->load_avg Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 110/140] irqchip/gicv3: Handle loop timeout proper Greg Kroah-Hartman
                     ` (33 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
	Linus Torvalds, Mike Galbraith, Thomas Gleixner, Ingo Molnar

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Zijlstra <peterz@infradead.org>

commit b60205c7c558330e4e2b5df498355ec959457358 upstream.

While going through enqueue/dequeue to review the movement of
set_curr_task() I noticed that the (2nd) update_min_vruntime() call in
dequeue_entity() is suspect.

It turns out, its actually wrong because it will consider
cfs_rq->curr, which could be the entry we just normalized. This mixes
different vruntime forms and leads to fail.

The purpose of the second update_min_vruntime() is to move
min_vruntime forward if the entity we just removed is the one that was
holding it back; _except_ for the DEQUEUE_SAVE case, because then we
know its a temporary removal and it will come back.

However, since we do put_prev_task() _after_ dequeue(), cfs_rq->curr
will still be set (and per the above, can be tranformed into a
different unit), so update_min_vruntime() should also consider
curr->on_rq. This also fixes another corner case where the enqueue
(which also does update_curr()->update_min_vruntime()) happens on the
rq->lock break in schedule(), between dequeue and put_prev_task.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Fixes: 1e876231785d ("sched: Fix ->min_vruntime calculation in dequeue_entity()")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/sched/fair.c |   29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -456,17 +456,23 @@ static inline int entity_before(struct s
 
 static void update_min_vruntime(struct cfs_rq *cfs_rq)
 {
+	struct sched_entity *curr = cfs_rq->curr;
+
 	u64 vruntime = cfs_rq->min_vruntime;
 
-	if (cfs_rq->curr)
-		vruntime = cfs_rq->curr->vruntime;
+	if (curr) {
+		if (curr->on_rq)
+			vruntime = curr->vruntime;
+		else
+			curr = NULL;
+	}
 
 	if (cfs_rq->rb_leftmost) {
 		struct sched_entity *se = rb_entry(cfs_rq->rb_leftmost,
 						   struct sched_entity,
 						   run_node);
 
-		if (!cfs_rq->curr)
+		if (!curr)
 			vruntime = se->vruntime;
 		else
 			vruntime = min_vruntime(vruntime, se->vruntime);
@@ -3466,9 +3472,10 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
 	account_entity_dequeue(cfs_rq, se);
 
 	/*
-	 * Normalize the entity after updating the min_vruntime because the
-	 * update can refer to the ->curr item and we need to reflect this
-	 * movement in our normalized position.
+	 * Normalize after update_curr(); which will also have moved
+	 * min_vruntime if @se is the one holding it back. But before doing
+	 * update_min_vruntime() again, which will discount @se's position and
+	 * can move min_vruntime forward still more.
 	 */
 	if (!(flags & DEQUEUE_SLEEP))
 		se->vruntime -= cfs_rq->min_vruntime;
@@ -3476,8 +3483,16 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
 	/* return excess runtime on last dequeue */
 	return_cfs_rq_runtime(cfs_rq);
 
-	update_min_vruntime(cfs_rq);
 	update_cfs_shares(cfs_rq);
+
+	/*
+	 * Now advance min_vruntime if @se was the entity holding it back,
+	 * except when: DEQUEUE_SAVE && !DEQUEUE_MOVE, in this case we'll be
+	 * put back on, and if we advance min_vruntime, we'll be placed back
+	 * further than we started -- ie. we'll be penalized.
+	 */
+	if ((flags & (DEQUEUE_SAVE | DEQUEUE_MOVE)) == DEQUEUE_SAVE)
+		update_min_vruntime(cfs_rq);
 }
 
 /*

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 110/140] irqchip/gicv3: Handle loop timeout proper
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (100 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 109/140] sched/fair: Fix min_vruntime tracking Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 111/140] irqchip/eznps: Acknowledge NPS_IPI before calling the handler Greg Kroah-Hartman
                     ` (32 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sudeep Holla,
	Marc Zyngier, kernel-janitors, Jason Cooper, Thomas Gleixner

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

commit d102eb5c1ac5e6743b1c6d145c06a25d98ad1375 upstream.

The timeout loop terminates when the loop count is zero, but the decrement
of the count variable is post check. So count is -1 when we check for the
timeout and therefor the error message is supressed.

Change it to predecrement, so the error message is emitted.

[ tglx: Massaged changelog ]

Fixes: a2c225101234 ("irqchip: gic-v3: Refactor gic_enable_redist to support both enabling and disabling")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: kernel-janitors@vger.kernel.org
Cc: Jason Cooper <jason@lakedaemon.net>
Link: http://lkml.kernel.org/r/20161014072534.GA15168@mwanda
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/irqchip/irq-gic-v3.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -153,7 +153,7 @@ static void gic_enable_redist(bool enabl
 			return;	/* No PM support in this redistributor */
 	}
 
-	while (count--) {
+	while (--count) {
 		val = readl_relaxed(rbase + GICR_WAKER);
 		if (enable ^ (bool)(val & GICR_WAKER_ChildrenAsleep))
 			break;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 111/140] irqchip/eznps: Acknowledge NPS_IPI before calling the handler
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (101 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 110/140] irqchip/gicv3: Handle loop timeout proper Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 112/140] irqchip/gic-v3-its: Fix entry size mask for GITS_BASER Greg Kroah-Hartman
                     ` (31 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Noam Camus, marc.zyngier, jason,
	Thomas Gleixner

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Noam Camus <noamca@mellanox.com>

commit c0ca8df717061ae3d2ea624024033103c64210ae upstream.

IPI_IRQ (also TIMER0_IRQ) should be acked before the action->handler is called
in handle_percpu_devid_irq.

The IPI irq is edge sensitive and we might miss an IPI interrupt if it is
triggered again while the handler runs.

Fixes: 44df427c894a ("irqchip: add nps Internal and external irqchips")
Signed-off-by: Noam Camus <noamca@mellanox.com>
Cc: marc.zyngier@arm.com
Cc: jason@lakedaemon.net
Link: http://lkml.kernel.org/r/1476364532-12634-1-git-send-email-noamca@mellanox.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/irqchip/irq-eznps.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/irqchip/irq-eznps.c
+++ b/drivers/irqchip/irq-eznps.c
@@ -85,7 +85,7 @@ static void nps400_irq_eoi_global(struct
 	nps_ack_gic();
 }
 
-static void nps400_irq_eoi(struct irq_data *irqd)
+static void nps400_irq_ack(struct irq_data *irqd)
 {
 	unsigned int __maybe_unused irq = irqd_to_hwirq(irqd);
 
@@ -103,7 +103,7 @@ static struct irq_chip nps400_irq_chip_p
 	.name		= "NPS400 IC",
 	.irq_mask	= nps400_irq_mask,
 	.irq_unmask	= nps400_irq_unmask,
-	.irq_eoi	= nps400_irq_eoi,
+	.irq_ack	= nps400_irq_ack,
 };
 
 static int nps400_irq_map(struct irq_domain *d, unsigned int virq,

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 112/140] irqchip/gic-v3-its: Fix entry size mask for GITS_BASER
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (102 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 111/140] irqchip/eznps: Acknowledge NPS_IPI before calling the handler Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 113/140] cxl: Prevent adapter reset if an active context exists Greg Kroah-Hartman
                     ` (30 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vladimir Murzin, Marc Zyngier

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vladimir Murzin <vladimir.murzin@arm.com>

commit 9224eb77e63f70f16c0b6b7a20ca7d395f3bc077 upstream.

Entry Size in GITS_BASER<n> occupies 5 bits [52:48], but we mask out 8
bits.

Fixes: cc2d3216f53c ("irqchip: GICv3: ITS command queue")
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/irqchip/arm-gic-v3.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/linux/irqchip/arm-gic-v3.h
+++ b/include/linux/irqchip/arm-gic-v3.h
@@ -290,7 +290,7 @@
 #define GITS_BASER_TYPE_SHIFT			(56)
 #define GITS_BASER_TYPE(r)		(((r) >> GITS_BASER_TYPE_SHIFT) & 7)
 #define GITS_BASER_ENTRY_SIZE_SHIFT		(48)
-#define GITS_BASER_ENTRY_SIZE(r)	((((r) >> GITS_BASER_ENTRY_SIZE_SHIFT) & 0xff) + 1)
+#define GITS_BASER_ENTRY_SIZE(r)	((((r) >> GITS_BASER_ENTRY_SIZE_SHIFT) & 0x1f) + 1)
 #define GITS_BASER_SHAREABILITY_SHIFT	(10)
 #define GITS_BASER_InnerShareable					\
 	GIC_BASER_SHAREABILITY(GITS_BASER, InnerShareable)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 113/140] cxl: Prevent adapter reset if an active context exists
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (103 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 112/140] irqchip/gic-v3-its: Fix entry size mask for GITS_BASER Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 114/140] isofs: Do not return EACCES for unknown filesystems Greg Kroah-Hartman
                     ` (29 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Frederic Barrat, Andrew Donnellan,
	Vaibhav Jain, Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>

commit 70b565bbdb911023373e035225ab10077e4ab937 upstream.

This patch prevents resetting the cxl adapter via sysfs in presence of
one or more active cxl_context on it. This protects against an
unrecoverable error caused by PSL owning a dirty cache line even after
reset and host tries to touch the same cache line. In case a force reset
of the card is required irrespective of any active contexts, the int
value -1 can be stored in the 'reset' sysfs attribute of the card.

The patch introduces a new atomic_t member named contexts_num inside
struct cxl that holds the number of active context attached to the card
, which is checked against '0' before proceeding with the reset. To
prevent against a race condition where a context is activated just after
reset check is performed, the contexts_num is atomically set to '-1'
after reset-check to indicate that no more contexts can be activated on
the card anymore.

Before activating a context we atomically test if contexts_num is
non-negative and if so, increment its value by one. In case the value of
contexts_num is negative then it indicates that the card is about to be
reset and context activation is error-ed out at that point.

Fixes: 62fa19d4b4fd ("cxl: Add ability to reset the card")
Acked-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 Documentation/ABI/testing/sysfs-class-cxl |    7 +++--
 drivers/misc/cxl/api.c                    |    9 ++++++
 drivers/misc/cxl/context.c                |    3 ++
 drivers/misc/cxl/cxl.h                    |   24 +++++++++++++++++
 drivers/misc/cxl/file.c                   |   11 +++++++
 drivers/misc/cxl/guest.c                  |    3 ++
 drivers/misc/cxl/main.c                   |   42 +++++++++++++++++++++++++++++-
 drivers/misc/cxl/pci.c                    |    2 +
 drivers/misc/cxl/sysfs.c                  |   27 ++++++++++++++++---
 9 files changed, 121 insertions(+), 7 deletions(-)

--- a/Documentation/ABI/testing/sysfs-class-cxl
+++ b/Documentation/ABI/testing/sysfs-class-cxl
@@ -220,8 +220,11 @@ What:           /sys/class/cxl/<card>/re
 Date:           October 2014
 Contact:        linuxppc-dev@lists.ozlabs.org
 Description:    write only
-                Writing 1 will issue a PERST to card which may cause the card
-                to reload the FPGA depending on load_image_on_perst.
+                Writing 1 will issue a PERST to card provided there are no
+                contexts active on any one of the card AFUs. This may cause
+                the card to reload the FPGA depending on load_image_on_perst.
+                Writing -1 will do a force PERST irrespective of any active
+                contexts on the card AFUs.
 Users:		https://github.com/ibm-capi/libcxl
 
 What:		/sys/class/cxl/<card>/perst_reloads_same_image (not in a guest)
--- a/drivers/misc/cxl/api.c
+++ b/drivers/misc/cxl/api.c
@@ -229,6 +229,14 @@ int cxl_start_context(struct cxl_context
 	if (ctx->status == STARTED)
 		goto out; /* already started */
 
+	/*
+	 * Increment the mapped context count for adapter. This also checks
+	 * if adapter_context_lock is taken.
+	 */
+	rc = cxl_adapter_context_get(ctx->afu->adapter);
+	if (rc)
+		goto out;
+
 	if (task) {
 		ctx->pid = get_task_pid(task, PIDTYPE_PID);
 		ctx->glpid = get_task_pid(task->group_leader, PIDTYPE_PID);
@@ -240,6 +248,7 @@ int cxl_start_context(struct cxl_context
 
 	if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
 		put_pid(ctx->pid);
+		cxl_adapter_context_put(ctx->afu->adapter);
 		cxl_ctx_put();
 		goto out;
 	}
--- a/drivers/misc/cxl/context.c
+++ b/drivers/misc/cxl/context.c
@@ -238,6 +238,9 @@ int __detach_context(struct cxl_context
 	put_pid(ctx->glpid);
 
 	cxl_ctx_put();
+
+	/* Decrease the attached context count on the adapter */
+	cxl_adapter_context_put(ctx->afu->adapter);
 	return 0;
 }
 
--- a/drivers/misc/cxl/cxl.h
+++ b/drivers/misc/cxl/cxl.h
@@ -615,6 +615,14 @@ struct cxl {
 	bool perst_select_user;
 	bool perst_same_image;
 	bool psl_timebase_synced;
+
+	/*
+	 * number of contexts mapped on to this card. Possible values are:
+	 * >0: Number of contexts mapped and new one can be mapped.
+	 *  0: No active contexts and new ones can be mapped.
+	 * -1: No contexts mapped and new ones cannot be mapped.
+	 */
+	atomic_t contexts_num;
 };
 
 int cxl_pci_alloc_one_irq(struct cxl *adapter);
@@ -940,4 +948,20 @@ bool cxl_pci_is_vphb_device(struct pci_d
 
 /* decode AFU error bits in the PSL register PSL_SERR_An */
 void cxl_afu_decode_psl_serr(struct cxl_afu *afu, u64 serr);
+
+/*
+ * Increments the number of attached contexts on an adapter.
+ * In case an adapter_context_lock is taken the return -EBUSY.
+ */
+int cxl_adapter_context_get(struct cxl *adapter);
+
+/* Decrements the number of attached contexts on an adapter */
+void cxl_adapter_context_put(struct cxl *adapter);
+
+/* If no active contexts then prevents contexts from being attached */
+int cxl_adapter_context_lock(struct cxl *adapter);
+
+/* Unlock the contexts-lock if taken. Warn and force unlock otherwise */
+void cxl_adapter_context_unlock(struct cxl *adapter);
+
 #endif
--- a/drivers/misc/cxl/file.c
+++ b/drivers/misc/cxl/file.c
@@ -205,11 +205,22 @@ static long afu_ioctl_start_work(struct
 	ctx->pid = get_task_pid(current, PIDTYPE_PID);
 	ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID);
 
+	/*
+	 * Increment the mapped context count for adapter. This also checks
+	 * if adapter_context_lock is taken.
+	 */
+	rc = cxl_adapter_context_get(ctx->afu->adapter);
+	if (rc) {
+		afu_release_irqs(ctx, ctx);
+		goto out;
+	}
+
 	trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr);
 
 	if ((rc = cxl_ops->attach_process(ctx, false, work.work_element_descriptor,
 							amr))) {
 		afu_release_irqs(ctx, ctx);
+		cxl_adapter_context_put(ctx->afu->adapter);
 		goto out;
 	}
 
--- a/drivers/misc/cxl/guest.c
+++ b/drivers/misc/cxl/guest.c
@@ -1152,6 +1152,9 @@ struct cxl *cxl_guest_init_adapter(struc
 	if ((rc = cxl_sysfs_adapter_add(adapter)))
 		goto err_put1;
 
+	/* release the context lock as the adapter is configured */
+	cxl_adapter_context_unlock(adapter);
+
 	return adapter;
 
 err_put1:
--- a/drivers/misc/cxl/main.c
+++ b/drivers/misc/cxl/main.c
@@ -243,8 +243,10 @@ struct cxl *cxl_alloc_adapter(void)
 	if (dev_set_name(&adapter->dev, "card%i", adapter->adapter_num))
 		goto err2;
 
-	return adapter;
+	/* start with context lock taken */
+	atomic_set(&adapter->contexts_num, -1);
 
+	return adapter;
 err2:
 	cxl_remove_adapter_nr(adapter);
 err1:
@@ -286,6 +288,44 @@ int cxl_afu_select_best_mode(struct cxl_
 	return 0;
 }
 
+int cxl_adapter_context_get(struct cxl *adapter)
+{
+	int rc;
+
+	rc = atomic_inc_unless_negative(&adapter->contexts_num);
+	return rc >= 0 ? 0 : -EBUSY;
+}
+
+void cxl_adapter_context_put(struct cxl *adapter)
+{
+	atomic_dec_if_positive(&adapter->contexts_num);
+}
+
+int cxl_adapter_context_lock(struct cxl *adapter)
+{
+	int rc;
+	/* no active contexts -> contexts_num == 0 */
+	rc = atomic_cmpxchg(&adapter->contexts_num, 0, -1);
+	return rc ? -EBUSY : 0;
+}
+
+void cxl_adapter_context_unlock(struct cxl *adapter)
+{
+	int val = atomic_cmpxchg(&adapter->contexts_num, -1, 0);
+
+	/*
+	 * contexts lock taken -> contexts_num == -1
+	 * If not true then show a warning and force reset the lock.
+	 * This will happen when context_unlock was requested without
+	 * doing a context_lock.
+	 */
+	if (val != -1) {
+		atomic_set(&adapter->contexts_num, 0);
+		WARN(1, "Adapter context unlocked with %d active contexts",
+		     val);
+	}
+}
+
 static int __init init_cxl(void)
 {
 	int rc = 0;
--- a/drivers/misc/cxl/pci.c
+++ b/drivers/misc/cxl/pci.c
@@ -1484,6 +1484,8 @@ static int cxl_configure_adapter(struct
 	if ((rc = cxl_native_register_psl_err_irq(adapter)))
 		goto err;
 
+	/* Release the context lock as adapter is configured */
+	cxl_adapter_context_unlock(adapter);
 	return 0;
 
 err:
--- a/drivers/misc/cxl/sysfs.c
+++ b/drivers/misc/cxl/sysfs.c
@@ -75,12 +75,31 @@ static ssize_t reset_adapter_store(struc
 	int val;
 
 	rc = sscanf(buf, "%i", &val);
-	if ((rc != 1) || (val != 1))
+	if ((rc != 1) || (val != 1 && val != -1))
 		return -EINVAL;
 
-	if ((rc = cxl_ops->adapter_reset(adapter)))
-		return rc;
-	return count;
+	/*
+	 * See if we can lock the context mapping that's only allowed
+	 * when there are no contexts attached to the adapter. Once
+	 * taken this will also prevent any context from getting activated.
+	 */
+	if (val == 1) {
+		rc =  cxl_adapter_context_lock(adapter);
+		if (rc)
+			goto out;
+
+		rc = cxl_ops->adapter_reset(adapter);
+		/* In case reset failed release context lock */
+		if (rc)
+			cxl_adapter_context_unlock(adapter);
+
+	} else if (val == -1) {
+		/* Perform a forced adapter reset */
+		rc = cxl_ops->adapter_reset(adapter);
+	}
+
+out:
+	return rc ? rc : count;
 }
 
 static ssize_t load_image_on_perst_show(struct device *device,

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 114/140] isofs: Do not return EACCES for unknown filesystems
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (104 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 113/140] cxl: Prevent adapter reset if an active context exists Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 115/140] memstick: rtsx_usb_ms: Runtime resume the device when polling for cards Greg Kroah-Hartman
                     ` (28 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kent Overstreet, Karel Zak, Jan Kara

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Kara <jack@suse.cz>

commit a2ed0b391dd9c3ef1d64c7c3e370f4a5ffcd324a upstream.

When isofs_mount() is called to mount a device read-write, it returns
EACCES even before it checks that the device actually contains an isofs
filesystem. This may confuse mount(8) which then tries to mount all
subsequent filesystem types in read-only mode.

Fix the problem by returning EACCES only once we verify that the device
indeed contains an iso9660 filesystem.

Fixes: 17b7f7cf58926844e1dd40f5eb5348d481deca6a
Reported-by: Kent Overstreet <kent.overstreet@gmail.com>
Reported-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/isofs/inode.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -687,6 +687,11 @@ static int isofs_fill_super(struct super
 	pri_bh = NULL;
 
 root_found:
+	/* We don't support read-write mounts */
+	if (!(s->s_flags & MS_RDONLY)) {
+		error = -EACCES;
+		goto out_freebh;
+	}
 
 	if (joliet_level && (pri == NULL || !opt.rock)) {
 		/* This is the case of Joliet with the norock mount flag.
@@ -1501,9 +1506,6 @@ struct inode *__isofs_iget(struct super_
 static struct dentry *isofs_mount(struct file_system_type *fs_type,
 	int flags, const char *dev_name, void *data)
 {
-	/* We don't support read-write mounts */
-	if (!(flags & MS_RDONLY))
-		return ERR_PTR(-EACCES);
 	return mount_bdev(fs_type, flags, dev_name, data, isofs_fill_super);
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 115/140] memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (105 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 114/140] isofs: Do not return EACCES for unknown filesystems Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 116/140] memstick: rtsx_usb_ms: Manage runtime PM when accessing the device Greg Kroah-Hartman
                     ` (27 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ritesh Raj Sarraf, Alan Stern, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alan Stern <stern@rowland.harvard.edu>

commit 796aa46adf1d90eab36ae06a42e6d3f10b28a75c upstream.

Accesses to the rtsx usb device, which is the parent of the rtsx memstick
device, must not be done unless it's runtime resumed.

Therefore when the rtsx_usb_ms driver polls for inserted memstick cards,
let's add pm_runtime_get|put*() to make sure accesses is done when the
rtsx usb device is runtime resumed.

Reported-by: Ritesh Raj Sarraf <rrs@researchut.com>
Tested-by: Ritesh Raj Sarraf <rrs@researchut.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/memstick/host/rtsx_usb_ms.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/memstick/host/rtsx_usb_ms.c
+++ b/drivers/memstick/host/rtsx_usb_ms.c
@@ -681,6 +681,7 @@ static int rtsx_usb_detect_ms_card(void
 	int err;
 
 	for (;;) {
+		pm_runtime_get_sync(ms_dev(host));
 		mutex_lock(&ucr->dev_mutex);
 
 		/* Check pending MS card changes */
@@ -703,6 +704,7 @@ static int rtsx_usb_detect_ms_card(void
 		}
 
 poll_again:
+		pm_runtime_put(ms_dev(host));
 		if (host->eject)
 			break;
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 116/140] memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (106 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 115/140] memstick: rtsx_usb_ms: Runtime resume the device when polling for cards Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 117/140] arm64: swp emulation: bound LL/SC retries before rescheduling Greg Kroah-Hartman
                     ` (26 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ritesh Raj Sarraf, Alan Stern, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ulf Hansson <ulf.hansson@linaro.org>

commit 9158cb29e7c2f10dd325eb1589f0fe745a271257 upstream.

Accesses to the rtsx usb device, which is the parent of the rtsx memstick
device, must not be done unless it's runtime resumed. This is currently not
the case and it could trigger various errors.

Fix this by properly deal with runtime PM in this regards. This means
making sure the device is runtime resumed, when serving requests via the
->request() callback or changing settings via the ->set_param() callbacks.

Cc: Ritesh Raj Sarraf <rrs@researchut.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/memstick/host/rtsx_usb_ms.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/memstick/host/rtsx_usb_ms.c
+++ b/drivers/memstick/host/rtsx_usb_ms.c
@@ -524,6 +524,7 @@ static void rtsx_usb_ms_handle_req(struc
 	int rc;
 
 	if (!host->req) {
+		pm_runtime_get_sync(ms_dev(host));
 		do {
 			rc = memstick_next_req(msh, &host->req);
 			dev_dbg(ms_dev(host), "next req %d\n", rc);
@@ -544,6 +545,7 @@ static void rtsx_usb_ms_handle_req(struc
 						host->req->error);
 			}
 		} while (!rc);
+		pm_runtime_put(ms_dev(host));
 	}
 
 }
@@ -570,6 +572,7 @@ static int rtsx_usb_ms_set_param(struct
 	dev_dbg(ms_dev(host), "%s: param = %d, value = %d\n",
 			__func__, param, value);
 
+	pm_runtime_get_sync(ms_dev(host));
 	mutex_lock(&ucr->dev_mutex);
 
 	err = rtsx_usb_card_exclusive_check(ucr, RTSX_USB_MS_CARD);
@@ -635,6 +638,7 @@ static int rtsx_usb_ms_set_param(struct
 	}
 out:
 	mutex_unlock(&ucr->dev_mutex);
+	pm_runtime_put(ms_dev(host));
 
 	/* power-on delay */
 	if (param == MEMSTICK_POWER && value == MEMSTICK_POWER_ON)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 117/140] arm64: swp emulation: bound LL/SC retries before rescheduling
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (107 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 116/140] memstick: rtsx_usb_ms: Manage runtime PM when accessing the device Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 118/140] arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y Greg Kroah-Hartman
                     ` (25 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Rutland, Will Deacon

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Will Deacon <will.deacon@arm.com>

commit 1c5b51dfb7b4564008e0cadec5381a69e88b0d21 upstream.

If a CPU does not implement a global monitor for certain memory types,
then userspace can attempt a kernel DoS by issuing SWP instructions
targetting the problematic memory (for example, a framebuffer mapped
with non-cacheable attributes).

The SWP emulation code protects against these sorts of attacks by
checking for pending signals and potentially rescheduling when the STXR
instruction fails during the emulation. Whilst this is good for avoiding
livelock, it harms emulation of legitimate SWP instructions on CPUs
where forward progress is not guaranteed if there are memory accesses to
the same reservation granule (up to 2k) between the failing STXR and
the retry of the LDXR.

This patch solves the problem by retrying the STXR a bounded number of
times (4) before breaking out of the LL/SC loop and looking for
something else to do.

Fixes: bd35a4adc413 ("arm64: Port SWP/SWPB emulation support from arm")
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/armv8_deprecated.c |   36 +++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -280,35 +280,43 @@ static void __init register_insn_emulati
 /*
  * Error-checking SWP macros implemented using ldxr{b}/stxr{b}
  */
-#define __user_swpX_asm(data, addr, res, temp, B)		\
+
+/* Arbitrary constant to ensure forward-progress of the LL/SC loop */
+#define __SWP_LL_SC_LOOPS	4
+
+#define __user_swpX_asm(data, addr, res, temp, temp2, B)	\
 	__asm__ __volatile__(					\
+	"	mov		%w3, %w7\n"			\
 	ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_HAS_PAN,	\
 		    CONFIG_ARM64_PAN)				\
-	"0:	ldxr"B"		%w2, [%3]\n"			\
-	"1:	stxr"B"		%w0, %w1, [%3]\n"		\
+	"0:	ldxr"B"		%w2, [%4]\n"			\
+	"1:	stxr"B"		%w0, %w1, [%4]\n"		\
 	"	cbz		%w0, 2f\n"			\
-	"	mov		%w0, %w4\n"			\
+	"	sub		%w3, %w3, #1\n"			\
+	"	cbnz		%w3, 0b\n"			\
+	"	mov		%w0, %w5\n"			\
 	"	b		3f\n"				\
 	"2:\n"							\
 	"	mov		%w1, %w2\n"			\
 	"3:\n"							\
 	"	.pushsection	 .fixup,\"ax\"\n"		\
 	"	.align		2\n"				\
-	"4:	mov		%w0, %w5\n"			\
+	"4:	mov		%w0, %w6\n"			\
 	"	b		3b\n"				\
 	"	.popsection"					\
 	_ASM_EXTABLE(0b, 4b)					\
 	_ASM_EXTABLE(1b, 4b)					\
 	ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_HAS_PAN,	\
 		CONFIG_ARM64_PAN)				\
-	: "=&r" (res), "+r" (data), "=&r" (temp)		\
-	: "r" (addr), "i" (-EAGAIN), "i" (-EFAULT)		\
+	: "=&r" (res), "+r" (data), "=&r" (temp), "=&r" (temp2)	\
+	: "r" (addr), "i" (-EAGAIN), "i" (-EFAULT),		\
+	  "i" (__SWP_LL_SC_LOOPS)				\
 	: "memory")
 
-#define __user_swp_asm(data, addr, res, temp) \
-	__user_swpX_asm(data, addr, res, temp, "")
-#define __user_swpb_asm(data, addr, res, temp) \
-	__user_swpX_asm(data, addr, res, temp, "b")
+#define __user_swp_asm(data, addr, res, temp, temp2) \
+	__user_swpX_asm(data, addr, res, temp, temp2, "")
+#define __user_swpb_asm(data, addr, res, temp, temp2) \
+	__user_swpX_asm(data, addr, res, temp, temp2, "b")
 
 /*
  * Bit 22 of the instruction encoding distinguishes between
@@ -328,12 +336,12 @@ static int emulate_swpX(unsigned int add
 	}
 
 	while (1) {
-		unsigned long temp;
+		unsigned long temp, temp2;
 
 		if (type == TYPE_SWPB)
-			__user_swpb_asm(*data, address, res, temp);
+			__user_swpb_asm(*data, address, res, temp, temp2);
 		else
-			__user_swp_asm(*data, address, res, temp);
+			__user_swp_asm(*data, address, res, temp, temp2);
 
 		if (likely(res != -EAGAIN) || signal_pending(current))
 			break;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 118/140] arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (108 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 117/140] arm64: swp emulation: bound LL/SC retries before rescheduling Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:22   ` [PATCH 4.8 119/140] arm64: percpu: rewrite ll/sc loops in assembly Greg Kroah-Hartman
                     ` (24 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Timur Tabi, Ard Biesheuvel, Will Deacon

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

commit 9c0e83c371cf4696926c95f9c8c77cd6ea803426 upstream.

As it turns out, the KASLR code breaks CONFIG_MODVERSIONS, since the
kcrctab has an absolute address field that is relocated at runtime
when the kernel offset is randomized.

This has been fixed already for PowerPC in the past, so simply wire up
the existing code dealing with this issue.

Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
Tested-by: Timur Tabi <timur@codeaurora.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/module.h |    5 +++++
 1 file changed, 5 insertions(+)

--- a/arch/arm64/include/asm/module.h
+++ b/arch/arm64/include/asm/module.h
@@ -17,6 +17,7 @@
 #define __ASM_MODULE_H
 
 #include <asm-generic/module.h>
+#include <asm/memory.h>
 
 #define MODULE_ARCH_VERMAGIC	"aarch64"
 
@@ -32,6 +33,10 @@ u64 module_emit_plt_entry(struct module
 			  Elf64_Sym *sym);
 
 #ifdef CONFIG_RANDOMIZE_BASE
+#ifdef CONFIG_MODVERSIONS
+#define ARCH_RELOCATES_KCRCTAB
+#define reloc_start 		(kimage_vaddr - KIMAGE_VADDR)
+#endif
 extern u64 module_alloc_base;
 #else
 #define module_alloc_base	((u64)_etext - MODULES_VSIZE)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 119/140] arm64: percpu: rewrite ll/sc loops in assembly
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (109 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 118/140] arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y Greg Kroah-Hartman
@ 2016-10-26 12:22   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 120/140] arm64: kernel: Init MDCR_EL2 even in the absence of a PMU Greg Kroah-Hartman
                     ` (23 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Rutland, Will Deacon

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Will Deacon <will.deacon@arm.com>

commit 1e6e57d9b34a9075d5f9e2048ea7b09756590d11 upstream.

Writing the outer loop of an LL/SC sequence using do {...} while
constructs potentially allows the compiler to hoist memory accesses
between the STXR and the branch back to the LDXR. On CPUs that do not
guarantee forward progress of LL/SC loops when faced with memory
accesses to the same ERG (up to 2k) between the failed STXR and the
branch back, we may end up livelocking.

This patch avoids this issue in our percpu atomics by rewriting the
outer loop as part of the LL/SC inline assembly block.

Fixes: f97fc810798c ("arm64: percpu: Implement this_cpu operations")
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/percpu.h |  120 ++++++++++++++++++----------------------
 1 file changed, 56 insertions(+), 64 deletions(-)

--- a/arch/arm64/include/asm/percpu.h
+++ b/arch/arm64/include/asm/percpu.h
@@ -44,48 +44,44 @@ static inline unsigned long __percpu_##o
 									\
 	switch (size) {							\
 	case 1:								\
-		do {							\
-			asm ("//__per_cpu_" #op "_1\n"			\
-			"ldxrb	  %w[ret], %[ptr]\n"			\
+		asm ("//__per_cpu_" #op "_1\n"				\
+		"1:	ldxrb	  %w[ret], %[ptr]\n"			\
 			#asm_op " %w[ret], %w[ret], %w[val]\n"		\
-			"stxrb	  %w[loop], %w[ret], %[ptr]\n"		\
-			: [loop] "=&r" (loop), [ret] "=&r" (ret),	\
-			  [ptr] "+Q"(*(u8 *)ptr)			\
-			: [val] "Ir" (val));				\
-		} while (loop);						\
+		"	stxrb	  %w[loop], %w[ret], %[ptr]\n"		\
+		"	cbnz	  %w[loop], 1b"				\
+		: [loop] "=&r" (loop), [ret] "=&r" (ret),		\
+		  [ptr] "+Q"(*(u8 *)ptr)				\
+		: [val] "Ir" (val));					\
 		break;							\
 	case 2:								\
-		do {							\
-			asm ("//__per_cpu_" #op "_2\n"			\
-			"ldxrh	  %w[ret], %[ptr]\n"			\
+		asm ("//__per_cpu_" #op "_2\n"				\
+		"1:	ldxrh	  %w[ret], %[ptr]\n"			\
 			#asm_op " %w[ret], %w[ret], %w[val]\n"		\
-			"stxrh	  %w[loop], %w[ret], %[ptr]\n"		\
-			: [loop] "=&r" (loop), [ret] "=&r" (ret),	\
-			  [ptr]  "+Q"(*(u16 *)ptr)			\
-			: [val] "Ir" (val));				\
-		} while (loop);						\
+		"	stxrh	  %w[loop], %w[ret], %[ptr]\n"		\
+		"	cbnz	  %w[loop], 1b"				\
+		: [loop] "=&r" (loop), [ret] "=&r" (ret),		\
+		  [ptr]  "+Q"(*(u16 *)ptr)				\
+		: [val] "Ir" (val));					\
 		break;							\
 	case 4:								\
-		do {							\
-			asm ("//__per_cpu_" #op "_4\n"			\
-			"ldxr	  %w[ret], %[ptr]\n"			\
+		asm ("//__per_cpu_" #op "_4\n"				\
+		"1:	ldxr	  %w[ret], %[ptr]\n"			\
 			#asm_op " %w[ret], %w[ret], %w[val]\n"		\
-			"stxr	  %w[loop], %w[ret], %[ptr]\n"		\
-			: [loop] "=&r" (loop), [ret] "=&r" (ret),	\
-			  [ptr] "+Q"(*(u32 *)ptr)			\
-			: [val] "Ir" (val));				\
-		} while (loop);						\
+		"	stxr	  %w[loop], %w[ret], %[ptr]\n"		\
+		"	cbnz	  %w[loop], 1b"				\
+		: [loop] "=&r" (loop), [ret] "=&r" (ret),		\
+		  [ptr] "+Q"(*(u32 *)ptr)				\
+		: [val] "Ir" (val));					\
 		break;							\
 	case 8:								\
-		do {							\
-			asm ("//__per_cpu_" #op "_8\n"			\
-			"ldxr	  %[ret], %[ptr]\n"			\
+		asm ("//__per_cpu_" #op "_8\n"				\
+		"1:	ldxr	  %[ret], %[ptr]\n"			\
 			#asm_op " %[ret], %[ret], %[val]\n"		\
-			"stxr	  %w[loop], %[ret], %[ptr]\n"		\
-			: [loop] "=&r" (loop), [ret] "=&r" (ret),	\
-			  [ptr] "+Q"(*(u64 *)ptr)			\
-			: [val] "Ir" (val));				\
-		} while (loop);						\
+		"	stxr	  %w[loop], %[ret], %[ptr]\n"		\
+		"	cbnz	  %w[loop], 1b"				\
+		: [loop] "=&r" (loop), [ret] "=&r" (ret),		\
+		  [ptr] "+Q"(*(u64 *)ptr)				\
+		: [val] "Ir" (val));					\
 		break;							\
 	default:							\
 		BUILD_BUG();						\
@@ -150,44 +146,40 @@ static inline unsigned long __percpu_xch
 
 	switch (size) {
 	case 1:
-		do {
-			asm ("//__percpu_xchg_1\n"
-			"ldxrb %w[ret], %[ptr]\n"
-			"stxrb %w[loop], %w[val], %[ptr]\n"
-			: [loop] "=&r"(loop), [ret] "=&r"(ret),
-			  [ptr] "+Q"(*(u8 *)ptr)
-			: [val] "r" (val));
-		} while (loop);
+		asm ("//__percpu_xchg_1\n"
+		"1:	ldxrb	%w[ret], %[ptr]\n"
+		"	stxrb	%w[loop], %w[val], %[ptr]\n"
+		"	cbnz	%w[loop], 1b"
+		: [loop] "=&r"(loop), [ret] "=&r"(ret),
+		  [ptr] "+Q"(*(u8 *)ptr)
+		: [val] "r" (val));
 		break;
 	case 2:
-		do {
-			asm ("//__percpu_xchg_2\n"
-			"ldxrh %w[ret], %[ptr]\n"
-			"stxrh %w[loop], %w[val], %[ptr]\n"
-			: [loop] "=&r"(loop), [ret] "=&r"(ret),
-			  [ptr] "+Q"(*(u16 *)ptr)
-			: [val] "r" (val));
-		} while (loop);
+		asm ("//__percpu_xchg_2\n"
+		"1:	ldxrh	%w[ret], %[ptr]\n"
+		"	stxrh	%w[loop], %w[val], %[ptr]\n"
+		"	cbnz	%w[loop], 1b"
+		: [loop] "=&r"(loop), [ret] "=&r"(ret),
+		  [ptr] "+Q"(*(u16 *)ptr)
+		: [val] "r" (val));
 		break;
 	case 4:
-		do {
-			asm ("//__percpu_xchg_4\n"
-			"ldxr %w[ret], %[ptr]\n"
-			"stxr %w[loop], %w[val], %[ptr]\n"
-			: [loop] "=&r"(loop), [ret] "=&r"(ret),
-			  [ptr] "+Q"(*(u32 *)ptr)
-			: [val] "r" (val));
-		} while (loop);
+		asm ("//__percpu_xchg_4\n"
+		"1:	ldxr	%w[ret], %[ptr]\n"
+		"	stxr	%w[loop], %w[val], %[ptr]\n"
+		"	cbnz	%w[loop], 1b"
+		: [loop] "=&r"(loop), [ret] "=&r"(ret),
+		  [ptr] "+Q"(*(u32 *)ptr)
+		: [val] "r" (val));
 		break;
 	case 8:
-		do {
-			asm ("//__percpu_xchg_8\n"
-			"ldxr %[ret], %[ptr]\n"
-			"stxr %w[loop], %[val], %[ptr]\n"
-			: [loop] "=&r"(loop), [ret] "=&r"(ret),
-			  [ptr] "+Q"(*(u64 *)ptr)
-			: [val] "r" (val));
-		} while (loop);
+		asm ("//__percpu_xchg_8\n"
+		"1:	ldxr	%[ret], %[ptr]\n"
+		"	stxr	%w[loop], %[val], %[ptr]\n"
+		"	cbnz	%w[loop], 1b"
+		: [loop] "=&r"(loop), [ret] "=&r"(ret),
+		  [ptr] "+Q"(*(u64 *)ptr)
+		: [val] "r" (val));
 		break;
 	default:
 		BUILD_BUG();

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 120/140] arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (110 preceding siblings ...)
  2016-10-26 12:22   ` [PATCH 4.8 119/140] arm64: percpu: rewrite ll/sc loops in assembly Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 121/140] arm64: Cortex-A53 errata workaround: check for kernel addresses Greg Kroah-Hartman
                     ` (22 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lorenzo Pieralisi, Will Deacon, Marc Zyngier

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marc Zyngier <marc.zyngier@arm.com>

commit 850540351bb1a4fa5f192e5ce55b89928cc57f42 upstream.

Commit f436b2ac90a0 ("arm64: kernel: fix architected PMU registers
unconditional access") made sure we wouldn't access unimplemented
PMU registers, but also left MDCR_EL2 uninitialized in that case,
leading to trap bits being potentially left set.

Make sure we always write something in that register.

Fixes: f436b2ac90a0 ("arm64: kernel: fix architected PMU registers unconditional access")
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/head.S |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -578,8 +578,9 @@ CPU_LE(	movk	x0, #0x30d0, lsl #16	)	// C
 	b.lt	4f				// Skip if no PMU present
 	mrs	x0, pmcr_el0			// Disable debug access traps
 	ubfx	x0, x0, #11, #5			// to EL2 and allow access to
-	msr	mdcr_el2, x0			// all PMU counters from EL1
 4:
+	csel	x0, xzr, x0, lt			// all PMU counters from EL1
+	msr	mdcr_el2, x0			// (if they exist)
 
 	/* Stage-2 translation */
 	msr	vttbr_el2, xzr

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 121/140] arm64: Cortex-A53 errata workaround: check for kernel addresses
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (111 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 120/140] arm64: kernel: Init MDCR_EL2 even in the absence of a PMU Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 122/140] arm64: KVM: Take S1 walks into account when determining S2 write faults Greg Kroah-Hartman
                     ` (21 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kristina Martsenko, Andre Przywara,
	Will Deacon

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andre Przywara <andre.przywara@arm.com>

commit 87261d19046aeaeed8eb3d2793fde850ae1b5c9e upstream.

Commit 7dd01aef0557 ("arm64: trap userspace "dc cvau" cache operation on
errata-affected core") adds code to execute cache maintenance instructions
in the kernel on behalf of userland on CPUs with certain ARM CPU errata.
It turns out that the address hasn't been checked to be a valid user
space address, allowing userland to clean cache lines in kernel space.
Fix this by introducing an address check before executing the
instructions on behalf of userland.

Since the address doesn't come via a syscall parameter, we can't just
reject tagged pointers and instead have to remove the tag when checking
against the user address limit.

Fixes: 7dd01aef0557 ("arm64: trap userspace "dc cvau" cache operation on errata-affected core")
Reported-by: Kristina Martsenko <kristina.martsenko@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
[will: rework commit message + replace access_ok with max_user_addr()]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/uaccess.h |    8 ++++++++
 arch/arm64/kernel/traps.c        |   27 +++++++++++++++------------
 2 files changed, 23 insertions(+), 12 deletions(-)

--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -21,6 +21,7 @@
 /*
  * User space memory access functions
  */
+#include <linux/bitops.h>
 #include <linux/kasan-checks.h>
 #include <linux/string.h>
 #include <linux/thread_info.h>
@@ -102,6 +103,13 @@ static inline void set_fs(mm_segment_t f
 	flag;								\
 })
 
+/*
+ * When dealing with data aborts or instruction traps we may end up with
+ * a tagged userland pointer. Clear the tag to get a sane pointer to pass
+ * on to access_ok(), for instance.
+ */
+#define untagged_addr(addr)		sign_extend64(addr, 55)
+
 #define access_ok(type, addr, size)	__range_ok(addr, size)
 #define user_addr_max			get_fs
 
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -434,18 +434,21 @@ void cpu_enable_cache_maint_trap(void *_
 }
 
 #define __user_cache_maint(insn, address, res)			\
-	asm volatile (						\
-		"1:	" insn ", %1\n"				\
-		"	mov	%w0, #0\n"			\
-		"2:\n"						\
-		"	.pushsection .fixup,\"ax\"\n"		\
-		"	.align	2\n"				\
-		"3:	mov	%w0, %w2\n"			\
-		"	b	2b\n"				\
-		"	.popsection\n"				\
-		_ASM_EXTABLE(1b, 3b)				\
-		: "=r" (res)					\
-		: "r" (address), "i" (-EFAULT) )
+	if (untagged_addr(address) >= user_addr_max())		\
+		res = -EFAULT;					\
+	else							\
+		asm volatile (					\
+			"1:	" insn ", %1\n"			\
+			"	mov	%w0, #0\n"		\
+			"2:\n"					\
+			"	.pushsection .fixup,\"ax\"\n"	\
+			"	.align	2\n"			\
+			"3:	mov	%w0, %w2\n"		\
+			"	b	2b\n"			\
+			"	.popsection\n"			\
+			_ASM_EXTABLE(1b, 3b)			\
+			: "=r" (res)				\
+			: "r" (address), "i" (-EFAULT) )
 
 asmlinkage void __exception do_sysinstr(unsigned int esr, struct pt_regs *regs)
 {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 122/140] arm64: KVM: Take S1 walks into account when determining S2 write faults
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (112 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 121/140] arm64: Cortex-A53 errata workaround: check for kernel addresses Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 123/140] ceph: fix error handling in ceph_read_iter Greg Kroah-Hartman
                     ` (20 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Julien Grall, Marc Zyngier,
	Christoffer Dall, Will Deacon

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Will Deacon <will.deacon@arm.com>

commit 60e21a0ef54cd836b9eb22c7cb396989b5b11648 upstream.

The WnR bit in the HSR/ESR_EL2 indicates whether a data abort was
generated by a read or a write instruction. For stage 2 data aborts
generated by a stage 1 translation table walk (i.e. the actual page
table access faults at EL2), the WnR bit therefore reports whether the
instruction generating the walk was a load or a store, *not* whether the
page table walker was reading or writing the entry.

For page tables marked as read-only at stage 2 (e.g. due to KSM merging
them with the tables from another guest), this could result in livelock,
where a page table walk generated by a load instruction attempts to
set the access flag in the stage 1 descriptor, but fails to trigger
CoW in the host since only a read fault is reported.

This patch modifies the arm64 kvm_vcpu_dabt_iswrite function to
take into account stage 2 faults in stage 1 walks. Since DBM cannot be
disabled at EL2 for CPUs that implement it, we assume that these faults
are always causes by writes, avoiding the livelock situation at the
expense of occasional, spurious CoWs.

We could, in theory, do a bit better by checking the guest TCR
configuration and inspecting the page table to see why the PTE faulted.
However, I doubt this is measurable in practice, and the threat of
livelock is real.

Cc: Julien Grall <julien.grall@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/kvm_emulate.h |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -167,11 +167,6 @@ static inline bool kvm_vcpu_dabt_isvalid
 	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_ISV);
 }
 
-static inline bool kvm_vcpu_dabt_iswrite(const struct kvm_vcpu *vcpu)
-{
-	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_WNR);
-}
-
 static inline bool kvm_vcpu_dabt_issext(const struct kvm_vcpu *vcpu)
 {
 	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SSE);
@@ -192,6 +187,12 @@ static inline bool kvm_vcpu_dabt_iss1tw(
 	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_S1PTW);
 }
 
+static inline bool kvm_vcpu_dabt_iswrite(const struct kvm_vcpu *vcpu)
+{
+	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_WNR) ||
+		kvm_vcpu_dabt_iss1tw(vcpu); /* AF/DBM update */
+}
+
 static inline bool kvm_vcpu_dabt_is_cm(const struct kvm_vcpu *vcpu)
 {
 	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_CM);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 123/140] ceph: fix error handling in ceph_read_iter
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (113 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 122/140] arm64: KVM: Take S1 walks into account when determining S2 write faults Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 124/140] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Greg Kroah-Hartman
                     ` (19 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Yan, Zheng, Ilya Dryomov

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nikolay Borisov <kernel@kyup.com>

commit 0d7718f666be181fda1ba2d08f137d87c1419347 upstream.

In case __ceph_do_getattr returns an error and the retry_op in
ceph_read_iter is not READ_INLINE, then it's possible to invoke
__free_page on a page which is NULL, this naturally leads to a crash.
This can happen when, for example, a process waiting on a MDS reply
receives sigterm.

Fix this by explicitly checking whether the page is set or not.

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ceph/file.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1272,7 +1272,8 @@ again:
 		statret = __ceph_do_getattr(inode, page,
 					    CEPH_STAT_CAP_INLINE_DATA, !!page);
 		if (statret < 0) {
-			 __free_page(page);
+			if (page)
+				__free_page(page);
 			if (statret == -ENODATA) {
 				BUG_ON(retry_op != READ_INLINE);
 				goto again;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 124/140] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (114 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 123/140] ceph: fix error handling in ceph_read_iter Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 125/140] mmc: core: Annotate cmd_hdr as __le32 Greg Kroah-Hartman
                     ` (18 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Frederic Barrat, Ian Munsie,
	Michael Ellerman

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Frederic Barrat <fbarrat@linux.vnet.ibm.com>

commit d2cf909cda5f8c5609cb7ed6cda816c3e15528c7 upstream.

If a cxl adapter faults on an invalid address for a kernel context, we
may enter copro_calculate_slb() with a NULL mm pointer (kernel
context) and an effective address which looks like a user
address. Which will cause a crash when dereferencing mm. It is clearly
an AFU bug, but there's no reason to crash either. So return an error,
so that cxl can ack the interrupt with an address error.

Fixes: 73d16a6e0e51 ("powerpc/cell: Move data segment faulting code out of cell platform")
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/mm/copro_fault.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/powerpc/mm/copro_fault.c
+++ b/arch/powerpc/mm/copro_fault.c
@@ -106,6 +106,8 @@ int copro_calculate_slb(struct mm_struct
 	switch (REGION_ID(ea)) {
 	case USER_REGION_ID:
 		pr_devel("%s: 0x%llx -- USER_REGION_ID\n", __func__, ea);
+		if (mm == NULL)
+			return 1;
 		psize = get_slice_psize(mm, ea);
 		ssize = user_segment_size(ea);
 		vsid = get_vsid(mm->context.id, ea, ssize);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 125/140] mmc: core: Annotate cmd_hdr as __le32
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (115 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 124/140] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 126/140] mmc: core: switch to 1V8 or 1V2 for hs400es mode Greg Kroah-Hartman
                     ` (17 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jiri Slaby <jslaby@suse.cz>

commit 3f2d26643595973e835e8356ea90c7c15cb1b0f1 upstream.

Commit f68381a70bb2 (mmc: block: fix packed command header endianness)
correctly fixed endianness handling of packed_cmd_hdr in
mmc_blk_packed_hdr_wrq_prep.

But now, sparse complains about incorrect types:
drivers/mmc/card/block.c:1613:27: sparse: incorrect type in assignment (different base types)
drivers/mmc/card/block.c:1613:27:    expected unsigned int [unsigned] [usertype] <noident>
drivers/mmc/card/block.c:1613:27:    got restricted __le32 [usertype] <noident>
...

So annotate cmd_hdr properly using __le32 to make everyone happy.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Fixes: f68381a70bb2 (mmc: block: fix packed command header endianness)
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/card/block.c |    2 +-
 drivers/mmc/card/queue.h |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -1778,7 +1778,7 @@ static void mmc_blk_packed_hdr_wrq_prep(
 	struct mmc_blk_data *md = mq->data;
 	struct mmc_packed *packed = mqrq->packed;
 	bool do_rel_wr, do_data_tag;
-	u32 *packed_cmd_hdr;
+	__le32 *packed_cmd_hdr;
 	u8 hdr_blocks;
 	u8 i = 1;
 
--- a/drivers/mmc/card/queue.h
+++ b/drivers/mmc/card/queue.h
@@ -31,7 +31,7 @@ enum mmc_packed_type {
 
 struct mmc_packed {
 	struct list_head	list;
-	u32			cmd_hdr[1024];
+	__le32			cmd_hdr[1024];
 	unsigned int		blocks;
 	u8			nr_entries;
 	u8			retries;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 126/140] mmc: core: switch to 1V8 or 1V2 for hs400es mode
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (116 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 125/140] mmc: core: Annotate cmd_hdr as __le32 Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 127/140] mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused Greg Kroah-Hartman
                     ` (16 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shawn Lin, Douglas Anderson, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Shawn Lin <shawn.lin@rock-chips.com>

commit 1720d3545b772c49b2975eeb3b8f4d3f56dc2085 upstream.

When introducing hs400es, I didn't notice that we haven't
switched voltage to 1V2 or 1V8 for it. That happens to work
as the first controller claiming to support hs400es, arasan(5.1),
which is designed to only support 1V8. So the voltage is fixed to 1V8.
But it actually is wrong, and will not fit for other host controllers.
Let's fix it.

Fixes: commit 81ac2af65793ecf ("mmc: core: implement enhanced strobe support")
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/mmc.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1259,6 +1259,16 @@ static int mmc_select_hs400es(struct mmc
 		goto out_err;
 	}
 
+	if (card->mmc_avail_type & EXT_CSD_CARD_TYPE_HS400_1_2V)
+		err = __mmc_set_signal_voltage(host, MMC_SIGNAL_VOLTAGE_120);
+
+	if (err && card->mmc_avail_type & EXT_CSD_CARD_TYPE_HS400_1_8V)
+		err = __mmc_set_signal_voltage(host, MMC_SIGNAL_VOLTAGE_180);
+
+	/* If fails try again during next card power cycle */
+	if (err)
+		goto out_err;
+
 	err = mmc_select_bus_width(card);
 	if (err < 0)
 		goto out_err;

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 127/140] mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (117 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 126/140] mmc: core: switch to 1V8 or 1V2 for hs400es mode Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 128/140] mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led Greg Kroah-Hartman
                     ` (15 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ritesh Raj Sarraf, Alan Stern, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ulf Hansson <ulf.hansson@linaro.org>

commit 31cf742f515c275d22843c4c756e048d2b6d716c upstream.

The rtsx_usb_sdmmc driver may bail out in its ->set_ios() callback when no
SD card is inserted. This is wrong, as it could cause the device to remain
runtime resumed when it's unused. Fix this behaviour.

Tested-by: Ritesh Raj Sarraf <rrs@researchut.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/rtsx_usb_sdmmc.c |    5 -----
 1 file changed, 5 deletions(-)

--- a/drivers/mmc/host/rtsx_usb_sdmmc.c
+++ b/drivers/mmc/host/rtsx_usb_sdmmc.c
@@ -1138,11 +1138,6 @@ static void sdmmc_set_ios(struct mmc_hos
 	dev_dbg(sdmmc_dev(host), "%s\n", __func__);
 	mutex_lock(&ucr->dev_mutex);
 
-	if (rtsx_usb_card_exclusive_check(ucr, RTSX_USB_SD_CARD)) {
-		mutex_unlock(&ucr->dev_mutex);
-		return;
-	}
-
 	sd_set_power_mode(host, ios->power_mode);
 	sd_set_bus_width(host, ios->bus_width);
 	sd_set_timing(host, ios->timing, &host->ddr_mode);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 128/140] mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (118 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 127/140] mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 129/140] KVM: s390: reject invalid modes for runtime instrumentation Greg Kroah-Hartman
                     ` (14 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ritesh Raj Sarraf, Alan Stern, Ulf Hansson

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ulf Hansson <ulf.hansson@linaro.org>

commit 4f48aa7a11bfed9502a7c85a5b68cd40ea827f73 upstream.

Accesses of the rtsx sdmmc's parent device, which is the rtsx usb device,
must be done when it's runtime resumed. Currently this isn't case when
changing the led, so let's fix this by adding a pm_runtime_get_sync() and
a pm_runtime_put() around those operations.

Reported-by: Ritesh Raj Sarraf <rrs@researchut.com>
Tested-by: Ritesh Raj Sarraf <rrs@researchut.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/rtsx_usb_sdmmc.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/mmc/host/rtsx_usb_sdmmc.c
+++ b/drivers/mmc/host/rtsx_usb_sdmmc.c
@@ -1309,6 +1309,7 @@ static void rtsx_usb_update_led(struct w
 		container_of(work, struct rtsx_usb_sdmmc, led_work);
 	struct rtsx_ucr *ucr = host->ucr;
 
+	pm_runtime_get_sync(sdmmc_dev(host));
 	mutex_lock(&ucr->dev_mutex);
 
 	if (host->led.brightness == LED_OFF)
@@ -1317,6 +1318,7 @@ static void rtsx_usb_update_led(struct w
 		rtsx_usb_turn_on_led(ucr);
 
 	mutex_unlock(&ucr->dev_mutex);
+	pm_runtime_put(sdmmc_dev(host));
 }
 #endif
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 129/140] KVM: s390: reject invalid modes for runtime instrumentation
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (119 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 128/140] mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 130/140] fscrypto: make XTS tweak initialization endian-independent Greg Kroah-Hartman
                     ` (13 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Fan Zhang, Pierre Morel,
	Christian Borntraeger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christian Borntraeger <borntraeger@de.ibm.com>

commit a5efb6b6c99a3a6dc4330f51d8066f638bdea0ac upstream.

Usually a validity intercept is a programming error of the host
because of invalid entries in the state description.
We can get a validity intercept if the mode of the runtime
instrumentation control block is wrong. As the host does not know
which modes are valid, this can be used by userspace to trigger
a WARN.
Instead of printing a WARN let's return an error to userspace as
this can only happen if userspace provides a malformed initial
value (e.g. on migration). The kernel should never warn on bogus
input. Instead let's log it into the s390 debug feature.

While at it, let's return -EINVAL for all validity intercepts as
this will trigger an error in QEMU like

error: kvm run failed Invalid argument
PSW=mask 0404c00180000000 addr 000000000063c226 cc 00
R00=000000000000004f R01=0000000000000004 R02=0000000000760005 R03=000000007fe0a000
R04=000000000064ba2a R05=000000049db73dd0 R06=000000000082c4b0 R07=0000000000000041
R08=0000000000000002 R09=000003e0804042a8 R10=0000000496152c42 R11=000000007fe0afb0
[...]

This will avoid an endless loop of validity intercepts.

Fixes: c6e5f166373a ("KVM: s390: implement the RI support of guest")
Acked-by: Fan Zhang <zhangfan@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/s390/kvm/intercept.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -118,8 +118,13 @@ static int handle_validity(struct kvm_vc
 
 	vcpu->stat.exit_validity++;
 	trace_kvm_s390_intercept_validity(vcpu, viwhy);
-	WARN_ONCE(true, "kvm: unhandled validity intercept 0x%x\n", viwhy);
-	return -EOPNOTSUPP;
+	KVM_EVENT(3, "validity intercept 0x%x for pid %u (kvm 0x%pK)", viwhy,
+		  current->pid, vcpu->kvm);
+
+	/* do not warn on invalid runtime instrumentation mode */
+	WARN_ONCE(viwhy != 0x44, "kvm: unhandled validity intercept 0x%x\n",
+		  viwhy);
+	return -EINVAL;
 }
 
 static int handle_instruction(struct kvm_vcpu *vcpu)

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 130/140] fscrypto: make XTS tweak initialization endian-independent
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (120 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 129/140] KVM: s390: reject invalid modes for runtime instrumentation Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 131/140] fscrypto: lock inode while setting encryption policy Greg Kroah-Hartman
                     ` (12 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers, Theodore Tso

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Biggers <ebiggers@google.com>

commit fb4454376df9d820d95452d71dd83da6971f9338 upstream.

The XTS tweak (or IV) was initialized differently on little endian and
big endian systems.  Because the ciphertext depends on the XTS tweak, it
was not possible to use an encrypted filesystem created by a little
endian system on a big endian system and vice versa, even if they shared
the same PAGE_SIZE.  Fix this by always using little endian.

This will break hypothetical big endian users of ext4 or f2fs
encryption.  However, all users we are aware of are little endian, and
it's believed that "real" big endian users are unlikely to exist yet.
So this might as well be fixed now before it's too late.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/crypto/crypto.c |   15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -152,7 +152,10 @@ static int do_page_crypto(struct inode *
 			struct page *src_page, struct page *dest_page,
 			gfp_t gfp_flags)
 {
-	u8 xts_tweak[FS_XTS_TWEAK_SIZE];
+	struct {
+		__le64 index;
+		u8 padding[FS_XTS_TWEAK_SIZE - sizeof(__le64)];
+	} xts_tweak;
 	struct skcipher_request *req = NULL;
 	DECLARE_FS_COMPLETION_RESULT(ecr);
 	struct scatterlist dst, src;
@@ -172,17 +175,15 @@ static int do_page_crypto(struct inode *
 		req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
 		fscrypt_complete, &ecr);
 
-	BUILD_BUG_ON(FS_XTS_TWEAK_SIZE < sizeof(index));
-	memcpy(xts_tweak, &index, sizeof(index));
-	memset(&xts_tweak[sizeof(index)], 0,
-			FS_XTS_TWEAK_SIZE - sizeof(index));
+	BUILD_BUG_ON(sizeof(xts_tweak) != FS_XTS_TWEAK_SIZE);
+	xts_tweak.index = cpu_to_le64(index);
+	memset(xts_tweak.padding, 0, sizeof(xts_tweak.padding));
 
 	sg_init_table(&dst, 1);
 	sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
 	sg_init_table(&src, 1);
 	sg_set_page(&src, src_page, PAGE_SIZE, 0);
-	skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
-					xts_tweak);
+	skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE, &xts_tweak);
 	if (rw == FS_DECRYPT)
 		res = crypto_skcipher_decrypt(req);
 	else

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 131/140] fscrypto: lock inode while setting encryption policy
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (121 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 130/140] fscrypto: make XTS tweak initialization endian-independent Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 132/140] ext4: do not advertise encryption support when disabled Greg Kroah-Hartman
                     ` (11 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Biggers, Theodore Tso,
	Richard Weinberger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Biggers <ebiggers@google.com>

commit 8906a8223ad4909b391c5628f7991ebceda30e52 upstream.

i_rwsem needs to be acquired while setting an encryption policy so that
concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly
serialized (especially the ->get_context() + ->set_context() pair), and
so that new files cannot be created in the directory during or after the
->empty_dir() check.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/crypto/policy.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -109,6 +109,8 @@ int fscrypt_process_policy(struct file *
 	if (ret)
 		return ret;
 
+	inode_lock(inode);
+
 	if (!inode_has_encryption_context(inode)) {
 		if (!S_ISDIR(inode->i_mode))
 			ret = -EINVAL;
@@ -127,6 +129,8 @@ int fscrypt_process_policy(struct file *
 		ret = -EINVAL;
 	}
 
+	inode_unlock(inode);
+
 	mnt_drop_write_file(filp);
 	return ret;
 }

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 132/140] ext4: do not advertise encryption support when disabled
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (122 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 131/140] fscrypto: lock inode while setting encryption policy Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 133/140] jbd2: fix incorrect unlock on j_list_lock Greg Kroah-Hartman
                     ` (10 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers, Theodore Tso

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Biggers <ebiggers@google.com>

commit c4704a4fbe834eee4109ca064131d440941f6235 upstream.

The sysfs file /sys/fs/ext4/features/encryption was present on kernels
compiled with CONFIG_EXT4_FS_ENCRYPTION=n.  This was misleading because
such kernels do not actually support ext4 encryption.  Therefore, only
provide this file on kernels compiled with CONFIG_EXT4_FS_ENCRYPTION=y.

Note: since the ext4 feature files are all hardcoded to have a contents
of "supported", it really is the presence or absence of the file that is
significant, not the contents (and this change reflects that).

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/sysfs.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -223,14 +223,18 @@ static struct attribute *ext4_attrs[] =
 EXT4_ATTR_FEATURE(lazy_itable_init);
 EXT4_ATTR_FEATURE(batched_discard);
 EXT4_ATTR_FEATURE(meta_bg_resize);
+#ifdef CONFIG_EXT4_FS_ENCRYPTION
 EXT4_ATTR_FEATURE(encryption);
+#endif
 EXT4_ATTR_FEATURE(metadata_csum_seed);
 
 static struct attribute *ext4_feat_attrs[] = {
 	ATTR_LIST(lazy_itable_init),
 	ATTR_LIST(batched_discard),
 	ATTR_LIST(meta_bg_resize),
+#ifdef CONFIG_EXT4_FS_ENCRYPTION
 	ATTR_LIST(encryption),
+#endif
 	ATTR_LIST(metadata_csum_seed),
 	NULL,
 };

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 133/140] jbd2: fix incorrect unlock on j_list_lock
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (123 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 132/140] ext4: do not advertise encryption support when disabled Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 134/140] ubifs: Fix xattr_names length in exit paths Greg Kroah-Hartman
                     ` (9 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Taesoo Kim, Theodore Tso, Andreas Dilger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Taesoo Kim <tsgatesv@gmail.com>

commit 559cce698eaf4ccecb2213b2519ea3a0413e5155 upstream.

When 'jh->b_transaction == transaction' (asserted by below)

  J_ASSERT_JH(jh, (jh->b_transaction == transaction || ...

'journal->j_list_lock' will be incorrectly unlocked, since
the the lock is aquired only at the end of if / else-if
statements (missing the else case).

Signed-off-by: Taesoo Kim <tsgatesv@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Fixes: 6e4862a5bb9d12be87e4ea5d9a60836ebed71d28
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/jbd2/transaction.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -1149,6 +1149,7 @@ int jbd2_journal_get_create_access(handl
 		JBUFFER_TRACE(jh, "file as BJ_Reserved");
 		spin_lock(&journal->j_list_lock);
 		__jbd2_journal_file_buffer(jh, transaction, BJ_Reserved);
+		spin_unlock(&journal->j_list_lock);
 	} else if (jh->b_transaction == journal->j_committing_transaction) {
 		/* first access by this transaction */
 		jh->b_modified = 0;
@@ -1156,8 +1157,8 @@ int jbd2_journal_get_create_access(handl
 		JBUFFER_TRACE(jh, "set next transaction");
 		spin_lock(&journal->j_list_lock);
 		jh->b_next_transaction = transaction;
+		spin_unlock(&journal->j_list_lock);
 	}
-	spin_unlock(&journal->j_list_lock);
 	jbd_unlock_bh_state(bh);
 
 	/*

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 134/140] ubifs: Fix xattr_names length in exit paths
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (124 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 133/140] jbd2: fix incorrect unlock on j_list_lock Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 135/140] ubifs: Abort readdir upon error Greg Kroah-Hartman
                     ` (8 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Richard Weinberger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Richard Weinberger <richard@nod.at>

commit 843741c5778398ea67055067f4cc65ae6c80ca0e upstream.

When the operation fails we also have to undo the changes
we made to ->xattr_names. Otherwise listxattr() will report
wrong lengths.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ubifs/xattr.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -172,6 +172,7 @@ out_cancel:
 	host_ui->xattr_cnt -= 1;
 	host_ui->xattr_size -= CALC_DENT_SIZE(nm->len);
 	host_ui->xattr_size -= CALC_XATTR_BYTES(size);
+	host_ui->xattr_names -= nm->len;
 	mutex_unlock(&host_ui->ui_mutex);
 out_free:
 	make_bad_inode(inode);
@@ -476,6 +477,7 @@ out_cancel:
 	host_ui->xattr_cnt += 1;
 	host_ui->xattr_size += CALC_DENT_SIZE(nm->len);
 	host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len);
+	host_ui->xattr_names += nm->len;
 	mutex_unlock(&host_ui->ui_mutex);
 	ubifs_release_budget(c, &req);
 	make_bad_inode(inode);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 135/140] ubifs: Abort readdir upon error
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (125 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 134/140] ubifs: Fix xattr_names length in exit paths Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:40     ` Richard Weinberger
  2016-10-26 12:23   ` [PATCH 4.8 136/140] target/tcm_fc: use CPU affinity for responses Greg Kroah-Hartman
                     ` (7 subsequent siblings)
  134 siblings, 1 reply; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Richard Weinberger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Richard Weinberger <richard@nod.at>

commit c83ed4c9dbb358b9e7707486e167e940d48bfeed upstream.

If UBIFS is facing an error while walking a directory, it reports this
error and ubifs_readdir() returns the error code. But the VFS readdir
logic does not make the getdents system call fail in all cases. When the
readdir cursor indicates that more entries are present, the system call
will just return and the libc wrapper will try again since it also
knows that more entries are present.
This causes the libc wrapper to busy loop for ever when a directory is
corrupted on UBIFS.
A common approach do deal with corrupted directory entries is
skipping them by setting the cursor to the next entry. On UBIFS this
approach is not possible since we cannot compute the next directory
entry cursor position without reading the current entry. So all we can
do is setting the cursor to the "no more entries" position and make
getdents exit.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ubifs/dir.c |    8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -350,7 +350,7 @@ static unsigned int vfs_dent_type(uint8_
  */
 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
 {
-	int err;
+	int err = 0;
 	struct qstr nm;
 	union ubifs_key key;
 	struct ubifs_dent_node *dent;
@@ -452,14 +452,12 @@ out:
 	kfree(file->private_data);
 	file->private_data = NULL;
 
-	if (err != -ENOENT) {
+	if (err != -ENOENT)
 		ubifs_err(c, "cannot find next direntry, error %d", err);
-		return err;
-	}
 
 	/* 2 is a special value indicating that there are no more direntries */
 	ctx->pos = 2;
-	return 0;
+	return err;
 }
 
 /* Free saved readdir() state when the directory is closed */

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 136/140] target/tcm_fc: use CPU affinity for responses
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (126 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 135/140] ubifs: Abort readdir upon error Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 137/140] target: Re-add missing SCF_ACK_KREF assignment in v4.1.y Greg Kroah-Hartman
                     ` (6 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hannes Reinecke, Nicholas Bellinger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hannes Reinecke <hare@suse.de>

commit 1ba0158fa66b5b2c597a748f87be1650c9960ccc upstream.

The libfc stack assigns exchange IDs based on the CPU the request
was received on, so we need to send the responses via the same CPU.
Otherwise the send logic gets confuses and responses will be delayed,
causing exchange timeouts on the initiator side.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/tcm_fc/tfc_cmd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/target/tcm_fc/tfc_cmd.c
+++ b/drivers/target/tcm_fc/tfc_cmd.c
@@ -572,7 +572,7 @@ static void ft_send_work(struct work_str
 	if (target_submit_cmd(&cmd->se_cmd, cmd->sess->se_sess, fcp->fc_cdb,
 			      &cmd->ft_sense_buffer[0], scsilun_to_int(&fcp->fc_lun),
 			      ntohl(fcp->fc_dl), task_attr, data_dir,
-			      TARGET_SCF_ACK_KREF))
+			      TARGET_SCF_ACK_KREF | TARGET_SCF_USE_CPUID))
 		goto err;
 
 	pr_debug("r_ctl %x alloc target_submit_cmd\n", fh->fh_r_ctl);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 137/140] target: Re-add missing SCF_ACK_KREF assignment in v4.1.y
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (127 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 136/140] target/tcm_fc: use CPU affinity for responses Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 138/140] target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE Greg Kroah-Hartman
                     ` (5 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vaibhav Tandon, Nicholas Bellinger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@linux-iscsi.org>

commit 527268df31e57cf2b6d417198717c6d6afdb1e3e upstream.

This patch fixes a regression in >= v4.1.y code where the original
SCF_ACK_KREF assignment in target_get_sess_cmd() was dropped upstream
in commit 054922bb, but the series for addressing TMR ABORT_TASK +
LUN_RESET with fabric session reinstatement in commit febe562c20 still
depends on this code in transport_cmd_finish_abort().

The regression manifests itself as a se_cmd->cmd_kref +1 leak, where
ABORT_TASK + LUN_RESET can hang indefinately for a specific I_T session
for drivers using SCF_ACK_KREF, resulting in hung kthreads.

This patch has been verified with v4.1.y code.

Reported-by: Vaibhav Tandon <vst@datera.io>
Tested-by: Vaibhav Tandon <vst@datera.io>
Cc: Vaibhav Tandon <vst@datera.io>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/target_core_transport.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -2547,8 +2547,10 @@ int target_get_sess_cmd(struct se_cmd *s
 	 * fabric acknowledgement that requires two target_put_sess_cmd()
 	 * invocations before se_cmd descriptor release.
 	 */
-	if (ack_kref)
+	if (ack_kref) {
 		kref_get(&se_cmd->cmd_kref);
+		se_cmd->se_cmd_flags |= SCF_ACK_KREF;
+	}
 
 	spin_lock_irqsave(&se_sess->sess_cmd_lock, flags);
 	if (se_sess->sess_tearing_down) {

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 138/140] target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (128 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 137/140] target: Re-add missing SCF_ACK_KREF assignment in v4.1.y Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 139/140] target: Dont override EXTENDED_COPY xcopy_pt_cmd SCSI status code Greg Kroah-Hartman
                     ` (4 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nixon Vincent, Dinesh Israni,
	Nicholas Bellinger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@linux-iscsi.org>

commit 449a137846c84829a328757cd21fd9ca65c08519 upstream.

This patch addresses a bug where EXTENDED_COPY across multiple LUNs
results in a CHECK_CONDITION when the source + destination are not
located on the same physical node.

ESX Host environments expect sense COPY_ABORTED w/ COPY TARGET DEVICE
NOT REACHABLE to be returned when this occurs, in order to signal
fallback to local copy method.

As described in section 6.3.3 of spc4r22:

  "If it is not possible to complete processing of a segment because the
   copy manager is unable to establish communications with a copy target
   device, because the copy target device does not respond to INQUIRY,
   or because the data returned in response to INQUIRY indicates
   an unsupported logical unit, then the EXTENDED COPY command shall be
   terminated with CHECK CONDITION status, with the sense key set to
   COPY ABORTED, and the additional sense code set to COPY TARGET DEVICE
   NOT REACHABLE."

Tested on v4.1.y with ESX v5.5u2+ with BlockCopy across multiple nodes.

Reported-by: Nixon Vincent <nixon.vincent@calsoftinc.com>
Tested-by: Nixon Vincent <nixon.vincent@calsoftinc.com>
Cc: Nixon Vincent <nixon.vincent@calsoftinc.com>
Tested-by: Dinesh Israni <ddi@datera.io>
Signed-off-by: Dinesh Israni <ddi@datera.io>
Cc: Dinesh Israni <ddi@datera.io>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/target_core_transport.c |    7 +++++++
 drivers/target/target_core_xcopy.c     |   22 ++++++++++++++++------
 include/target/target_core_base.h      |    1 +
 3 files changed, 24 insertions(+), 6 deletions(-)

--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1706,6 +1706,7 @@ void transport_generic_request_failure(s
 	case TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED:
 	case TCM_LOGICAL_BLOCK_APP_TAG_CHECK_FAILED:
 	case TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED:
+	case TCM_COPY_TARGET_DEVICE_NOT_REACHABLE:
 		break;
 	case TCM_OUT_OF_RESOURCES:
 		sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
@@ -2873,6 +2874,12 @@ static const struct sense_info sense_inf
 		.ascq = 0x03, /* LOGICAL BLOCK REFERENCE TAG CHECK FAILED */
 		.add_sector_info = true,
 	},
+	[TCM_COPY_TARGET_DEVICE_NOT_REACHABLE] = {
+		.key = COPY_ABORTED,
+		.asc = 0x0d,
+		.ascq = 0x02, /* COPY TARGET DEVICE NOT REACHABLE */
+
+	},
 	[TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE] = {
 		/*
 		 * Returning ILLEGAL REQUEST would cause immediate IO errors on
--- a/drivers/target/target_core_xcopy.c
+++ b/drivers/target/target_core_xcopy.c
@@ -104,7 +104,7 @@ static int target_xcopy_locate_se_dev_e4
 	}
 	mutex_unlock(&g_device_mutex);
 
-	pr_err("Unable to locate 0xe4 descriptor for EXTENDED_COPY\n");
+	pr_debug_ratelimited("Unable to locate 0xe4 descriptor for EXTENDED_COPY\n");
 	return -EINVAL;
 }
 
@@ -185,7 +185,7 @@ static int target_xcopy_parse_tiddesc_e4
 
 static int target_xcopy_parse_target_descriptors(struct se_cmd *se_cmd,
 				struct xcopy_op *xop, unsigned char *p,
-				unsigned short tdll)
+				unsigned short tdll, sense_reason_t *sense_ret)
 {
 	struct se_device *local_dev = se_cmd->se_dev;
 	unsigned char *desc = p;
@@ -193,6 +193,8 @@ static int target_xcopy_parse_target_des
 	unsigned short start = 0;
 	bool src = true;
 
+	*sense_ret = TCM_INVALID_PARAMETER_LIST;
+
 	if (offset != 0) {
 		pr_err("XCOPY target descriptor list length is not"
 			" multiple of %d\n", XCOPY_TARGET_DESC_LEN);
@@ -243,9 +245,16 @@ static int target_xcopy_parse_target_des
 		rc = target_xcopy_locate_se_dev_e4(se_cmd, xop, true);
 	else
 		rc = target_xcopy_locate_se_dev_e4(se_cmd, xop, false);
-
-	if (rc < 0)
+	/*
+	 * If a matching IEEE NAA 0x83 descriptor for the requested device
+	 * is not located on this node, return COPY_ABORTED with ASQ/ASQC
+	 * 0x0d/0x02 - COPY_TARGET_DEVICE_NOT_REACHABLE to request the
+	 * initiator to fall back to normal copy method.
+	 */
+	if (rc < 0) {
+		*sense_ret = TCM_COPY_TARGET_DEVICE_NOT_REACHABLE;
 		goto out;
+	}
 
 	pr_debug("XCOPY TGT desc: Source dev: %p NAA IEEE WWN: 0x%16phN\n",
 		 xop->src_dev, &xop->src_tid_wwn[0]);
@@ -816,7 +825,8 @@ out:
 	xcopy_pt_undepend_remotedev(xop);
 	kfree(xop);
 
-	pr_warn("target_xcopy_do_work: Setting X-COPY CHECK_CONDITION -> sending response\n");
+	pr_warn_ratelimited("target_xcopy_do_work: rc: %d, Setting X-COPY CHECK_CONDITION"
+			    " -> sending response\n", rc);
 	ec_cmd->scsi_status = SAM_STAT_CHECK_CONDITION;
 	target_complete_cmd(ec_cmd, SAM_STAT_CHECK_CONDITION);
 }
@@ -875,7 +885,7 @@ sense_reason_t target_do_xcopy(struct se
 		" tdll: %hu sdll: %u inline_dl: %u\n", list_id, list_id_usage,
 		tdll, sdll, inline_dl);
 
-	rc = target_xcopy_parse_target_descriptors(se_cmd, xop, &p[16], tdll);
+	rc = target_xcopy_parse_target_descriptors(se_cmd, xop, &p[16], tdll, &ret);
 	if (rc <= 0)
 		goto out;
 
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -177,6 +177,7 @@ enum tcm_sense_reason_table {
 	TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED	= R(0x15),
 	TCM_LOGICAL_BLOCK_APP_TAG_CHECK_FAILED	= R(0x16),
 	TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED	= R(0x17),
+	TCM_COPY_TARGET_DEVICE_NOT_REACHABLE	= R(0x18),
 #undef R
 };
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 139/140] target: Dont override EXTENDED_COPY xcopy_pt_cmd SCSI status code
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (129 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 138/140] target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 12:23   ` [PATCH 4.8 140/140] Revert "target: Fix residual overflow handling in target_complete_cmd_with_length" Greg Kroah-Hartman
                     ` (3 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nixon Vincent, Dinesh Israni,
	Nicholas Bellinger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dinesh Israni <ddi@datera.io>

commit 926317de33998c112c5510301868ea9aa34097e2 upstream.

This patch addresses a bug where a local EXTENDED_COPY WRITE or READ
backend I/O request would always return SAM_STAT_CHECK_CONDITION,
even if underlying xcopy_pt_cmd->se_cmd generated a different
SCSI status code.

ESX host environments expect to hit SAM_STAT_RESERVATION_CONFLICT
for certain scenarios, and SAM_STAT_CHECK_CONDITION results in
non-retriable status for these cases.

Tested on v4.1.y with ESX v5.5u2+ with local IBLOCK backend copy.

Reported-by: Nixon Vincent <nixon.vincent@calsoftinc.com>
Tested-by: Nixon Vincent <nixon.vincent@calsoftinc.com>
Cc: Nixon Vincent <nixon.vincent@calsoftinc.com>
Tested-by: Dinesh Israni <ddi@datera.io>
Signed-off-by: Dinesh Israni <ddi@datera.io>
Cc: Dinesh Israni <ddi@datera.io>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/target_core_xcopy.c |   16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

--- a/drivers/target/target_core_xcopy.c
+++ b/drivers/target/target_core_xcopy.c
@@ -662,6 +662,7 @@ static int target_xcopy_read_source(
 	rc = target_xcopy_setup_pt_cmd(xpt_cmd, xop, src_dev, &cdb[0],
 				remote_port, true);
 	if (rc < 0) {
+		ec_cmd->scsi_status = xpt_cmd->se_cmd.scsi_status;
 		transport_generic_free_cmd(se_cmd, 0);
 		return rc;
 	}
@@ -673,6 +674,7 @@ static int target_xcopy_read_source(
 
 	rc = target_xcopy_issue_pt_cmd(xpt_cmd);
 	if (rc < 0) {
+		ec_cmd->scsi_status = xpt_cmd->se_cmd.scsi_status;
 		transport_generic_free_cmd(se_cmd, 0);
 		return rc;
 	}
@@ -723,6 +725,7 @@ static int target_xcopy_write_destinatio
 				remote_port, false);
 	if (rc < 0) {
 		struct se_cmd *src_cmd = &xop->src_pt_cmd->se_cmd;
+		ec_cmd->scsi_status = xpt_cmd->se_cmd.scsi_status;
 		/*
 		 * If the failure happened before the t_mem_list hand-off in
 		 * target_xcopy_setup_pt_cmd(), Reset memory + clear flag so that
@@ -738,6 +741,7 @@ static int target_xcopy_write_destinatio
 
 	rc = target_xcopy_issue_pt_cmd(xpt_cmd);
 	if (rc < 0) {
+		ec_cmd->scsi_status = xpt_cmd->se_cmd.scsi_status;
 		se_cmd->se_cmd_flags &= ~SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC;
 		transport_generic_free_cmd(se_cmd, 0);
 		return rc;
@@ -824,10 +828,14 @@ static void target_xcopy_do_work(struct
 out:
 	xcopy_pt_undepend_remotedev(xop);
 	kfree(xop);
-
-	pr_warn_ratelimited("target_xcopy_do_work: rc: %d, Setting X-COPY CHECK_CONDITION"
-			    " -> sending response\n", rc);
-	ec_cmd->scsi_status = SAM_STAT_CHECK_CONDITION;
+	/*
+	 * Don't override an error scsi status if it has already been set
+	 */
+	if (ec_cmd->scsi_status == SAM_STAT_GOOD) {
+		pr_warn_ratelimited("target_xcopy_do_work: rc: %d, Setting X-COPY"
+			" CHECK_CONDITION -> sending response\n", rc);
+		ec_cmd->scsi_status = SAM_STAT_CHECK_CONDITION;
+	}
 	target_complete_cmd(ec_cmd, SAM_STAT_CHECK_CONDITION);
 }
 

^ permalink raw reply	[flat|nested] 140+ messages in thread

* [PATCH 4.8 140/140] Revert "target: Fix residual overflow handling in target_complete_cmd_with_length"
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (130 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 139/140] target: Dont override EXTENDED_COPY xcopy_pt_cmd SCSI status code Greg Kroah-Hartman
@ 2016-10-26 12:23   ` Greg Kroah-Hartman
  2016-10-26 18:44   ` [PATCH 4.8 000/140] 4.8.5-stable review Shuah Khan
                     ` (2 subsequent siblings)
  134 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 12:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Douglas Gilbert, Martin K. Petersen,
	Sumit Rai, Nicholas Bellinger

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@linux-iscsi.org>

commit 61f36166c245e563c7a2b624f4c78c5ce0f680d6 upstream.

This reverts commit c1ccbfe0311e2380a6d2dcb0714b36904f5d586f.

Reverting this patch, as it incorrectly assumes the additional length
for INQUIRY in target_complete_cmd_with_length() is SCSI allocation
length, which breaks existing user-space code when SCSI allocation
length is smaller than additional length.

  root@scsi-mq:~# sg_inq --len=4 -vvvv /dev/sdb
  found bsg_major=253
  open /dev/sdb with flags=0x800
      inquiry cdb: 12 00 00 00 04 00
        duration=0 ms
      inquiry: pass-through requested 4 bytes (data-in) but got -28 bytes
      inquiry: pass-through can't get negative bytes, say it got none
      inquiry: got too few bytes (0)
  INQUIRY resid (32) should never exceed requested len=4
      inquiry: failed requesting 4 byte response: Malformed response to
               SCSI command [resid=32]

AFAICT the original change was not to address a specific host issue,
so go ahead and revert to original logic for now.

Cc: Douglas Gilbert <dgilbert@interlog.com>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Sumit Rai <sumitrai96@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/target_core_transport.c |   16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -754,15 +754,7 @@ EXPORT_SYMBOL(target_complete_cmd);
 
 void target_complete_cmd_with_length(struct se_cmd *cmd, u8 scsi_status, int length)
 {
-	if (scsi_status != SAM_STAT_GOOD) {
-		return;
-	}
-
-	/*
-	 * Calculate new residual count based upon length of SCSI data
-	 * transferred.
-	 */
-	if (length < cmd->data_length) {
+	if (scsi_status == SAM_STAT_GOOD && length < cmd->data_length) {
 		if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) {
 			cmd->residual_count += cmd->data_length - length;
 		} else {
@@ -771,12 +763,6 @@ void target_complete_cmd_with_length(str
 		}
 
 		cmd->data_length = length;
-	} else if (length > cmd->data_length) {
-		cmd->se_cmd_flags |= SCF_OVERFLOW_BIT;
-		cmd->residual_count = length - cmd->data_length;
-	} else {
-		cmd->se_cmd_flags &= ~(SCF_OVERFLOW_BIT | SCF_UNDERFLOW_BIT);
-		cmd->residual_count = 0;
 	}
 
 	target_complete_cmd(cmd, scsi_status);

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 135/140] ubifs: Abort readdir upon error
  2016-10-26 12:23   ` [PATCH 4.8 135/140] ubifs: Abort readdir upon error Greg Kroah-Hartman
@ 2016-10-26 12:40     ` Richard Weinberger
  2016-10-26 13:16       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 140+ messages in thread
From: Richard Weinberger @ 2016-10-26 12:40 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: stable

Greg,

On 26.10.2016 14:23, Greg Kroah-Hartman wrote:
> 4.8-stable review patch.  If anyone has any objections, please let me know.

This stable patch is buggy and needs a fixup patch.
Can you please hold back this patch until the fix is mainline?
Should be 4.9-rc3.

Thanks,
//richard

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 135/140] ubifs: Abort readdir upon error
  2016-10-26 12:40     ` Richard Weinberger
@ 2016-10-26 13:16       ` Greg Kroah-Hartman
  0 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-26 13:16 UTC (permalink / raw)
  To: Richard Weinberger; +Cc: linux-kernel, stable

On Wed, Oct 26, 2016 at 02:40:36PM +0200, Richard Weinberger wrote:
> Greg,
> 
> On 26.10.2016 14:23, Greg Kroah-Hartman wrote:
> > 4.8-stable review patch.  If anyone has any objections, please let me know.
> 
> This stable patch is buggy and needs a fixup patch.
> Can you please hold back this patch until the fix is mainline?
> Should be 4.9-rc3.

Ok, now moved to the next round after this one.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 000/140] 4.8.5-stable review
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (131 preceding siblings ...)
  2016-10-26 12:23   ` [PATCH 4.8 140/140] Revert "target: Fix residual overflow handling in target_complete_cmd_with_length" Greg Kroah-Hartman
@ 2016-10-26 18:44   ` Shuah Khan
  2016-10-27  5:15     ` Greg Kroah-Hartman
  2016-10-26 21:49   ` Guenter Roeck
       [not found]   ` <5811acdd.4336c20a.fcad1.2674@mx.google.com>
  134 siblings, 1 reply; 140+ messages in thread
From: Shuah Khan @ 2016-10-26 18:44 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, stable, Shuah Khan

On 10/26/2016 06:21 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.8.5 release.
> There are 140 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri Oct 28 12:21:58 UTC 2016.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.8.5-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.8.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

-- 
Shuah Khan
Sr. Linux Kernel Developer
Open Source Innovation Group
Samsung Research America(Silicon Valley)
shuah.kh@samsung.com

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 000/140] 4.8.5-stable review
  2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
                     ` (132 preceding siblings ...)
  2016-10-26 18:44   ` [PATCH 4.8 000/140] 4.8.5-stable review Shuah Khan
@ 2016-10-26 21:49   ` Guenter Roeck
  2016-10-27  5:16     ` Greg Kroah-Hartman
       [not found]   ` <5811acdd.4336c20a.fcad1.2674@mx.google.com>
  134 siblings, 1 reply; 140+ messages in thread
From: Guenter Roeck @ 2016-10-26 21:49 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah.kh, patches, ben.hutchings, stable

On Wed, Oct 26, 2016 at 02:21:00PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.8.5 release.
> There are 140 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri Oct 28 12:21:58 UTC 2016.
> Anything received after that time might be too late.
> 

Build results:
	total: 149 pass: 149 fail: 0
Qemu test results:
	total: 113 pass: 113 fail: 0

Details are available at http://kerneltests.org/builders.

Guenter

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 000/140] 4.8.5-stable review
  2016-10-26 18:44   ` [PATCH 4.8 000/140] 4.8.5-stable review Shuah Khan
@ 2016-10-27  5:15     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-27  5:15 UTC (permalink / raw)
  To: Shuah Khan
  Cc: linux-kernel, torvalds, akpm, linux, patches, ben.hutchings, stable

On Wed, Oct 26, 2016 at 12:44:58PM -0600, Shuah Khan wrote:
> On 10/26/2016 06:21 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.8.5 release.
> > There are 140 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri Oct 28 12:21:58 UTC 2016.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.8.5-rc1.gz
> > or in the git tree and branch at:
> >   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.8.y
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> > greg k-h
> > 
> 
> Compiled and booted on my test system. No dmesg regressions.

Thanks for testing both of these and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 000/140] 4.8.5-stable review
  2016-10-26 21:49   ` Guenter Roeck
@ 2016-10-27  5:16     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-27  5:16 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: linux-kernel, torvalds, akpm, shuah.kh, patches, ben.hutchings, stable

On Wed, Oct 26, 2016 at 02:49:41PM -0700, Guenter Roeck wrote:
> On Wed, Oct 26, 2016 at 02:21:00PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.8.5 release.
> > There are 140 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri Oct 28 12:21:58 UTC 2016.
> > Anything received after that time might be too late.
> > 
> 
> Build results:
> 	total: 149 pass: 149 fail: 0
> Qemu test results:
> 	total: 113 pass: 113 fail: 0
> 
> Details are available at http://kerneltests.org/builders.

Great, thanks for testing and letting me know for both of these.

greg k-h

^ permalink raw reply	[flat|nested] 140+ messages in thread

* Re: [PATCH 4.8 000/140] 4.8.5-stable review
       [not found]   ` <5811acdd.4336c20a.fcad1.2674@mx.google.com>
@ 2016-10-27 13:04     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 140+ messages in thread
From: Greg Kroah-Hartman @ 2016-10-27 13:04 UTC (permalink / raw)
  To: kernelci.org bot
  Cc: linux-kernel, torvalds, akpm, linux, shuah.kh, patches,
	ben.hutchings, stable

On Thu, Oct 27, 2016 at 12:29:33AM -0700, kernelci.org bot wrote:
> stable-rc boot: 110 boots: 2 failed, 102 passed with 6 offline (v4.8.4-140-gc88a99a91d3e)
> 
> Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/kernel/v4.8.4-140-gc88a99a91d3e/
> Full Build Summary: https://kernelci.org/build/stable-rc/kernel/v4.8.4-140-gc88a99a91d3e/
> 
> Tree: stable-rc
> Branch: local/linux-4.8.y
> Git Describe: v4.8.4-140-gc88a99a91d3e
> Git Commit: c88a99a91d3ee65635a471133cc04a5dcbbe02eb
> Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> Tested: 27 unique boards, 11 SoC families, 24 builds out of 206
> 
> Boot Failures Detected: https://kernelci.org/boot/?v4.8.4-140-gc88a99a91d3e&fail
> 
> arm:
> 
>     multi_v7_defconfig+CONFIG_PROVE_LOCKING=y:
>         vexpress-v2p-ca15-tc1: 1 failed lab
>         vexpress-v2p-ca15_a7: 1 failed lab

This is the same error as before, so I can just ignore them, right?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 140+ messages in thread

end of thread, other threads:[~2016-10-27 14:24 UTC | newest]

Thread overview: 140+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20161026122540epcas4p46005dbdfffd52a053abab7ecf222382c@epcas4p4.samsung.com>
2016-10-26 12:21 ` [PATCH 4.8 000/140] 4.8.5-stable review Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 001/140] gpio: mpc8xxx: Correct irq handler function Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 002/140] mei: fix return value on disconnection Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 003/140] mei: me: add kaby point device ids Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 004/140] regulator: tps65910: Work around silicon erratum SWCZ010 Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 005/140] clk: imx6: initialize GPU clocks Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 006/140] clk: imx6: fix i.MX6DL clock tree to reflect reality Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 007/140] spi: spidev_test: Fix buffer overflow in unescape() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 008/140] PM / devfreq: event: remove duplicate devfreq_event_get_drvdata() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 009/140] ath10k: fix copy engine 5 destination ring stuck Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 010/140] rtlwifi: Fix missing country code for Great Britain Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 012/140] mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 013/140] PCI: Mark Atheros AR9580 to avoid bus reset Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 014/140] PCI: tegra: Fix argument order in tegra_pcie_phy_disable() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 015/140] platform: dont return 0 from platform_get_irq[_byname]() on error Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 016/140] cpufreq: ti: Use generic platdev driver Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 017/140] cpufreq: conservative: Fix next frequency selection Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 018/140] cpufreq: skip invalid entries when searching the frequency Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 019/140] cpufreq: intel_pstate: Fix unsafe HWP MSR access Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 021/140] parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 022/140] parisc: Fix self-detected CPU stall warnings on Mako machines Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 023/140] parisc: Fix kernel memory layout regarding position of __gp Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 024/140] parisc: Increase initial kernel mapping size Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 025/140] pstore/ramoops: fixup driver removal Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 027/140] pstore/ram: Use memcpy_toio instead of memcpy Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 028/140] pstore/ram: Use memcpy_fromio() to save old buffer Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 029/140] perf intel-pt: Fix snapshot overlap detection decoder errors Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 030/140] perf intel-pt: Fix estimated timestamps for cycle-accurate mode Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 031/140] perf intel-pt: Fix MTC timestamp calculation for large MTC periods Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 032/140] dm: mark request_queue dead before destroying the DM device Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 033/140] dm: return correct error code in dm_resume()s retry loop Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 034/140] dm rq: take request_queue lock while clearing QUEUE_FLAG_STOPPED Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 035/140] dm mpath: check if paths request_queue is dying in activate_path() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 036/140] dm crypt: fix crash on exit Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 037/140] powerpc/xmon: Dont use ld on 32-bit Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 038/140] powerpc/vdso64: Use double word compare on pointers Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 039/140] powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 040/140] powerpc/eeh: Null check uses of eeh_pe_bus_get Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 041/140] powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 042/140] powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 043/140] powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 044/140] powerpc/64: Fix incorrect return value from __copy_tofrom_user Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 045/140] powerpc/pseries: Fix stack corruption in htpe code Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 046/140] powerpc/mm/hash64: Fix might_have_hea() check Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 047/140] IB/srp: Fix infinite loop when FMR sg[0].offset != 0 Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 048/140] IB/core: correctly handle rdma_rw_init_mrs() failure Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 049/140] ubi: Deal with interrupted erasures in WL Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 050/140] zfcp: fix fc_host port_type with NPIV Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 051/140] zfcp: fix ELS/GS request&response length for hardware data router Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 052/140] zfcp: close window with unblocked rport during rport gone Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 053/140] zfcp: retain trace level for SCSI and HBA FSF response records Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 054/140] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 055/140] zfcp: trace on request for open and close of WKA port Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 056/140] zfcp: restore tracing of handle for port and LUN with HBA records Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 057/140] zfcp: fix D_ID field with actual value on tracing SAN responses Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 058/140] zfcp: fix payload trace length for SAN request&response Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.8 059/140] zfcp: trace full payload of all SAN records (req,resp,iels) Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 060/140] scsi: zfcp: spin_lock_irqsave() is not nestable Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 061/140] fbdev/efifb: Fix 16 color palette entry calculation Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 062/140] ovl: Fix info leak in ovl_lookup_temp() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 063/140] ovl: copy_up_xattr(): use strnlen Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 064/140] [media] mb86a20s: fix the locking logic Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 065/140] [media] mb86a20s: fix demod settings Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 066/140] [media] cx231xx: dont return error on success Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 067/140] [media] cx231xx: fix GPIOs for Pixelview SBTVD hybrid Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 068/140] [media] cx231xx: cant proceed if I2C bus register fails Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 069/140] ALSA: hda - Fix a failure of micmute led when having multi adcs Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 071/140] MIPS: ptrace: Fix regs_return_value for kernel context Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 072/140] Input: i8042 - skip selftest on ASUS laptops Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 073/140] Input: elantech - force needed quirks on Fujitsu H760 Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 074/140] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 075/140] sunrpc: fix write space race causing stalls Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 076/140] NFSD: fix corruption in notifier registration Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 077/140] NFS: Fix inode corruption in nfs_prime_dcache() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 078/140] NFSv4: Dont report revoked delegations as valid in nfs_have_delegation() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 079/140] NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 080/140] NFSv4: Open state recovery must account for file permission changes Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 081/140] NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 082/140] pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 083/140] scsi: Fix use-after-free Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 085/140] watchdog: mt7621_wdt: Remove assignment of dev pointer Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 086/140] metag: Only define atomic_dec_if_positive conditionally Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 087/140] soc/fsl/qe: fix gpio save_regs functions Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 088/140] soc/fsl/qe: fix Oops on CPM1 (and likely CPM2) Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 089/140] arm64: KVM: VHE: reset PSTATE.PAN on entry to EL2 Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 090/140] arc: dont leak bits of kernel stack into coredump Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 091/140] fs/super.c: fix race between freeze_super() and thaw_super() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 092/140] cifs: Limit the overall credit acquired Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 093/140] fs/cifs: keep guid when assigning fid to fileinfo Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 094/140] Clarify locking of cifs file and tcon structures and make more granular Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 095/140] Display number of credits available Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 096/140] Set previous session id correctly on SMB3 reconnect Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 097/140] SMB3: GUIDs should be constructed as random but valid uuids Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 098/140] Do not send SMB3 SET_INFO request if nothing is changing Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 099/140] Cleanup missing frees on some ioctls Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 100/140] Fix regression which breaks DFS mounting Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 101/140] blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 102/140] x86/e820: Dont merge consecutive E820_PRAM ranges Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 104/140] x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 106/140] pinctrl: intel: Only restore pins that are used by the driver Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 108/140] sched/fair: Fix incorrect task group ->load_avg Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 109/140] sched/fair: Fix min_vruntime tracking Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 110/140] irqchip/gicv3: Handle loop timeout proper Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 111/140] irqchip/eznps: Acknowledge NPS_IPI before calling the handler Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 112/140] irqchip/gic-v3-its: Fix entry size mask for GITS_BASER Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 113/140] cxl: Prevent adapter reset if an active context exists Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 114/140] isofs: Do not return EACCES for unknown filesystems Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 115/140] memstick: rtsx_usb_ms: Runtime resume the device when polling for cards Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 116/140] memstick: rtsx_usb_ms: Manage runtime PM when accessing the device Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 117/140] arm64: swp emulation: bound LL/SC retries before rescheduling Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 118/140] arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.8 119/140] arm64: percpu: rewrite ll/sc loops in assembly Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 120/140] arm64: kernel: Init MDCR_EL2 even in the absence of a PMU Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 121/140] arm64: Cortex-A53 errata workaround: check for kernel addresses Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 122/140] arm64: KVM: Take S1 walks into account when determining S2 write faults Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 123/140] ceph: fix error handling in ceph_read_iter Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 124/140] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 125/140] mmc: core: Annotate cmd_hdr as __le32 Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 126/140] mmc: core: switch to 1V8 or 1V2 for hs400es mode Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 127/140] mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 128/140] mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 129/140] KVM: s390: reject invalid modes for runtime instrumentation Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 130/140] fscrypto: make XTS tweak initialization endian-independent Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 131/140] fscrypto: lock inode while setting encryption policy Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 132/140] ext4: do not advertise encryption support when disabled Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 133/140] jbd2: fix incorrect unlock on j_list_lock Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 134/140] ubifs: Fix xattr_names length in exit paths Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 135/140] ubifs: Abort readdir upon error Greg Kroah-Hartman
2016-10-26 12:40     ` Richard Weinberger
2016-10-26 13:16       ` Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 136/140] target/tcm_fc: use CPU affinity for responses Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 137/140] target: Re-add missing SCF_ACK_KREF assignment in v4.1.y Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 138/140] target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 139/140] target: Dont override EXTENDED_COPY xcopy_pt_cmd SCSI status code Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.8 140/140] Revert "target: Fix residual overflow handling in target_complete_cmd_with_length" Greg Kroah-Hartman
2016-10-26 18:44   ` [PATCH 4.8 000/140] 4.8.5-stable review Shuah Khan
2016-10-27  5:15     ` Greg Kroah-Hartman
2016-10-26 21:49   ` Guenter Roeck
2016-10-27  5:16     ` Greg Kroah-Hartman
     [not found]   ` <5811acdd.4336c20a.fcad1.2674@mx.google.com>
2016-10-27 13:04     ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).