--- /dev/null
+From c09f12186d6b03b798832d95289af76495990192 Mon Sep 17 00:00:00 2001
+From: Vishal Verma <vishal.l.verma@intel.com>
+Date: Fri, 19 Aug 2016 14:40:58 -0600
+Subject: acpi, nfit: check for the correct event code in notifications
+
+From: Vishal Verma <vishal.l.verma@intel.com>
+
+commit c09f12186d6b03b798832d95289af76495990192 upstream.
+
+Commit 209851649dc4 "acpi: nfit: Add support for hot-add" added
+support for _FIT notifications, but it neglected to verify the
+notification event code matches the one in the ACPI spec for
+"NFIT Update". Currently there is only one code in the spec, but
+once additional codes are added, older kernels (without this fix)
+will misbehave by assuming all event notifications are for an
+NFIT Update.
+
+Fixes: 209851649dc4 ("acpi: nfit: Add support for hot-add")
+Cc: <stable@vger.kernel.org>
+Cc: <linux-acpi@vger.kernel.org>
+Cc: Dan Williams <dan.j.williams@intel.com>
+Reported-by: Linda Knippers <linda.knippers@hpe.com>
+Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/nfit.c | 3 +++
+ drivers/acpi/nfit.h | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+--- a/drivers/acpi/nfit.c
++++ b/drivers/acpi/nfit.c
+@@ -1806,6 +1806,9 @@ static void acpi_nfit_notify(struct acpi
+
+ dev_dbg(dev, "%s: event: %d\n", __func__, event);
+
++ if (event != NFIT_NOTIFY_UPDATE)
++ return;
++
+ device_lock(dev);
+ if (!dev->driver) {
+ /* dev->driver may be null if we're being removed */
+--- a/drivers/acpi/nfit.h
++++ b/drivers/acpi/nfit.h
+@@ -45,6 +45,10 @@ enum {
+ ND_BLK_DCR_LATCH = 2,
+ };
+
++enum nfit_root_notifiers {
++ NFIT_NOTIFY_UPDATE = 0x80,
++};
++
+ struct nfit_spa {
+ struct acpi_nfit_system_address *spa;
+ struct list_head list;
--- /dev/null
+From bbb427e342495df1cda10051d0566388697499c0 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bart.vanassche@sandisk.com>
+Date: Thu, 29 Sep 2016 08:33:30 -0700
+Subject: blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL
+
+From: Bart Van Assche <bart.vanassche@sandisk.com>
+
+commit bbb427e342495df1cda10051d0566388697499c0 upstream.
+
+Unlocking a mutex twice is wrong. Hence modify blkcg_policy_register()
+such that blkcg_pol_mutex is unlocked once if cpd == NULL. This patch
+avoids that smatch reports the following error:
+
+block/blk-cgroup.c:1378: blkcg_policy_register() error: double unlock 'mutex:&blkcg_pol_mutex'
+
+Fixes: 06b285bd1125 ("blkcg: fix blkcg_policy_data allocation bug")
+Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Cc: Tejun Heo <tj@kernel.org>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/blk-cgroup.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/block/blk-cgroup.c
++++ b/block/blk-cgroup.c
+@@ -1331,10 +1331,8 @@ int blkcg_policy_register(struct blkcg_p
+ struct blkcg_policy_data *cpd;
+
+ cpd = pol->cpd_alloc_fn(GFP_KERNEL);
+- if (!cpd) {
+- mutex_unlock(&blkcg_pol_mutex);
++ if (!cpd)
+ goto err_free_cpds;
+- }
+
+ blkcg->cpd[pol->plid] = cpd;
+ cpd->blkcg = blkcg;
--- /dev/null
+From 1e6bb1a3540fec3ef112b9a89dda88e684c3ff59 Mon Sep 17 00:00:00 2001
+From: Yuval Mintz <Yuval.Mintz@qlogic.com>
+Date: Tue, 15 Mar 2016 19:52:04 +0200
+Subject: bnx2x: Prevent false warning for lack of FC NPIV
+
+From: Yuval Mintz <Yuval.Mintz@qlogic.com>
+
+commit 1e6bb1a3540fec3ef112b9a89dda88e684c3ff59 upstream.
+
+Not all adapters have FC-NPIV configured. If bnx2fc is used with such an
+adapter, driver would read irrelevant data from the the nvram and log
+"FC-NPIV table with bad length..." In system logs.
+
+Simply accept that reading '0' as the feature offset in nvram indicates
+the feature isn't there and return.
+
+Reported-by: Andrew Patterson <andrew.patterson@hpe.com>
+Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+@@ -14819,6 +14819,10 @@ static int bnx2x_get_fc_npiv(struct net_
+ }
+
+ offset = SHMEM2_RD(bp, fc_npiv_nvram_tbl_addr[BP_PORT(bp)]);
++ if (!offset) {
++ DP(BNX2X_MSG_MCP, "No FC-NPIV in NVRAM\n");
++ goto out;
++ }
+ DP(BNX2X_MSG_MCP, "Offset of FC-NPIV in NVRAM: %08x\n", offset);
+
+ /* Read the table contents from nvram */
--- /dev/null
+From 7d414f396c91a3382e51cf628c1cf0709ad0188b Mon Sep 17 00:00:00 2001
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+Date: Tue, 20 Sep 2016 13:37:13 +0100
+Subject: cifs: Limit the overall credit acquired
+
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+
+commit 7d414f396c91a3382e51cf628c1cf0709ad0188b upstream.
+
+The kernel client requests 2 credits for many operations even though
+they only use 1 credit (presumably to build up a buffer of credit).
+Some servers seem to give the client as much credit as is requested. In
+this case, the amount of credit the client has continues increasing to
+the point where (server->credits * MAX_BUFFER_SIZE) overflows in
+smb2_wait_mtu_credits().
+
+Fix this by throttling the credit requests if an set limit is reached.
+For async requests where the credit charge may be > 1, request as much
+credit as what is charged.
+The limit is chosen somewhat arbitrarily. The Windows client
+defaults to 128 credits, the Windows server allows clients up to
+512 credits (or 8192 for Windows 2016), and the NetApp server
+(and at least one other) does not limit clients at all.
+Choose a high enough value such that the client shouldn't limit
+performance.
+
+This behavior was seen with a NetApp filer (NetApp Release 9.0RC2).
+
+Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2glob.h | 10 ++++++++++
+ fs/cifs/smb2pdu.c | 18 +++++++++++++++++-
+ 2 files changed, 27 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2glob.h
++++ b/fs/cifs/smb2glob.h
+@@ -61,4 +61,14 @@
+ /* Maximum buffer size value we can send with 1 credit */
+ #define SMB2_MAX_BUFFER_SIZE 65536
+
++/*
++ * Maximum number of credits to keep available.
++ * This value is chosen somewhat arbitrarily. The Windows client
++ * defaults to 128 credits, the Windows server allows clients up to
++ * 512 credits, and the NetApp server does not limit clients at all.
++ * Choose a high enough value such that the client shouldn't limit
++ * performance.
++ */
++#define SMB2_MAX_CREDITS_AVAILABLE 32000
++
+ #endif /* _SMB2_GLOB_H */
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -103,7 +103,21 @@ smb2_hdr_assemble(struct smb2_hdr *hdr,
+ hdr->ProtocolId[3] = 'B';
+ hdr->StructureSize = cpu_to_le16(64);
+ hdr->Command = smb2_cmd;
+- hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */
++ if (tcon && tcon->ses && tcon->ses->server) {
++ struct TCP_Server_Info *server = tcon->ses->server;
++
++ spin_lock(&server->req_lock);
++ /* Request up to 2 credits but don't go over the limit. */
++ if (server->credits >= SMB2_MAX_CREDITS_AVAILABLE)
++ hdr->CreditRequest = cpu_to_le16(0);
++ else
++ hdr->CreditRequest = cpu_to_le16(
++ min_t(int, SMB2_MAX_CREDITS_AVAILABLE -
++ server->credits, 2));
++ spin_unlock(&server->req_lock);
++ } else {
++ hdr->CreditRequest = cpu_to_le16(2);
++ }
+ hdr->ProcessId = cpu_to_le32((__u16)current->tgid);
+
+ if (!tcon)
+@@ -2059,6 +2073,7 @@ smb2_async_readv(struct cifs_readdata *r
+ if (rdata->credits) {
+ buf->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
+ SMB2_MAX_BUFFER_SIZE));
++ buf->CreditRequest = buf->CreditCharge;
+ spin_lock(&server->req_lock);
+ server->credits += rdata->credits -
+ le16_to_cpu(buf->CreditCharge);
+@@ -2245,6 +2260,7 @@ smb2_async_writev(struct cifs_writedata
+ if (wdata->credits) {
+ req->hdr.CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
+ SMB2_MAX_BUFFER_SIZE));
++ req->hdr.CreditRequest = req->hdr.CreditCharge;
+ spin_lock(&server->req_lock);
+ server->credits += wdata->credits -
+ le16_to_cpu(req->hdr.CreditCharge);
--- /dev/null
+From 3afca265b5f53a0b15b79531c13858049505582d Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@gmail.com>
+Date: Thu, 22 Sep 2016 18:58:16 -0500
+Subject: Clarify locking of cifs file and tcon structures and make more granular
+
+From: Steve French <smfrench@gmail.com>
+
+commit 3afca265b5f53a0b15b79531c13858049505582d upstream.
+
+Remove the global file_list_lock to simplify cifs/smb3 locking and
+have spinlocks that more closely match the information they are
+protecting.
+
+Add new tcon->open_file_lock and file->file_info_lock spinlocks.
+Locks continue to follow a heirachy,
+ cifs_socket --> cifs_ses --> cifs_tcon --> cifs_file
+where global tcp_ses_lock still protects socket and cifs_ses, while the
+the newer locks protect the lower level structure's information
+(tcon and cifs_file respectively).
+
+Signed-off-by: Steve French <steve.french@primarydata.com>
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Reviewed-by: Aurelien Aptel <aaptel@suse.com>
+Reviewed-by: Germano Percossi <germano.percossi@citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifsfs.c | 1
+ fs/cifs/cifsglob.h | 30 ++++++++++++------------
+ fs/cifs/cifssmb.c | 4 +--
+ fs/cifs/file.c | 66 +++++++++++++++++++++++++++++++----------------------
+ fs/cifs/misc.c | 15 ++++++------
+ fs/cifs/readdir.c | 6 ++--
+ fs/cifs/smb2misc.c | 16 ++++++------
+ 7 files changed, 75 insertions(+), 63 deletions(-)
+
+--- a/fs/cifs/cifsfs.c
++++ b/fs/cifs/cifsfs.c
+@@ -1210,7 +1210,6 @@ init_cifs(void)
+ GlobalTotalActiveXid = 0;
+ GlobalMaxActiveXid = 0;
+ spin_lock_init(&cifs_tcp_ses_lock);
+- spin_lock_init(&cifs_file_list_lock);
+ spin_lock_init(&GlobalMid_Lock);
+
+ if (cifs_max_pending < 2) {
+--- a/fs/cifs/cifsglob.h
++++ b/fs/cifs/cifsglob.h
+@@ -827,6 +827,7 @@ struct cifs_tcon {
+ struct list_head tcon_list;
+ int tc_count;
+ struct list_head openFileList;
++ spinlock_t open_file_lock; /* protects list above */
+ struct cifs_ses *ses; /* pointer to session associated with */
+ char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */
+ char *nativeFileSystem;
+@@ -883,7 +884,7 @@ struct cifs_tcon {
+ #endif /* CONFIG_CIFS_STATS2 */
+ __u64 bytes_read;
+ __u64 bytes_written;
+- spinlock_t stat_lock;
++ spinlock_t stat_lock; /* protects the two fields above */
+ #endif /* CONFIG_CIFS_STATS */
+ FILE_SYSTEM_DEVICE_INFO fsDevInfo;
+ FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* ok if fs name truncated */
+@@ -1034,8 +1035,10 @@ struct cifs_fid_locks {
+ };
+
+ struct cifsFileInfo {
++ /* following two lists are protected by tcon->open_file_lock */
+ struct list_head tlist; /* pointer to next fid owned by tcon */
+ struct list_head flist; /* next fid (file instance) for this inode */
++ /* lock list below protected by cifsi->lock_sem */
+ struct cifs_fid_locks *llist; /* brlocks held by this fid */
+ kuid_t uid; /* allows finding which FileInfo structure */
+ __u32 pid; /* process id who opened file */
+@@ -1043,11 +1046,12 @@ struct cifsFileInfo {
+ /* BB add lock scope info here if needed */ ;
+ /* lock scope id (0 if none) */
+ struct dentry *dentry;
+- unsigned int f_flags;
+ struct tcon_link *tlink;
++ unsigned int f_flags;
+ bool invalidHandle:1; /* file closed via session abend */
+ bool oplock_break_cancelled:1;
+- int count; /* refcount protected by cifs_file_list_lock */
++ int count;
++ spinlock_t file_info_lock; /* protects four flag/count fields above */
+ struct mutex fh_mutex; /* prevents reopen race after dead ses*/
+ struct cifs_search_info srch_inf;
+ struct work_struct oplock_break; /* work for oplock breaks */
+@@ -1114,7 +1118,7 @@ struct cifs_writedata {
+
+ /*
+ * Take a reference on the file private data. Must be called with
+- * cifs_file_list_lock held.
++ * cfile->file_info_lock held.
+ */
+ static inline void
+ cifsFileInfo_get_locked(struct cifsFileInfo *cifs_file)
+@@ -1508,8 +1512,10 @@ require use of the stronger protocol */
+ * GlobalMid_Lock protects:
+ * list operations on pending_mid_q and oplockQ
+ * updates to XID counters, multiplex id and SMB sequence numbers
+- * cifs_file_list_lock protects:
+- * list operations on tcp and SMB session lists and tCon lists
++ * tcp_ses_lock protects:
++ * list operations on tcp and SMB session lists
++ * tcon->open_file_lock protects the list of open files hanging off the tcon
++ * cfile->file_info_lock protects counters and fields in cifs file struct
+ * f_owner.lock protects certain per file struct operations
+ * mapping->page_lock protects certain per page operations
+ *
+@@ -1541,18 +1547,12 @@ GLOBAL_EXTERN struct list_head cifs_tcp
+ * tcp session, and the list of tcon's per smb session. It also protects
+ * the reference counters for the server, smb session, and tcon. Finally,
+ * changes to the tcon->tidStatus should be done while holding this lock.
++ * generally the locks should be taken in order tcp_ses_lock before
++ * tcon->open_file_lock and that before file->file_info_lock since the
++ * structure order is cifs_socket-->cifs_ses-->cifs_tcon-->cifs_file
+ */
+ GLOBAL_EXTERN spinlock_t cifs_tcp_ses_lock;
+
+-/*
+- * This lock protects the cifs_file->llist and cifs_file->flist
+- * list operations, and updates to some flags (cifs_file->invalidHandle)
+- * It will be moved to either use the tcon->stat_lock or equivalent later.
+- * If cifs_tcp_ses_lock and the lock below are both needed to be held, then
+- * the cifs_tcp_ses_lock must be grabbed first and released last.
+- */
+-GLOBAL_EXTERN spinlock_t cifs_file_list_lock;
+-
+ #ifdef CONFIG_CIFS_DNOTIFY_EXPERIMENTAL /* unused temporarily */
+ /* Outstanding dir notify requests */
+ GLOBAL_EXTERN struct list_head GlobalDnotifyReqList;
+--- a/fs/cifs/cifssmb.c
++++ b/fs/cifs/cifssmb.c
+@@ -98,13 +98,13 @@ cifs_mark_open_files_invalid(struct cifs
+ struct list_head *tmp1;
+
+ /* list all files open on tree connection and mark them invalid */
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ list_for_each_safe(tmp, tmp1, &tcon->openFileList) {
+ open_file = list_entry(tmp, struct cifsFileInfo, tlist);
+ open_file->invalidHandle = true;
+ open_file->oplock_break_cancelled = true;
+ }
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ /*
+ * BB Add call to invalidate_inodes(sb) for all superblocks mounted
+ * to this tcon.
+--- a/fs/cifs/file.c
++++ b/fs/cifs/file.c
+@@ -305,6 +305,7 @@ cifs_new_fileinfo(struct cifs_fid *fid,
+ cfile->tlink = cifs_get_tlink(tlink);
+ INIT_WORK(&cfile->oplock_break, cifs_oplock_break);
+ mutex_init(&cfile->fh_mutex);
++ spin_lock_init(&cfile->file_info_lock);
+
+ cifs_sb_active(inode->i_sb);
+
+@@ -317,7 +318,7 @@ cifs_new_fileinfo(struct cifs_fid *fid,
+ oplock = 0;
+ }
+
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ if (fid->pending_open->oplock != CIFS_OPLOCK_NO_CHANGE && oplock)
+ oplock = fid->pending_open->oplock;
+ list_del(&fid->pending_open->olist);
+@@ -326,12 +327,13 @@ cifs_new_fileinfo(struct cifs_fid *fid,
+ server->ops->set_fid(cfile, fid, oplock);
+
+ list_add(&cfile->tlist, &tcon->openFileList);
++
+ /* if readable file instance put first in list*/
+ if (file->f_mode & FMODE_READ)
+ list_add(&cfile->flist, &cinode->openFileList);
+ else
+ list_add_tail(&cfile->flist, &cinode->openFileList);
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+
+ if (fid->purge_cache)
+ cifs_zap_mapping(inode);
+@@ -343,16 +345,16 @@ cifs_new_fileinfo(struct cifs_fid *fid,
+ struct cifsFileInfo *
+ cifsFileInfo_get(struct cifsFileInfo *cifs_file)
+ {
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&cifs_file->file_info_lock);
+ cifsFileInfo_get_locked(cifs_file);
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&cifs_file->file_info_lock);
+ return cifs_file;
+ }
+
+ /*
+ * Release a reference on the file private data. This may involve closing
+ * the filehandle out on the server. Must be called without holding
+- * cifs_file_list_lock.
++ * tcon->open_file_lock and cifs_file->file_info_lock.
+ */
+ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ {
+@@ -367,11 +369,15 @@ void cifsFileInfo_put(struct cifsFileInf
+ struct cifs_pending_open open;
+ bool oplock_break_cancelled;
+
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
++
++ spin_lock(&cifs_file->file_info_lock);
+ if (--cifs_file->count > 0) {
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&cifs_file->file_info_lock);
++ spin_unlock(&tcon->open_file_lock);
+ return;
+ }
++ spin_unlock(&cifs_file->file_info_lock);
+
+ if (server->ops->get_lease_key)
+ server->ops->get_lease_key(inode, &fid);
+@@ -395,7 +401,8 @@ void cifsFileInfo_put(struct cifsFileInf
+ set_bit(CIFS_INO_INVALID_MAPPING, &cifsi->flags);
+ cifs_set_oplock_level(cifsi, 0);
+ }
+- spin_unlock(&cifs_file_list_lock);
++
++ spin_unlock(&tcon->open_file_lock);
+
+ oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break);
+
+@@ -772,10 +779,10 @@ int cifs_closedir(struct inode *inode, s
+ server = tcon->ses->server;
+
+ cifs_dbg(FYI, "Freeing private data in close dir\n");
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&cfile->file_info_lock);
+ if (server->ops->dir_needs_close(cfile)) {
+ cfile->invalidHandle = true;
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&cfile->file_info_lock);
+ if (server->ops->close_dir)
+ rc = server->ops->close_dir(xid, tcon, &cfile->fid);
+ else
+@@ -784,7 +791,7 @@ int cifs_closedir(struct inode *inode, s
+ /* not much we can do if it fails anyway, ignore rc */
+ rc = 0;
+ } else
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&cfile->file_info_lock);
+
+ buf = cfile->srch_inf.ntwrk_buf_start;
+ if (buf) {
+@@ -1720,12 +1727,13 @@ struct cifsFileInfo *find_readable_file(
+ {
+ struct cifsFileInfo *open_file = NULL;
+ struct cifs_sb_info *cifs_sb = CIFS_SB(cifs_inode->vfs_inode.i_sb);
++ struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb);
+
+ /* only filter by fsuid on multiuser mounts */
+ if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
+ fsuid_only = false;
+
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ /* we could simply get the first_list_entry since write-only entries
+ are always at the end of the list but since the first entry might
+ have a close pending, we go through the whole list */
+@@ -1736,8 +1744,8 @@ struct cifsFileInfo *find_readable_file(
+ if (!open_file->invalidHandle) {
+ /* found a good file */
+ /* lock it so it will not be closed on us */
+- cifsFileInfo_get_locked(open_file);
+- spin_unlock(&cifs_file_list_lock);
++ cifsFileInfo_get(open_file);
++ spin_unlock(&tcon->open_file_lock);
+ return open_file;
+ } /* else might as well continue, and look for
+ another, or simply have the caller reopen it
+@@ -1745,7 +1753,7 @@ struct cifsFileInfo *find_readable_file(
+ } else /* write only file */
+ break; /* write only files are last so must be done */
+ }
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ return NULL;
+ }
+
+@@ -1754,6 +1762,7 @@ struct cifsFileInfo *find_writable_file(
+ {
+ struct cifsFileInfo *open_file, *inv_file = NULL;
+ struct cifs_sb_info *cifs_sb;
++ struct cifs_tcon *tcon;
+ bool any_available = false;
+ int rc;
+ unsigned int refind = 0;
+@@ -1769,15 +1778,16 @@ struct cifsFileInfo *find_writable_file(
+ }
+
+ cifs_sb = CIFS_SB(cifs_inode->vfs_inode.i_sb);
++ tcon = cifs_sb_master_tcon(cifs_sb);
+
+ /* only filter by fsuid on multiuser mounts */
+ if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
+ fsuid_only = false;
+
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ refind_writable:
+ if (refind > MAX_REOPEN_ATT) {
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ return NULL;
+ }
+ list_for_each_entry(open_file, &cifs_inode->openFileList, flist) {
+@@ -1788,8 +1798,8 @@ refind_writable:
+ if (OPEN_FMODE(open_file->f_flags) & FMODE_WRITE) {
+ if (!open_file->invalidHandle) {
+ /* found a good writable file */
+- cifsFileInfo_get_locked(open_file);
+- spin_unlock(&cifs_file_list_lock);
++ cifsFileInfo_get(open_file);
++ spin_unlock(&tcon->open_file_lock);
+ return open_file;
+ } else {
+ if (!inv_file)
+@@ -1805,24 +1815,24 @@ refind_writable:
+
+ if (inv_file) {
+ any_available = false;
+- cifsFileInfo_get_locked(inv_file);
++ cifsFileInfo_get(inv_file);
+ }
+
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+
+ if (inv_file) {
+ rc = cifs_reopen_file(inv_file, false);
+ if (!rc)
+ return inv_file;
+ else {
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ list_move_tail(&inv_file->flist,
+ &cifs_inode->openFileList);
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ cifsFileInfo_put(inv_file);
+- spin_lock(&cifs_file_list_lock);
+ ++refind;
+ inv_file = NULL;
++ spin_lock(&tcon->open_file_lock);
+ goto refind_writable;
+ }
+ }
+@@ -3632,15 +3642,17 @@ static int cifs_readpage(struct file *fi
+ static int is_inode_writable(struct cifsInodeInfo *cifs_inode)
+ {
+ struct cifsFileInfo *open_file;
++ struct cifs_tcon *tcon =
++ cifs_sb_master_tcon(CIFS_SB(cifs_inode->vfs_inode.i_sb));
+
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ list_for_each_entry(open_file, &cifs_inode->openFileList, flist) {
+ if (OPEN_FMODE(open_file->f_flags) & FMODE_WRITE) {
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ return 1;
+ }
+ }
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ return 0;
+ }
+
+--- a/fs/cifs/misc.c
++++ b/fs/cifs/misc.c
+@@ -120,6 +120,7 @@ tconInfoAlloc(void)
+ ++ret_buf->tc_count;
+ INIT_LIST_HEAD(&ret_buf->openFileList);
+ INIT_LIST_HEAD(&ret_buf->tcon_list);
++ spin_lock_init(&ret_buf->open_file_lock);
+ #ifdef CONFIG_CIFS_STATS
+ spin_lock_init(&ret_buf->stat_lock);
+ #endif
+@@ -465,7 +466,7 @@ is_valid_oplock_break(char *buffer, stru
+ continue;
+
+ cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ list_for_each(tmp2, &tcon->openFileList) {
+ netfile = list_entry(tmp2, struct cifsFileInfo,
+ tlist);
+@@ -495,11 +496,11 @@ is_valid_oplock_break(char *buffer, stru
+ &netfile->oplock_break);
+ netfile->oplock_break_cancelled = false;
+
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ spin_unlock(&cifs_tcp_ses_lock);
+ return true;
+ }
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ spin_unlock(&cifs_tcp_ses_lock);
+ cifs_dbg(FYI, "No matching file for oplock break\n");
+ return true;
+@@ -613,9 +614,9 @@ backup_cred(struct cifs_sb_info *cifs_sb
+ void
+ cifs_del_pending_open(struct cifs_pending_open *open)
+ {
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tlink_tcon(open->tlink)->open_file_lock);
+ list_del(&open->olist);
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
+ }
+
+ void
+@@ -635,7 +636,7 @@ void
+ cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
+ struct cifs_pending_open *open)
+ {
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tlink_tcon(tlink)->open_file_lock);
+ cifs_add_pending_open_locked(fid, tlink, open);
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
+ }
+--- a/fs/cifs/readdir.c
++++ b/fs/cifs/readdir.c
+@@ -594,14 +594,14 @@ find_cifs_entry(const unsigned int xid,
+ is_dir_changed(file)) || (index_to_find < first_entry_in_buffer)) {
+ /* close and restart search */
+ cifs_dbg(FYI, "search backing up - close and restart search\n");
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&cfile->file_info_lock);
+ if (server->ops->dir_needs_close(cfile)) {
+ cfile->invalidHandle = true;
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&cfile->file_info_lock);
+ if (server->ops->close_dir)
+ server->ops->close_dir(xid, tcon, &cfile->fid);
+ } else
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&cfile->file_info_lock);
+ if (cfile->srch_inf.ntwrk_buf_start) {
+ cifs_dbg(FYI, "freeing SMB ff cache buf on search rewind\n");
+ if (cfile->srch_inf.smallBuf)
+--- a/fs/cifs/smb2misc.c
++++ b/fs/cifs/smb2misc.c
+@@ -525,19 +525,19 @@ smb2_is_valid_lease_break(char *buffer)
+ list_for_each(tmp1, &server->smb_ses_list) {
+ ses = list_entry(tmp1, struct cifs_ses, smb_ses_list);
+
+- spin_lock(&cifs_file_list_lock);
+ list_for_each(tmp2, &ses->tcon_list) {
+ tcon = list_entry(tmp2, struct cifs_tcon,
+ tcon_list);
++ spin_lock(&tcon->open_file_lock);
+ cifs_stats_inc(
+ &tcon->stats.cifs_stats.num_oplock_brks);
+ if (smb2_tcon_has_lease(tcon, rsp, lw)) {
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ spin_unlock(&cifs_tcp_ses_lock);
+ return true;
+ }
++ spin_unlock(&tcon->open_file_lock);
+ }
+- spin_unlock(&cifs_file_list_lock);
+ }
+ }
+ spin_unlock(&cifs_tcp_ses_lock);
+@@ -579,7 +579,7 @@ smb2_is_valid_oplock_break(char *buffer,
+ tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
+
+ cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
+- spin_lock(&cifs_file_list_lock);
++ spin_lock(&tcon->open_file_lock);
+ list_for_each(tmp2, &tcon->openFileList) {
+ cfile = list_entry(tmp2, struct cifsFileInfo,
+ tlist);
+@@ -591,7 +591,7 @@ smb2_is_valid_oplock_break(char *buffer,
+
+ cifs_dbg(FYI, "file id match, oplock break\n");
+ cinode = CIFS_I(d_inode(cfile->dentry));
+-
++ spin_lock(&cfile->file_info_lock);
+ if (!CIFS_CACHE_WRITE(cinode) &&
+ rsp->OplockLevel == SMB2_OPLOCK_LEVEL_NONE)
+ cfile->oplock_break_cancelled = true;
+@@ -613,14 +613,14 @@ smb2_is_valid_oplock_break(char *buffer,
+ clear_bit(
+ CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
+ &cinode->flags);
+-
++ spin_unlock(&cfile->file_info_lock);
+ queue_work(cifsiod_wq, &cfile->oplock_break);
+
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ spin_unlock(&cifs_tcp_ses_lock);
+ return true;
+ }
+- spin_unlock(&cifs_file_list_lock);
++ spin_unlock(&tcon->open_file_lock);
+ spin_unlock(&cifs_tcp_ses_lock);
+ cifs_dbg(FYI, "No matching file for oplock break\n");
+ return true;
--- /dev/null
+From 24df1483c272c99ed88b0cba135d0e1dfdee3930 Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@gmail.com>
+Date: Thu, 29 Sep 2016 04:20:23 -0500
+Subject: Cleanup missing frees on some ioctls
+
+From: Steve French <smfrench@gmail.com>
+
+commit 24df1483c272c99ed88b0cba135d0e1dfdee3930 upstream.
+
+Cleanup some missing mem frees on some cifs ioctls, and
+clarify others to make more obvious that no data is returned.
+
+Signed-off-by: Steve French <smfrench@gmail.com>
+Acked-by: Sachin Prabhu <sprabhu@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2ops.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -282,7 +282,7 @@ SMB3_request_interfaces(const unsigned i
+ cifs_dbg(FYI, "Link Speed %lld\n",
+ le64_to_cpu(out_buf->LinkSpeed));
+ }
+-
++ kfree(out_buf);
+ return rc;
+ }
+ #endif /* STATS2 */
+@@ -695,6 +695,7 @@ smb2_clone_range(const unsigned int xid,
+
+ cchunk_out:
+ kfree(pcchunk);
++ kfree(retbuf);
+ return rc;
+ }
+
+@@ -819,7 +820,6 @@ smb2_duplicate_extents(const unsigned in
+ {
+ int rc;
+ unsigned int ret_data_len;
+- char *retbuf = NULL;
+ struct duplicate_extents_to_file dup_ext_buf;
+ struct cifs_tcon *tcon = tlink_tcon(trgtfile->tlink);
+
+@@ -845,7 +845,7 @@ smb2_duplicate_extents(const unsigned in
+ FSCTL_DUPLICATE_EXTENTS_TO_FILE,
+ true /* is_fsctl */, (char *)&dup_ext_buf,
+ sizeof(struct duplicate_extents_to_file),
+- (char **)&retbuf,
++ NULL,
+ &ret_data_len);
+
+ if (ret_data_len > 0)
+@@ -868,7 +868,6 @@ smb3_set_integrity(const unsigned int xi
+ struct cifsFileInfo *cfile)
+ {
+ struct fsctl_set_integrity_information_req integr_info;
+- char *retbuf = NULL;
+ unsigned int ret_data_len;
+
+ integr_info.ChecksumAlgorithm = cpu_to_le16(CHECKSUM_TYPE_UNCHANGED);
+@@ -880,7 +879,7 @@ smb3_set_integrity(const unsigned int xi
+ FSCTL_SET_INTEGRITY_INFORMATION,
+ true /* is_fsctl */, (char *)&integr_info,
+ sizeof(struct fsctl_set_integrity_information_req),
+- (char **)&retbuf,
++ NULL,
+ &ret_data_len);
+
+ }
--- /dev/null
+From 9742805d6b1bfb45d7f267648c34fb5bcd347397 Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@gmail.com>
+Date: Mon, 19 Sep 2016 22:06:35 -0500
+Subject: Display number of credits available
+
+From: Steve French <smfrench@gmail.com>
+
+commit 9742805d6b1bfb45d7f267648c34fb5bcd347397 upstream.
+
+In debugging smb3, it is useful to display the number
+of credits available, so we can see when the server has not granted
+sufficient operations for the client to make progress, or alternatively
+the client has requested too many credits (as we saw in a recent bug)
+so we can compare with the number of credits the server thinks
+we have.
+
+Add a /proc/fs/cifs/DebugData line to display the client view
+on how many credits are available.
+
+Signed-off-by: Steve French <steve.french@primarydata.com>
+Reported-by: Germano Percossi <germano.percossi@citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifs_debug.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/cifs/cifs_debug.c
++++ b/fs/cifs/cifs_debug.c
+@@ -152,6 +152,7 @@ static int cifs_debug_data_proc_show(str
+ list_for_each(tmp1, &cifs_tcp_ses_list) {
+ server = list_entry(tmp1, struct TCP_Server_Info,
+ tcp_ses_list);
++ seq_printf(m, "\nNumber of credits: %d", server->credits);
+ i++;
+ list_for_each(tmp2, &server->smb_ses_list) {
+ ses = list_entry(tmp2, struct cifs_ses,
--- /dev/null
+From 18dd8e1a65ddae2351d0f0d6dd4a334f441fc5fa Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@gmail.com>
+Date: Mon, 26 Sep 2016 14:23:08 -0500
+Subject: Do not send SMB3 SET_INFO request if nothing is changing
+
+From: Steve French <smfrench@gmail.com>
+
+commit 18dd8e1a65ddae2351d0f0d6dd4a334f441fc5fa upstream.
+
+[CIFS] We had cases where we sent a SMB2/SMB3 setinfo request with all
+timestamp (and DOS attribute) fields marked as 0 (ie do not change)
+e.g. on chmod or chown.
+
+Signed-off-by: Steve French <steve.french@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2inode.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/cifs/smb2inode.c
++++ b/fs/cifs/smb2inode.c
+@@ -266,9 +266,15 @@ smb2_set_file_info(struct inode *inode,
+ struct tcon_link *tlink;
+ int rc;
+
++ if ((buf->CreationTime == 0) && (buf->LastAccessTime == 0) &&
++ (buf->LastWriteTime == 0) && (buf->ChangeTime) &&
++ (buf->Attributes == 0))
++ return 0; /* would be a no op, no sense sending this */
++
+ tlink = cifs_sb_tlink(cifs_sb);
+ if (IS_ERR(tlink))
+ return PTR_ERR(tlink);
++
+ rc = smb2_open_op_close(xid, tlink_tcon(tlink), cifs_sb, full_path,
+ FILE_WRITE_ATTRIBUTES, FILE_OPEN, 0, buf,
+ SMB2_OP_SET_INFO);
--- /dev/null
+From d171356ff11ab1825e456dfb979755e01b3c54a1 Mon Sep 17 00:00:00 2001
+From: Sachin Prabhu <sprabhu@redhat.com>
+Date: Tue, 6 Sep 2016 13:22:34 +0100
+Subject: Fix regression which breaks DFS mounting
+
+From: Sachin Prabhu <sprabhu@redhat.com>
+
+commit d171356ff11ab1825e456dfb979755e01b3c54a1 upstream.
+
+Patch a6b5058 results in -EREMOTE returned by is_path_accessible() in
+cifs_mount() to be ignored which breaks DFS mounting.
+
+Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
+Reviewed-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/connect.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3693,14 +3693,16 @@ remote_path_check:
+ goto mount_fail_check;
+ }
+
+- rc = cifs_are_all_path_components_accessible(server,
++ if (rc != -EREMOTE) {
++ rc = cifs_are_all_path_components_accessible(server,
+ xid, tcon, cifs_sb,
+ full_path);
+- if (rc != 0) {
+- cifs_dbg(VFS, "cannot query dirs between root and final path, "
+- "enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
+- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
+- rc = 0;
++ if (rc != 0) {
++ cifs_dbg(VFS, "cannot query dirs between root and final path, "
++ "enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
++ rc = 0;
++ }
+ }
+ kfree(full_path);
+ }
--- /dev/null
+From 94f873717571c759b7928399cbbddfa3d569bd01 Mon Sep 17 00:00:00 2001
+From: Aurelien Aptel <aaptel@suse.com>
+Date: Thu, 22 Sep 2016 07:38:50 +0200
+Subject: fs/cifs: keep guid when assigning fid to fileinfo
+
+From: Aurelien Aptel <aaptel@suse.com>
+
+commit 94f873717571c759b7928399cbbddfa3d569bd01 upstream.
+
+When we open a durable handle we give a Globally Unique
+Identifier (GUID) to the server which we must keep for later reference
+e.g. when reopening persistent handles on reconnection.
+
+Without this the GUID generated for a new persistent handle was lost and
+16 zero bytes were used instead on re-opening.
+
+Signed-off-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2ops.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -536,6 +536,7 @@ smb2_set_fid(struct cifsFileInfo *cfile,
+ server->ops->set_oplock_level(cinode, oplock, fid->epoch,
+ &fid->purge_cache);
+ cinode->can_cache_brlcks = CIFS_CACHE_WRITE(cinode);
++ memcpy(cfile->fid.create_guid, fid->create_guid, 16);
+ }
+
+ static void
--- /dev/null
+From 64ce60cab24603ac0fcd59c9fbc3be78f4c4d229 Mon Sep 17 00:00:00 2001
+From: Don Brace <don.brace@microsemi.com>
+Date: Fri, 1 Jul 2016 13:37:31 -0500
+Subject: hpsa: correct skipping masked peripherals
+
+From: Don Brace <don.brace@microsemi.com>
+
+commit 64ce60cab24603ac0fcd59c9fbc3be78f4c4d229 upstream.
+
+The SA controller spins down RAID drive spares.
+
+A REGNEWD event causes an inquiry to be sent to all physical
+drives. This causes the SA controller to spin up the spare.
+
+The controller suspends all I/O to a logical volume until
+the spare is spun up. The spin-up can take over 50 seconds.
+
+This can result in one or both of the following:
+ - SML sends down aborts and resets to the logical volume
+ and can cause the logical volume to be off-lined.
+ - a negative impact on the logical volume's I/O performance
+ each time a REGNEWD is triggered.
+
+Reviewed-by: Scott Teel <scott.teel@microsemi.com>
+Reviewed-by: Kevin Barnett <kevin.barnett@microsemi.com>
+Signed-off-by: Don Brace <don.brace@microsemi.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/hpsa.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 74 insertions(+), 4 deletions(-)
+
+--- a/drivers/scsi/hpsa.c
++++ b/drivers/scsi/hpsa.c
+@@ -3930,6 +3930,70 @@ static int hpsa_set_local_logical_count(
+ return rc;
+ }
+
++static bool hpsa_is_disk_spare(struct ctlr_info *h, u8 *lunaddrbytes)
++{
++ struct bmic_identify_physical_device *id_phys;
++ bool is_spare = false;
++ int rc;
++
++ id_phys = kzalloc(sizeof(*id_phys), GFP_KERNEL);
++ if (!id_phys)
++ return false;
++
++ rc = hpsa_bmic_id_physical_device(h,
++ lunaddrbytes,
++ GET_BMIC_DRIVE_NUMBER(lunaddrbytes),
++ id_phys, sizeof(*id_phys));
++ if (rc == 0)
++ is_spare = (id_phys->more_flags >> 6) & 0x01;
++
++ kfree(id_phys);
++ return is_spare;
++}
++
++#define RPL_DEV_FLAG_NON_DISK 0x1
++#define RPL_DEV_FLAG_UNCONFIG_DISK_REPORTING_SUPPORTED 0x2
++#define RPL_DEV_FLAG_UNCONFIG_DISK 0x4
++
++#define BMIC_DEVICE_TYPE_ENCLOSURE 6
++
++static bool hpsa_skip_device(struct ctlr_info *h, u8 *lunaddrbytes,
++ struct ext_report_lun_entry *rle)
++{
++ u8 device_flags;
++ u8 device_type;
++
++ if (!MASKED_DEVICE(lunaddrbytes))
++ return false;
++
++ device_flags = rle->device_flags;
++ device_type = rle->device_type;
++
++ if (device_flags & RPL_DEV_FLAG_NON_DISK) {
++ if (device_type == BMIC_DEVICE_TYPE_ENCLOSURE)
++ return false;
++ return true;
++ }
++
++ if (!(device_flags & RPL_DEV_FLAG_UNCONFIG_DISK_REPORTING_SUPPORTED))
++ return false;
++
++ if (device_flags & RPL_DEV_FLAG_UNCONFIG_DISK)
++ return false;
++
++ /*
++ * Spares may be spun down, we do not want to
++ * do an Inquiry to a RAID set spare drive as
++ * that would have them spun up, that is a
++ * performance hit because I/O to the RAID device
++ * stops while the spin up occurs which can take
++ * over 50 seconds.
++ */
++ if (hpsa_is_disk_spare(h, lunaddrbytes))
++ return true;
++
++ return false;
++}
+
+ static void hpsa_update_scsi_devices(struct ctlr_info *h)
+ {
+@@ -4023,6 +4087,7 @@ static void hpsa_update_scsi_devices(str
+ u8 *lunaddrbytes, is_OBDR = 0;
+ int rc = 0;
+ int phys_dev_index = i - (raid_ctlr_position == 0);
++ bool skip_device = false;
+
+ physical_device = i < nphysicals + (raid_ctlr_position == 0);
+
+@@ -4030,10 +4095,15 @@ static void hpsa_update_scsi_devices(str
+ lunaddrbytes = figure_lunaddrbytes(h, raid_ctlr_position,
+ i, nphysicals, nlogicals, physdev_list, logdev_list);
+
+- /* skip masked non-disk devices */
+- if (MASKED_DEVICE(lunaddrbytes) && physical_device &&
+- (physdev_list->LUN[phys_dev_index].device_flags & 0x01))
+- continue;
++ /*
++ * Skip over some devices such as a spare.
++ */
++ if (!tmpdevice->external && physical_device) {
++ skip_device = hpsa_skip_device(h, lunaddrbytes,
++ &physdev_list->LUN[phys_dev_index]);
++ if (skip_device)
++ continue;
++ }
+
+ /* Get device type, vendor, model, device id */
+ rc = hpsa_update_device_info(h, lunaddrbytes, tmpdevice,
--- /dev/null
+From d102eb5c1ac5e6743b1c6d145c06a25d98ad1375 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 14 Oct 2016 10:26:21 +0300
+Subject: irqchip/gicv3: Handle loop timeout proper
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit d102eb5c1ac5e6743b1c6d145c06a25d98ad1375 upstream.
+
+The timeout loop terminates when the loop count is zero, but the decrement
+of the count variable is post check. So count is -1 when we check for the
+timeout and therefor the error message is supressed.
+
+Change it to predecrement, so the error message is emitted.
+
+[ tglx: Massaged changelog ]
+
+Fixes: a2c225101234 ("irqchip: gic-v3: Refactor gic_enable_redist to support both enabling and disabling")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Sudeep Holla <sudeep.holla@arm.com>
+Cc: Marc Zyngier <marc.zyngier@arm.com>
+Cc: kernel-janitors@vger.kernel.org
+Cc: Jason Cooper <jason@lakedaemon.net>
+Link: http://lkml.kernel.org/r/20161014072534.GA15168@mwanda
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/irqchip/irq-gic-v3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/irqchip/irq-gic-v3.c
++++ b/drivers/irqchip/irq-gic-v3.c
+@@ -142,7 +142,7 @@ static void gic_enable_redist(bool enabl
+ return; /* No PM support in this redistributor */
+ }
+
+- while (count--) {
++ while (--count) {
+ val = readl_relaxed(rbase + GICR_WAKER);
+ if (enable ^ (val & GICR_WAKER_ChildrenAsleep))
+ break;
--- /dev/null
+From 8678654e3c7ad7b0f4beb03fa89691279cba71f9 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Thu, 13 Oct 2016 17:45:20 +0200
+Subject: kvm: x86: memset whole irq_eoi
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit 8678654e3c7ad7b0f4beb03fa89691279cba71f9 upstream.
+
+gcc 7 warns:
+arch/x86/kvm/ioapic.c: In function 'kvm_ioapic_reset':
+arch/x86/kvm/ioapic.c:597:2: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
+
+And it is right. Memset whole array using sizeof operator.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: x86@kernel.org
+Cc: kvm@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+[Added x86 subject tag]
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/ioapic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/ioapic.c
++++ b/arch/x86/kvm/ioapic.c
+@@ -580,7 +580,7 @@ static void kvm_ioapic_reset(struct kvm_
+ ioapic->irr = 0;
+ ioapic->irr_delivered = 0;
+ ioapic->id = 0;
+- memset(ioapic->irq_eoi, 0x00, IOAPIC_NUM_PINS);
++ memset(ioapic->irq_eoi, 0x00, sizeof(ioapic->irq_eoi));
+ rtc_irq_eoi_tracking_reset(ioapic);
+ }
+
--- /dev/null
+From 6e5224224faa50ec4c8949dcefadf895e565f0d1 Mon Sep 17 00:00:00 2001
+From: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Date: Wed, 2 Mar 2016 17:47:46 +0200
+Subject: net/mlx4_core: Allow resetting VF admin mac to zero
+
+From: Jack Morgenstein <jackm@dev.mellanox.co.il>
+
+commit 6e5224224faa50ec4c8949dcefadf895e565f0d1 upstream.
+
+The VF administrative mac addresses (stored in the PF driver) are
+initialized to zero when the PF driver starts up.
+
+These addresses may be modified in the PF driver through ndo calls
+initiated by iproute2 or libvirt.
+
+While we allow the PF/host to change the VF admin mac address from zero
+to a valid unicast mac, we do not allow restoring the VF admin mac to
+zero. We currently only allow changing this mac to a different unicast mac.
+
+This leads to problems when libvirt scripts are used to deal with
+VF mac addresses, and libvirt attempts to revoke the mac so this
+host will not use it anymore.
+
+Fix this by allowing resetting a VF administrative MAC back to zero.
+
+Fixes: 8f7ba3ca12f6 ('net/mlx4: Add set VF mac address support')
+Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Reported-by: Moshe Levi <moshele@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
++++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+@@ -2282,7 +2282,7 @@ static int mlx4_en_set_vf_mac(struct net
+ struct mlx4_en_dev *mdev = en_priv->mdev;
+ u64 mac_u64 = mlx4_mac_to_u64(mac);
+
+- if (!is_valid_ether_addr(mac))
++ if (is_multicast_ether_addr(mac))
+ return -EINVAL;
+
+ return mlx4_set_vf_mac(mdev->dev, en_priv->port, queue, mac_u64);
--- /dev/null
+From c538b9436751a0be2e1246b48353bc23156bdbcc Mon Sep 17 00:00:00 2001
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+Date: Mon, 10 Oct 2016 16:39:31 +0300
+Subject: pinctrl: intel: Only restore pins that are used by the driver
+
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+
+commit c538b9436751a0be2e1246b48353bc23156bdbcc upstream.
+
+Dell XPS 13 (and maybe some others) uses a GPIO (CPU_GP_1) during suspend
+to explicitly disable USB touchscreen interrupt. This is done to prevent
+situation where the lid is closed the touchscreen is left functional.
+
+The pinctrl driver (wrongly) assumes it owns all pins which are owned by
+host and not locked down. It is perfectly fine for BIOS to use those pins
+as it is also considered as host in this context.
+
+What happens is that when the lid of Dell XPS 13 is closed, the BIOS
+configures CPU_GP_1 low disabling the touchscreen interrupt. During resume
+we restore all host owned pins to the known state which includes CPU_GP_1
+and this overwrites what the BIOS has programmed there causing the
+touchscreen to fail as no interrupts are reaching the CPU anymore.
+
+Fix this by restoring only those pins we know are explicitly requested by
+the kernel one way or other.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=176361
+Reported-by: AceLan Kao <acelan.kao@canonical.com>
+Tested-by: AceLan Kao <acelan.kao@canonical.com>
+Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pinctrl/intel/pinctrl-intel.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+--- a/drivers/pinctrl/intel/pinctrl-intel.c
++++ b/drivers/pinctrl/intel/pinctrl-intel.c
+@@ -23,6 +23,7 @@
+ #include <linux/pinctrl/pinconf.h>
+ #include <linux/pinctrl/pinconf-generic.h>
+
++#include "../core.h"
+ #include "pinctrl-intel.h"
+
+ /* Offset from regs */
+@@ -1049,6 +1050,26 @@ int intel_pinctrl_remove(struct platform
+ EXPORT_SYMBOL_GPL(intel_pinctrl_remove);
+
+ #ifdef CONFIG_PM_SLEEP
++static bool intel_pinctrl_should_save(struct intel_pinctrl *pctrl, unsigned pin)
++{
++ const struct pin_desc *pd = pin_desc_get(pctrl->pctldev, pin);
++
++ if (!pd || !intel_pad_usable(pctrl, pin))
++ return false;
++
++ /*
++ * Only restore the pin if it is actually in use by the kernel (or
++ * by userspace). It is possible that some pins are used by the
++ * BIOS during resume and those are not always locked down so leave
++ * them alone.
++ */
++ if (pd->mux_owner || pd->gpio_owner ||
++ gpiochip_line_is_irq(&pctrl->chip, pin))
++ return true;
++
++ return false;
++}
++
+ int intel_pinctrl_suspend(struct device *dev)
+ {
+ struct platform_device *pdev = to_platform_device(dev);
+@@ -1062,7 +1083,7 @@ int intel_pinctrl_suspend(struct device
+ const struct pinctrl_pin_desc *desc = &pctrl->soc->pins[i];
+ u32 val;
+
+- if (!intel_pad_usable(pctrl, desc->number))
++ if (!intel_pinctrl_should_save(pctrl, desc->number))
+ continue;
+
+ val = readl(intel_get_padcfg(pctrl, desc->number, PADCFG0));
+@@ -1123,7 +1144,7 @@ int intel_pinctrl_resume(struct device *
+ void __iomem *padcfg;
+ u32 val;
+
+- if (!intel_pad_usable(pctrl, desc->number))
++ if (!intel_pinctrl_should_save(pctrl, desc->number))
+ continue;
+
+ padcfg = intel_get_padcfg(pctrl, desc->number, PADCFG0);
--- /dev/null
+From 7ee7014d0eb6bcac679c0bd5fe9ce65bc4325648 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 18 Jan 2016 10:49:58 -0500
+Subject: PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures
+
+From: Peter Jones <pjones@redhat.com>
+
+commit 7ee7014d0eb6bcac679c0bd5fe9ce65bc4325648 upstream.
+
+Dave Young reported:
+> Hi,
+>
+> I saw the warning "Missing required AuthAttr" when testing kexec,
+> known issue? Idea about how to fix it?
+>
+> The kernel is latest linus tree plus sevral patches from Toshi to
+> cleanup io resource structure.
+>
+> in function pkcs7_sig_note_set_of_authattrs():
+> if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
+> !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||
+> (ctx->msg->data_type == OID_msIndirectData &&
+> !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {
+> pr_warn("Missing required AuthAttr\n");
+> return -EBADMSG;
+> }
+>
+> The third condition below is true:
+> (ctx->msg->data_type == OID_msIndirectData &&
+> !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))
+>
+> I signed the kernel with redhat test key like below:
+> pesign -c 'Red Hat Test Certificate' -i arch/x86/boot/bzImage -o /boot/vmlinuz-4.4.0-rc8+ -s --force
+
+And right he is! The Authenticode specification is a paragon amongst
+technical documents, and has this pearl of wisdom to offer:
+
+---------------------------------
+Authenticode-Specific SignerInfo UnauthenticatedAttributes Structures
+
+ The following Authenticode-specific data structures are present in
+ SignerInfo authenticated attributes.
+
+ SpcSpOpusInfo
+ SpcSpOpusInfo is identified by SPC_SP_OPUS_INFO_OBJID
+ (1.3.6.1.4.1.311.2.1.12) and is defined as follows:
+ SpcSpOpusInfo ::= SEQUENCE {
+ programName [0] EXPLICIT SpcString OPTIONAL,
+ moreInfo [1] EXPLICIT SpcLink OPTIONAL,
+ } --#public--
+
+ SpcSpOpusInfo has two fields:
+ programName
+ This field contains the program description:
+ If publisher chooses not to specify a description, the SpcString
+ structure contains a zero-length program name.
+ If the publisher chooses to specify a
+ description, the SpcString structure contains a Unicode string.
+ moreInfo
+ This field is set to an SPCLink structure that contains a URL for
+ a Web site with more information about the signer. The URL is an
+ ASCII string.
+---------------------------------
+
+Which is to say that this is an optional *unauthenticated* field which
+may be present in the Authenticated Attribute list. This is not how
+pkcs7 is supposed to work, so when David implemented this, he didn't
+appreciate the subtlety the original spec author was working with, and
+missed the part of the sublime prose that says this Authenticated
+Attribute is an Unauthenticated Attribute. As a result, the code in
+question simply takes as given that the Authenticated Attributes should
+be authenticated.
+
+But this one should not, individually. Because it says it's not
+authenticated.
+
+It still has to hash right so the TBS digest is correct. So it is both
+authenticated and unauthenticated, all at once. Truly, a wonder of
+technical accomplishment.
+
+Additionally, pesign's implementation has always attempted to be
+compatible with the signatures emitted from contemporary versions of
+Microsoft's signtool.exe. During the initial implementation, Microsoft
+signatures always produced the same values for SpcSpOpusInfo -
+{U"Microsoft Windows", "http://www.microsoft.com"} - without regard to
+who the signer was.
+
+Sometime between Windows 8 and Windows 8.1 they stopped including the
+field in their signatures altogether, and as such pesign stopped
+producing them in commits c0c4da6 and d79cb0c, sometime around June of
+2012. The theory here is that anything that breaks with
+pesign signatures would also be breaking with signtool.exe sigs as well,
+and that'll be a more noticed problem for firmwares parsing it, so it'll
+get fixed. The fact that we've done exactly this bug in Linux code is
+first class, grade A irony.
+
+So anyway, we should not be checking this field for presence or any
+particular value: if the field exists, it should be at the right place,
+but aside from that, as long as the hash matches the field is good.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Tested-by: Dave Young <dyoung@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/asymmetric_keys/pkcs7_parser.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/crypto/asymmetric_keys/pkcs7_parser.c
++++ b/crypto/asymmetric_keys/pkcs7_parser.c
+@@ -547,9 +547,7 @@ int pkcs7_sig_note_set_of_authattrs(void
+ struct pkcs7_signed_info *sinfo = ctx->sinfo;
+
+ if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
+- !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||
+- (ctx->msg->data_type == OID_msIndirectData &&
+- !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {
++ !test_bit(sinfo_has_message_digest, &sinfo->aa_set)) {
+ pr_warn("Missing required AuthAttr\n");
+ return -EBADMSG;
+ }
--- /dev/null
+From b60205c7c558330e4e2b5df498355ec959457358 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Tue, 20 Sep 2016 21:58:12 +0200
+Subject: sched/fair: Fix min_vruntime tracking
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit b60205c7c558330e4e2b5df498355ec959457358 upstream.
+
+While going through enqueue/dequeue to review the movement of
+set_curr_task() I noticed that the (2nd) update_min_vruntime() call in
+dequeue_entity() is suspect.
+
+It turns out, its actually wrong because it will consider
+cfs_rq->curr, which could be the entry we just normalized. This mixes
+different vruntime forms and leads to fail.
+
+The purpose of the second update_min_vruntime() is to move
+min_vruntime forward if the entity we just removed is the one that was
+holding it back; _except_ for the DEQUEUE_SAVE case, because then we
+know its a temporary removal and it will come back.
+
+However, since we do put_prev_task() _after_ dequeue(), cfs_rq->curr
+will still be set (and per the above, can be tranformed into a
+different unit), so update_min_vruntime() should also consider
+curr->on_rq. This also fixes another corner case where the enqueue
+(which also does update_curr()->update_min_vruntime()) happens on the
+rq->lock break in schedule(), between dequeue and put_prev_task.
+
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Mike Galbraith <efault@gmx.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Fixes: 1e876231785d ("sched: Fix ->min_vruntime calculation in dequeue_entity()")
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/fair.c | 29 ++++++++++++++++++++++-------
+ 1 file changed, 22 insertions(+), 7 deletions(-)
+
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -456,17 +456,23 @@ static inline int entity_before(struct s
+
+ static void update_min_vruntime(struct cfs_rq *cfs_rq)
+ {
++ struct sched_entity *curr = cfs_rq->curr;
++
+ u64 vruntime = cfs_rq->min_vruntime;
+
+- if (cfs_rq->curr)
+- vruntime = cfs_rq->curr->vruntime;
++ if (curr) {
++ if (curr->on_rq)
++ vruntime = curr->vruntime;
++ else
++ curr = NULL;
++ }
+
+ if (cfs_rq->rb_leftmost) {
+ struct sched_entity *se = rb_entry(cfs_rq->rb_leftmost,
+ struct sched_entity,
+ run_node);
+
+- if (!cfs_rq->curr)
++ if (!curr)
+ vruntime = se->vruntime;
+ else
+ vruntime = min_vruntime(vruntime, se->vruntime);
+@@ -3139,9 +3145,10 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
+ account_entity_dequeue(cfs_rq, se);
+
+ /*
+- * Normalize the entity after updating the min_vruntime because the
+- * update can refer to the ->curr item and we need to reflect this
+- * movement in our normalized position.
++ * Normalize after update_curr(); which will also have moved
++ * min_vruntime if @se is the one holding it back. But before doing
++ * update_min_vruntime() again, which will discount @se's position and
++ * can move min_vruntime forward still more.
+ */
+ if (!(flags & DEQUEUE_SLEEP))
+ se->vruntime -= cfs_rq->min_vruntime;
+@@ -3149,8 +3156,16 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
+ /* return excess runtime on last dequeue */
+ return_cfs_rq_runtime(cfs_rq);
+
+- update_min_vruntime(cfs_rq);
+ update_cfs_shares(cfs_rq);
++
++ /*
++ * Now advance min_vruntime if @se was the entity holding it back,
++ * except when: DEQUEUE_SAVE && !DEQUEUE_MOVE, in this case we'll be
++ * put back on, and if we advance min_vruntime, we'll be placed back
++ * further than we started -- ie. we'll be penalized.
++ */
++ if ((flags & (DEQUEUE_SAVE | DEQUEUE_MOVE)) == DEQUEUE_SAVE)
++ update_min_vruntime(cfs_rq);
+ }
+
+ /*
--- /dev/null
+From 6b7e9cde49691e04314342b7dce90c67ad567fcc Mon Sep 17 00:00:00 2001
+From: "Martin K. Petersen" <martin.petersen@oracle.com>
+Date: Thu, 12 May 2016 22:17:34 -0400
+Subject: sd: Fix rw_max for devices that report an optimal xfer size
+
+From: Martin K. Petersen <martin.petersen@oracle.com>
+
+commit 6b7e9cde49691e04314342b7dce90c67ad567fcc upstream.
+
+For historic reasons, io_opt is in bytes and max_sectors in block layer
+sectors. This interface inconsistency is error prone and should be
+fixed. But for 4.4--4.7 let's make the unit difference explicit via a
+wrapper function.
+
+Fixes: d0eb20a863ba ("sd: Optimal I/O size is in bytes, not sectors")
+Reported-by: Fam Zheng <famz@redhat.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Tested-by: Andrew Patterson <andrew.patterson@hpe.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/sd.c | 8 ++++----
+ drivers/scsi/sd.h | 5 +++++
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -2879,10 +2879,10 @@ static int sd_revalidate_disk(struct gen
+ if (sdkp->opt_xfer_blocks &&
+ sdkp->opt_xfer_blocks <= dev_max &&
+ sdkp->opt_xfer_blocks <= SD_DEF_XFER_BLOCKS &&
+- sdkp->opt_xfer_blocks * sdp->sector_size >= PAGE_CACHE_SIZE)
+- rw_max = q->limits.io_opt =
+- sdkp->opt_xfer_blocks * sdp->sector_size;
+- else
++ logical_to_bytes(sdp, sdkp->opt_xfer_blocks) >= PAGE_CACHE_SIZE) {
++ q->limits.io_opt = logical_to_bytes(sdp, sdkp->opt_xfer_blocks);
++ rw_max = logical_to_sectors(sdp, sdkp->opt_xfer_blocks);
++ } else
+ rw_max = BLK_DEF_MAX_SECTORS;
+
+ /* Combine with controller limits */
+--- a/drivers/scsi/sd.h
++++ b/drivers/scsi/sd.h
+@@ -151,6 +151,11 @@ static inline sector_t logical_to_sector
+ return blocks << (ilog2(sdev->sector_size) - 9);
+ }
+
++static inline unsigned int logical_to_bytes(struct scsi_device *sdev, sector_t blocks)
++{
++ return blocks * sdev->sector_size;
++}
++
+ /*
+ * A DIF-capable target device can be formatted with different
+ * protection schemes. Currently 0 through 3 are defined:
lightnvm-ensure-that-nvm_dev_ops-can-be-used-without-config_nvm.patch
arc-don-t-leak-bits-of-kernel-stack-into-coredump.patch
fs-super.c-fix-race-between-freeze_super-and-thaw_super.patch
+cifs-limit-the-overall-credit-acquired.patch
+fs-cifs-keep-guid-when-assigning-fid-to-fileinfo.patch
+clarify-locking-of-cifs-file-and-tcon-structures-and-make-more-granular.patch
+display-number-of-credits-available.patch
+set-previous-session-id-correctly-on-smb3-reconnect.patch
+smb3-guids-should-be-constructed-as-random-but-valid-uuids.patch
+do-not-send-smb3-set_info-request-if-nothing-is-changing.patch
+cleanup-missing-frees-on-some-ioctls.patch
+fix-regression-which-breaks-dfs-mounting.patch
+blkcg-unlock-blkcg_pol_mutex-only-once-when-cpd-null.patch
+x86-e820-don-t-merge-consecutive-e820_pram-ranges.patch
+kvm-x86-memset-whole-irq_eoi.patch
+pinctrl-intel-only-restore-pins-that-are-used-by-the-driver.patch
+sched-fair-fix-min_vruntime-tracking.patch
+irqchip-gicv3-handle-loop-timeout-proper.patch
+sd-fix-rw_max-for-devices-that-report-an-optimal-xfer-size.patch
+hpsa-correct-skipping-masked-peripherals.patch
+pkcs-7-don-t-require-spcspopusinfo-in-authenticode-pkcs7-signatures.patch
+bnx2x-prevent-false-warning-for-lack-of-fc-npiv.patch
+net-mlx4_core-allow-resetting-vf-admin-mac-to-zero.patch
+acpi-nfit-check-for-the-correct-event-code-in-notifications.patch
--- /dev/null
+From c2afb8147e69819885493edf3a7c1ce03aaf2d4e Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@gmail.com>
+Date: Tue, 20 Sep 2016 22:56:13 -0500
+Subject: Set previous session id correctly on SMB3 reconnect
+
+From: Steve French <smfrench@gmail.com>
+
+commit c2afb8147e69819885493edf3a7c1ce03aaf2d4e upstream.
+
+Signed-off-by: Steve French <steve.french@primarydata.com>
+Reported-by: David Goebel <davidgoe@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2pdu.c | 5 +++++
+ fs/cifs/smb2pdu.h | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -607,6 +607,7 @@ SMB2_sess_setup(const unsigned int xid,
+ char *security_blob = NULL;
+ unsigned char *ntlmssp_blob = NULL;
+ bool use_spnego = false; /* else use raw ntlmssp */
++ u64 previous_session = ses->Suid;
+
+ cifs_dbg(FYI, "Session Setup\n");
+
+@@ -644,6 +645,10 @@ ssetup_ntlmssp_authenticate:
+ return rc;
+
+ req->hdr.SessionId = 0; /* First session, not a reauthenticate */
++
++ /* if reconnect, we need to send previous sess id, otherwise it is 0 */
++ req->PreviousSessionId = previous_session;
++
+ req->Flags = 0; /* MBZ */
+ /* to enable echos and oplocks */
+ req->hdr.CreditRequest = cpu_to_le16(3);
+--- a/fs/cifs/smb2pdu.h
++++ b/fs/cifs/smb2pdu.h
+@@ -276,7 +276,7 @@ struct smb2_sess_setup_req {
+ __le32 Channel;
+ __le16 SecurityBufferOffset;
+ __le16 SecurityBufferLength;
+- __le64 PreviousSessionId;
++ __u64 PreviousSessionId;
+ __u8 Buffer[1]; /* variable length GSS security buffer */
+ } __packed;
+
--- /dev/null
+From fa70b87cc6641978b20e12cc5d517e9ffc0086d4 Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@gmail.com>
+Date: Thu, 22 Sep 2016 00:39:34 -0500
+Subject: SMB3: GUIDs should be constructed as random but valid uuids
+
+From: Steve French <smfrench@gmail.com>
+
+commit fa70b87cc6641978b20e12cc5d517e9ffc0086d4 upstream.
+
+GUIDs although random, and 16 bytes, need to be generated as
+proper uuids.
+
+Signed-off-by: Steve French <steve.french@primarydata.com>
+Reviewed-by: Aurelien Aptel <aaptel@suse.com>
+Reported-by: David Goebels <davidgoe@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifsfs.c | 2 +-
+ fs/cifs/connect.c | 2 +-
+ fs/cifs/smb2ops.c | 2 +-
+ fs/cifs/smb2pdu.c | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/fs/cifs/cifsfs.c
++++ b/fs/cifs/cifsfs.c
+@@ -268,7 +268,7 @@ cifs_alloc_inode(struct super_block *sb)
+ cifs_inode->createtime = 0;
+ cifs_inode->epoch = 0;
+ #ifdef CONFIG_CIFS_SMB2
+- get_random_bytes(cifs_inode->lease_key, SMB2_LEASE_KEY_SIZE);
++ generate_random_uuid(cifs_inode->lease_key);
+ #endif
+ /*
+ * Can not set i_flags here - they get immediately overwritten to zero
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -2200,7 +2200,7 @@ cifs_get_tcp_session(struct smb_vol *vol
+ memcpy(&tcp_ses->dstaddr, &volume_info->dstaddr,
+ sizeof(tcp_ses->dstaddr));
+ #ifdef CONFIG_CIFS_SMB2
+- get_random_bytes(tcp_ses->client_guid, SMB2_CLIENT_GUID_SIZE);
++ generate_random_uuid(tcp_ses->client_guid);
+ #endif
+ /*
+ * at this point we are the only ones with the pointer
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -1037,7 +1037,7 @@ smb2_set_lease_key(struct inode *inode,
+ static void
+ smb2_new_lease_key(struct cifs_fid *fid)
+ {
+- get_random_bytes(fid->lease_key, SMB2_LEASE_KEY_SIZE);
++ generate_random_uuid(fid->lease_key);
+ }
+
+ #define SMB2_SYMLINK_STRUCT_SIZE \
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1186,7 +1186,7 @@ create_durable_v2_buf(struct cifs_fid *p
+
+ buf->dcontext.Timeout = 0; /* Should this be configurable by workload */
+ buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
+- get_random_bytes(buf->dcontext.CreateGuid, 16);
++ generate_random_uuid(buf->dcontext.CreateGuid);
+ memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
+
+ /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
--- /dev/null
+From 23446cb66c073b827779e5eb3dec301623299b32 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Wed, 12 Oct 2016 11:01:48 -0700
+Subject: x86/e820: Don't merge consecutive E820_PRAM ranges
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit 23446cb66c073b827779e5eb3dec301623299b32 upstream.
+
+Commit:
+
+ 917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation")
+
+... fixed up the broken manipulations of max_pfn in the presence of
+E820_PRAM ranges.
+
+However, it also broke the sanitize_e820_map() support for not merging
+E820_PRAM ranges.
+
+Re-introduce the enabling to keep resource boundaries between
+consecutive defined ranges. Otherwise, for example, an environment that
+boots with memmap=2G!8G,2G!10G will end up with a single 4G /dev/pmem0
+device instead of a /dev/pmem0 and /dev/pmem1 device 2G in size.
+
+Reported-by: Dave Chinner <david@fromorbit.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Jeff Moyer <jmoyer@redhat.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Zhang Yi <yizhan@redhat.com>
+Cc: linux-nvdimm@lists.01.org
+Fixes: 917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation")
+Link: http://lkml.kernel.org/r/147629530854.10618.10383744751594021268.stgit@dwillia2-desk3.amr.corp.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/e820.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/e820.c
++++ b/arch/x86/kernel/e820.c
+@@ -347,7 +347,7 @@ int __init sanitize_e820_map(struct e820
+ * continue building up new bios map based on this
+ * information
+ */
+- if (current_type != last_type) {
++ if (current_type != last_type || current_type == E820_PRAM) {
+ if (last_type != 0) {
+ new_bios[new_bios_entry].size =
+ change_point[chgidx]->addr - last_addr;
projects / thirdparty / kernel / stable-queue.git / commitdiff
