--- /dev/null
+From d239380196c4e27a26fa4bea73d2bf994c14ec2d Mon Sep 17 00:00:00 2001
+From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
+Date: Thu, 19 Dec 2019 13:15:38 +0000
+Subject: ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe
+
+From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
+
+commit d239380196c4e27a26fa4bea73d2bf994c14ec2d upstream.
+
+ath10k_pci_dump_memory_reg() will try to access memory of type
+ATH10K_MEM_REGION_TYPE_IOREG however, if a hardware restart is in progress
+this can crash a system.
+
+Individual ioread32() time has been observed to jump from 15-20 ticks to >
+80k ticks followed by a secure-watchdog bite and a system reset.
+
+Work around this corner case by only issuing the read transaction when the
+driver state is ATH10K_STATE_ON.
+
+Tested-on: QCA9988 PCI 10.4-3.9.0.2-00044
+
+Fixes: 219cc084c6706 ("ath10k: add memory dump support QCA9984")
+Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ath/ath10k/pci.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath10k/pci.c
++++ b/drivers/net/wireless/ath/ath10k/pci.c
+@@ -1613,11 +1613,22 @@ static int ath10k_pci_dump_memory_reg(st
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ u32 i;
++ int ret;
++
++ mutex_lock(&ar->conf_mutex);
++ if (ar->state != ATH10K_STATE_ON) {
++ ath10k_warn(ar, "Skipping pci_dump_memory_reg invalid state\n");
++ ret = -EIO;
++ goto done;
++ }
+
+ for (i = 0; i < region->len; i += 4)
+ *(u32 *)(buf + i) = ioread32(ar_pci->mem + region->start + i);
+
+- return region->len;
++ ret = region->len;
++done:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
+ }
+
+ /* if an error happened returns < 0, otherwise the length */
+@@ -1713,7 +1724,11 @@ static void ath10k_pci_dump_memory(struc
+ count = ath10k_pci_dump_memory_sram(ar, current_region, buf);
+ break;
+ case ATH10K_MEM_REGION_TYPE_IOREG:
+- count = ath10k_pci_dump_memory_reg(ar, current_region, buf);
++ ret = ath10k_pci_dump_memory_reg(ar, current_region, buf);
++ if (ret < 0)
++ break;
++
++ count = ret;
+ break;
+ default:
+ ret = ath10k_pci_dump_memory_generic(ar, current_region, buf);
--- /dev/null
+From eaad647e5cc27f7b46a27f3b85b14c4c8a64bffa Mon Sep 17 00:00:00 2001
+From: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Date: Wed, 15 Jan 2020 10:50:50 +0200
+Subject: IB/mlx4: Fix memory leak in add_gid error flow
+
+From: Jack Morgenstein <jackm@dev.mellanox.co.il>
+
+commit eaad647e5cc27f7b46a27f3b85b14c4c8a64bffa upstream.
+
+In procedure mlx4_ib_add_gid(), if the driver is unable to update the FW
+gid table, there is a memory leak in the driver's copy of the gid table:
+the gid entry's context buffer is not freed.
+
+If such an error occurs, free the entry's context buffer, and mark the
+entry as available (by setting its context pointer to NULL).
+
+Fixes: e26be1bfef81 ("IB/mlx4: Implement ib_device callbacks")
+Link: https://lore.kernel.org/r/20200115085050.73746-1-leon@kernel.org
+Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Reviewed-by: Parav Pandit <parav@mellanox.com>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/mlx4/main.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+--- a/drivers/infiniband/hw/mlx4/main.c
++++ b/drivers/infiniband/hw/mlx4/main.c
+@@ -246,6 +246,13 @@ static int mlx4_ib_update_gids(struct gi
+ return mlx4_ib_update_gids_v1(gids, ibdev, port_num);
+ }
+
++static void free_gid_entry(struct gid_entry *entry)
++{
++ memset(&entry->gid, 0, sizeof(entry->gid));
++ kfree(entry->ctx);
++ entry->ctx = NULL;
++}
++
+ static int mlx4_ib_add_gid(const struct ib_gid_attr *attr, void **context)
+ {
+ struct mlx4_ib_dev *ibdev = to_mdev(attr->device);
+@@ -306,6 +313,8 @@ static int mlx4_ib_add_gid(const struct
+ GFP_ATOMIC);
+ if (!gids) {
+ ret = -ENOMEM;
++ *context = NULL;
++ free_gid_entry(&port_gid_table->gids[free]);
+ } else {
+ for (i = 0; i < MLX4_MAX_PORT_GIDS; i++) {
+ memcpy(&gids[i].gid, &port_gid_table->gids[i].gid, sizeof(union ib_gid));
+@@ -317,6 +326,12 @@ static int mlx4_ib_add_gid(const struct
+
+ if (!ret && hw_update) {
+ ret = mlx4_ib_update_gids(gids, ibdev, attr->port_num);
++ if (ret) {
++ spin_lock_bh(&iboe->lock);
++ *context = NULL;
++ free_gid_entry(&port_gid_table->gids[free]);
++ spin_unlock_bh(&iboe->lock);
++ }
+ kfree(gids);
+ }
+
+@@ -346,10 +361,7 @@ static int mlx4_ib_del_gid(const struct
+ if (!ctx->refcount) {
+ unsigned int real_index = ctx->real_index;
+
+- memset(&port_gid_table->gids[real_index].gid, 0,
+- sizeof(port_gid_table->gids[real_index].gid));
+- kfree(port_gid_table->gids[real_index].ctx);
+- port_gid_table->gids[real_index].ctx = NULL;
++ free_gid_entry(&port_gid_table->gids[real_index]);
+ hw_update = 1;
+ }
+ }
--- /dev/null
+From 474c4f306eefbb21b67ebd1de802d005c7d7ecdc Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Mon, 30 Dec 2019 16:32:38 +0100
+Subject: nfs: NFS_SWAP should depend on SWAP
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit 474c4f306eefbb21b67ebd1de802d005c7d7ecdc upstream.
+
+If CONFIG_SWAP=n, it does not make much sense to offer the user the
+option to enable support for swapping over NFS, as that will still fail
+at run time:
+
+ # swapon /swap
+ swapon: /swap: swapon failed: Function not implemented
+
+Fix this by adding a dependency on CONFIG_SWAP.
+
+Fixes: a564b8f0398636ba ("nfs: enable swap on NFS")
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/Kconfig
++++ b/fs/nfs/Kconfig
+@@ -89,7 +89,7 @@ config NFS_V4
+ config NFS_SWAP
+ bool "Provide swap over NFS support"
+ default n
+- depends on NFS_FS
++ depends on NFS_FS && SWAP
+ select SUNRPC_SWAP
+ help
+ This option enables swapon to work on files located on NFS mounts.
--- /dev/null
+From 221203ce6406273cf00e5c6397257d986c003ee6 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trondmy@gmail.com>
+Date: Mon, 6 Jan 2020 15:25:04 -0500
+Subject: NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes()
+
+From: Trond Myklebust <trondmy@gmail.com>
+
+commit 221203ce6406273cf00e5c6397257d986c003ee6 upstream.
+
+Instead of making assumptions about the commit verifier contents, change
+the commit code to ensure we always check that the verifier was set
+by the XDR code.
+
+Fixes: f54bcf2ecee9 ("pnfs: Prepare for flexfiles by pulling out common code")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/direct.c | 4 ++--
+ fs/nfs/nfs3xdr.c | 5 ++++-
+ fs/nfs/nfs4xdr.c | 5 ++++-
+ fs/nfs/pnfs_nfs.c | 7 +++----
+ fs/nfs/write.c | 4 +++-
+ 5 files changed, 16 insertions(+), 9 deletions(-)
+
+--- a/fs/nfs/direct.c
++++ b/fs/nfs/direct.c
+@@ -261,10 +261,10 @@ static int nfs_direct_cmp_commit_data_ve
+ data->ds_commit_index);
+
+ /* verifier not set so always fail */
+- if (verfp->committed < 0)
++ if (verfp->committed < 0 || data->res.verf->committed <= NFS_UNSTABLE)
+ return 1;
+
+- return nfs_direct_cmp_verf(verfp, &data->verf);
++ return nfs_direct_cmp_verf(verfp, data->res.verf);
+ }
+
+ /**
+--- a/fs/nfs/nfs3xdr.c
++++ b/fs/nfs/nfs3xdr.c
+@@ -2380,6 +2380,7 @@ static int nfs3_xdr_dec_commit3res(struc
+ void *data)
+ {
+ struct nfs_commitres *result = data;
++ struct nfs_writeverf *verf = result->verf;
+ enum nfs_stat status;
+ int error;
+
+@@ -2392,7 +2393,9 @@ static int nfs3_xdr_dec_commit3res(struc
+ result->op_status = status;
+ if (status != NFS3_OK)
+ goto out_status;
+- error = decode_writeverf3(xdr, &result->verf->verifier);
++ error = decode_writeverf3(xdr, &verf->verifier);
++ if (!error)
++ verf->committed = NFS_FILE_SYNC;
+ out:
+ return error;
+ out_status:
+--- a/fs/nfs/nfs4xdr.c
++++ b/fs/nfs/nfs4xdr.c
+@@ -4439,11 +4439,14 @@ static int decode_write_verifier(struct
+
+ static int decode_commit(struct xdr_stream *xdr, struct nfs_commitres *res)
+ {
++ struct nfs_writeverf *verf = res->verf;
+ int status;
+
+ status = decode_op_hdr(xdr, OP_COMMIT);
+ if (!status)
+- status = decode_write_verifier(xdr, &res->verf->verifier);
++ status = decode_write_verifier(xdr, &verf->verifier);
++ if (!status)
++ verf->committed = NFS_FILE_SYNC;
+ return status;
+ }
+
+--- a/fs/nfs/pnfs_nfs.c
++++ b/fs/nfs/pnfs_nfs.c
+@@ -30,12 +30,11 @@ EXPORT_SYMBOL_GPL(pnfs_generic_rw_releas
+ /* Fake up some data that will cause nfs_commit_release to retry the writes. */
+ void pnfs_generic_prepare_to_resend_writes(struct nfs_commit_data *data)
+ {
+- struct nfs_page *first = nfs_list_entry(data->pages.next);
++ struct nfs_writeverf *verf = data->res.verf;
+
+ data->task.tk_status = 0;
+- memcpy(&data->verf.verifier, &first->wb_verf,
+- sizeof(data->verf.verifier));
+- data->verf.verifier.data[0]++; /* ensure verifier mismatch */
++ memset(&verf->verifier, 0, sizeof(verf->verifier));
++ verf->committed = NFS_UNSTABLE;
+ }
+ EXPORT_SYMBOL_GPL(pnfs_generic_prepare_to_resend_writes);
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -1814,6 +1814,7 @@ static void nfs_commit_done(struct rpc_t
+
+ static void nfs_commit_release_pages(struct nfs_commit_data *data)
+ {
++ const struct nfs_writeverf *verf = data->res.verf;
+ struct nfs_page *req;
+ int status = data->task.tk_status;
+ struct nfs_commit_info cinfo;
+@@ -1840,7 +1841,8 @@ static void nfs_commit_release_pages(str
+
+ /* Okay, COMMIT succeeded, apparently. Check the verifier
+ * returned by the server against all stored verfs. */
+- if (!nfs_write_verifier_cmp(&req->wb_verf, &data->verf.verifier)) {
++ if (verf->committed > NFS_UNSTABLE &&
++ !nfs_write_verifier_cmp(&req->wb_verf, &verf->verifier)) {
+ /* We have a match */
+ if (req->wb_page)
+ nfs_inode_remove_request(req);
--- /dev/null
+From 0df68ced55443243951d02cc497be31fadf28173 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trondmy@gmail.com>
+Date: Mon, 6 Jan 2020 15:25:00 -0500
+Subject: NFS: Revalidate the file size on a fatal write error
+
+From: Trond Myklebust <trondmy@gmail.com>
+
+commit 0df68ced55443243951d02cc497be31fadf28173 upstream.
+
+If we suffer a fatal error upon writing a file, which causes us to
+need to revalidate the entire mapping, then we should also revalidate
+the file size.
+
+Fixes: d2ceb7e57086 ("NFS: Don't use page_file_mapping after removing the page")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/write.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -240,7 +240,15 @@ out:
+ /* A writeback failed: mark the page as bad, and invalidate the page cache */
+ static void nfs_set_pageerror(struct address_space *mapping)
+ {
++ struct inode *inode = mapping->host;
++
+ nfs_zap_mapping(mapping->host, mapping);
++ /* Force file size revalidation */
++ spin_lock(&inode->i_lock);
++ NFS_I(inode)->cache_validity |= NFS_INO_REVAL_FORCED |
++ NFS_INO_REVAL_PAGECACHE |
++ NFS_INO_INVALID_SIZE;
++ spin_unlock(&inode->i_lock);
+ }
+
+ /*
--- /dev/null
+From 924491f2e476f7234d722b24171a4daff61bbe13 Mon Sep 17 00:00:00 2001
+From: Robert Milkowski <rmilkowski@gmail.com>
+Date: Tue, 28 Jan 2020 08:37:47 +0000
+Subject: NFSv4: try lease recovery on NFS4ERR_EXPIRED
+
+From: Robert Milkowski <rmilkowski@gmail.com>
+
+commit 924491f2e476f7234d722b24171a4daff61bbe13 upstream.
+
+Currently, if an nfs server returns NFS4ERR_EXPIRED to open(),
+we return EIO to applications without even trying to recover.
+
+Fixes: 272289a3df72 ("NFSv4: nfs4_do_handle_exception() handle revoke/expiry of a single stateid")
+Signed-off-by: Robert Milkowski <rmilkowski@gmail.com>
+Reviewed-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -3089,6 +3089,11 @@ static struct nfs4_state *nfs4_do_open(s
+ exception.retry = 1;
+ continue;
+ }
++ if (status == -NFS4ERR_EXPIRED) {
++ nfs4_schedule_lease_recovery(server->nfs_client);
++ exception.retry = 1;
++ continue;
++ }
+ if (status == -EAGAIN) {
+ /* We must have found a delegation */
+ exception.retry = 1;
--- /dev/null
+From 9db8dc6d0785225c42a37be7b44d1b07b31b8957 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 8 Jan 2020 14:32:08 -0700
+Subject: PCI: Don't disable bridge BARs when assigning bus resources
+
+From: Logan Gunthorpe <logang@deltatee.com>
+
+commit 9db8dc6d0785225c42a37be7b44d1b07b31b8957 upstream.
+
+Some PCI bridges implement BARs in addition to bridge windows. For
+example, here's a PLX switch:
+
+ 04:00.0 PCI bridge: PLX Technology, Inc. PEX 8724 24-Lane, 6-Port PCI
+ Express Gen 3 (8 GT/s) Switch, 19 x 19mm FCBGA (rev ca)
+ (prog-if 00 [Normal decode])
+ Flags: bus master, fast devsel, latency 0, IRQ 30, NUMA node 0
+ Memory at 90a00000 (32-bit, non-prefetchable) [size=256K]
+ Bus: primary=04, secondary=05, subordinate=0a, sec-latency=0
+ I/O behind bridge: 00002000-00003fff
+ Memory behind bridge: 90000000-909fffff
+ Prefetchable memory behind bridge: 0000380000800000-0000380000bfffff
+
+Previously, when the kernel assigned resource addresses (with the
+pci=realloc command line parameter, for example) it could clear the struct
+resource corresponding to the BAR. When this happened, lspci would report
+this BAR as "ignored":
+
+ Region 0: Memory at <ignored> (32-bit, non-prefetchable) [size=256K]
+
+This is because the kernel reports a zero start address and zero flags
+in the corresponding sysfs resource file and in /proc/bus/pci/devices.
+Investigation with 'lspci -x', however, shows the BIOS-assigned address
+will still be programmed in the device's BAR registers.
+
+It's clearly a bug that the kernel lost track of the BAR value, but in most
+cases, this still won't result in a visible issue because nothing uses the
+memory, so nothing is affected. However, when an IOMMU is in use, it will
+not reserve this space in the IOVA because the kernel no longer thinks the
+range is valid. (See dmar_init_reserved_ranges() for the Intel
+implementation of this.)
+
+Without the proper reserved range, a DMA mapping may allocate an IOVA that
+matches a bridge BAR, which results in DMA accesses going to the BAR
+instead of the intended RAM.
+
+The problem was in pci_assign_unassigned_root_bus_resources(). When any
+resource from a bridge device fails to get assigned, the code set the
+resource's flags to zero. This makes sense for bridge windows, as they
+will be re-enabled later, but for regular BARs, it makes the kernel
+permanently lose track of the fact that they decode address space.
+
+Change pci_assign_unassigned_root_bus_resources() and
+pci_assign_unassigned_bridge_resources() so they only clear "res->flags"
+for bridge *windows*, not bridge BARs.
+
+Fixes: da7822e5ad71 ("PCI: update bridge resources to get more big ranges when allocating space (again)")
+Link: https://lore.kernel.org/r/20200108213208.4612-1-logang@deltatee.com
+[bhelgaas: commit log, check for pci_is_bridge()]
+Reported-by: Kit Chow <kchow@gigaio.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/setup-bus.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+--- a/drivers/pci/setup-bus.c
++++ b/drivers/pci/setup-bus.c
+@@ -1820,12 +1820,18 @@ again:
+ /* restore size and flags */
+ list_for_each_entry(fail_res, &fail_head, list) {
+ struct resource *res = fail_res->res;
++ int idx;
+
+ res->start = fail_res->start;
+ res->end = fail_res->end;
+ res->flags = fail_res->flags;
+- if (fail_res->dev->subordinate)
+- res->flags = 0;
++
++ if (pci_is_bridge(fail_res->dev)) {
++ idx = res - &fail_res->dev->resource[0];
++ if (idx >= PCI_BRIDGE_RESOURCES &&
++ idx <= PCI_BRIDGE_RESOURCE_END)
++ res->flags = 0;
++ }
+ }
+ free_list(&fail_head);
+
+@@ -2066,12 +2072,18 @@ again:
+ /* restore size and flags */
+ list_for_each_entry(fail_res, &fail_head, list) {
+ struct resource *res = fail_res->res;
++ int idx;
+
+ res->start = fail_res->start;
+ res->end = fail_res->end;
+ res->flags = fail_res->flags;
+- if (fail_res->dev->subordinate)
+- res->flags = 0;
++
++ if (pci_is_bridge(fail_res->dev)) {
++ idx = res - &fail_res->dev->resource[0];
++ if (idx >= PCI_BRIDGE_RESOURCES &&
++ idx <= PCI_BRIDGE_RESOURCE_END)
++ res->flags = 0;
++ }
+ }
+ free_list(&fail_head);
+
--- /dev/null
+From 8c386cc817878588195dde38e919aa6ba9409d58 Mon Sep 17 00:00:00 2001
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+Date: Mon, 25 Nov 2019 13:52:52 -0600
+Subject: PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+commit 8c386cc817878588195dde38e919aa6ba9409d58 upstream.
+
+In the implementation of pci_iov_add_virtfn() the allocated virtfn is
+leaked if pci_setup_device() fails. The error handling is not calling
+pci_stop_and_remove_bus_device(). Change the goto label to failed2.
+
+Fixes: 156c55325d30 ("PCI: Check for pci_setup_device() failure in pci_iov_add_virtfn()")
+Link: https://lore.kernel.org/r/20191125195255.23740-1-navid.emamdoost@gmail.com
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/iov.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/pci/iov.c
++++ b/drivers/pci/iov.c
+@@ -188,10 +188,10 @@ int pci_iov_add_virtfn(struct pci_dev *d
+ sprintf(buf, "virtfn%u", id);
+ rc = sysfs_create_link(&dev->dev.kobj, &virtfn->dev.kobj, buf);
+ if (rc)
+- goto failed2;
++ goto failed1;
+ rc = sysfs_create_link(&virtfn->dev.kobj, &dev->dev.kobj, "physfn");
+ if (rc)
+- goto failed3;
++ goto failed2;
+
+ kobject_uevent(&virtfn->dev.kobj, KOBJ_CHANGE);
+
+@@ -199,11 +199,10 @@ int pci_iov_add_virtfn(struct pci_dev *d
+
+ return 0;
+
+-failed3:
+- sysfs_remove_link(&dev->dev.kobj, buf);
+ failed2:
+- pci_stop_and_remove_bus_device(virtfn);
++ sysfs_remove_link(&dev->dev.kobj, buf);
+ failed1:
++ pci_stop_and_remove_bus_device(virtfn);
+ pci_dev_put(dev);
+ failed0:
+ virtfn_remove_bus(dev->bus, bus);
--- /dev/null
+From 9375646b4cf03aee81bc6c305aa18cc80b682796 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Mon, 6 Jan 2020 12:03:27 -0700
+Subject: PCI/switchtec: Fix vep_vector_number ioread width
+
+From: Logan Gunthorpe <logang@deltatee.com>
+
+commit 9375646b4cf03aee81bc6c305aa18cc80b682796 upstream.
+
+vep_vector_number is actually a 16 bit register which should be read with
+ioread16() instead of ioread32().
+
+Fixes: 080b47def5e5 ("MicroSemi Switchtec management interface driver")
+Link: https://lore.kernel.org/r/20200106190337.2428-3-logang@deltatee.com
+Reported-by: Doug Meyer <dmeyer@gigaio.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/switch/switchtec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pci/switch/switchtec.c
++++ b/drivers/pci/switch/switchtec.c
+@@ -1186,7 +1186,7 @@ static int switchtec_init_isr(struct swi
+ if (nvecs < 0)
+ return nvecs;
+
+- event_irq = ioread32(&stdev->mmio_part_cfg->vep_vector_number);
++ event_irq = ioread16(&stdev->mmio_part_cfg->vep_vector_number);
+ if (event_irq < 0 || event_irq >= nvecs)
+ return -EFAULT;
+
--- /dev/null
+From 14e23bd6d22123f6f3b2747701fa6cd4c6d05873 Mon Sep 17 00:00:00 2001
+From: Jason Gunthorpe <jgg@ziepe.ca>
+Date: Wed, 8 Jan 2020 19:22:03 +0200
+Subject: RDMA/core: Fix locking in ib_uverbs_event_read
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jason Gunthorpe <jgg@mellanox.com>
+
+commit 14e23bd6d22123f6f3b2747701fa6cd4c6d05873 upstream.
+
+This should not be using ib_dev to test for disassociation, during
+disassociation is_closed is set under lock and the waitq is triggered.
+
+Instead check is_closed and be sure to re-obtain the lock to test the
+value after the wait_event returns.
+
+Fixes: 036b10635739 ("IB/uverbs: Enable device removal when there are active user space applications")
+Link: https://lore.kernel.org/r/1578504126-9400-12-git-send-email-yishaih@mellanox.com
+Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
+Reviewed-by: Håkon Bugge <haakon.bugge@oracle.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/uverbs_main.c | 32 ++++++++++++++------------------
+ 1 file changed, 14 insertions(+), 18 deletions(-)
+
+--- a/drivers/infiniband/core/uverbs_main.c
++++ b/drivers/infiniband/core/uverbs_main.c
+@@ -273,7 +273,6 @@ void ib_uverbs_release_file(struct kref
+ }
+
+ static ssize_t ib_uverbs_event_read(struct ib_uverbs_event_queue *ev_queue,
+- struct ib_uverbs_file *uverbs_file,
+ struct file *filp, char __user *buf,
+ size_t count, loff_t *pos,
+ size_t eventsz)
+@@ -291,19 +290,16 @@ static ssize_t ib_uverbs_event_read(stru
+
+ if (wait_event_interruptible(ev_queue->poll_wait,
+ (!list_empty(&ev_queue->event_list) ||
+- /* The barriers built into wait_event_interruptible()
+- * and wake_up() guarentee this will see the null set
+- * without using RCU
+- */
+- !uverbs_file->device->ib_dev)))
++ ev_queue->is_closed)))
+ return -ERESTARTSYS;
+
++ spin_lock_irq(&ev_queue->lock);
++
+ /* If device was disassociated and no event exists set an error */
+- if (list_empty(&ev_queue->event_list) &&
+- !uverbs_file->device->ib_dev)
++ if (list_empty(&ev_queue->event_list) && ev_queue->is_closed) {
++ spin_unlock_irq(&ev_queue->lock);
+ return -EIO;
+-
+- spin_lock_irq(&ev_queue->lock);
++ }
+ }
+
+ event = list_entry(ev_queue->event_list.next, struct ib_uverbs_event, list);
+@@ -338,8 +334,7 @@ static ssize_t ib_uverbs_async_event_rea
+ {
+ struct ib_uverbs_async_event_file *file = filp->private_data;
+
+- return ib_uverbs_event_read(&file->ev_queue, file->uverbs_file, filp,
+- buf, count, pos,
++ return ib_uverbs_event_read(&file->ev_queue, filp, buf, count, pos,
+ sizeof(struct ib_uverbs_async_event_desc));
+ }
+
+@@ -349,9 +344,8 @@ static ssize_t ib_uverbs_comp_event_read
+ struct ib_uverbs_completion_event_file *comp_ev_file =
+ filp->private_data;
+
+- return ib_uverbs_event_read(&comp_ev_file->ev_queue,
+- comp_ev_file->uobj.ufile, filp,
+- buf, count, pos,
++ return ib_uverbs_event_read(&comp_ev_file->ev_queue, filp, buf, count,
++ pos,
+ sizeof(struct ib_uverbs_comp_event_desc));
+ }
+
+@@ -374,7 +368,9 @@ static __poll_t ib_uverbs_event_poll(str
+ static __poll_t ib_uverbs_async_event_poll(struct file *filp,
+ struct poll_table_struct *wait)
+ {
+- return ib_uverbs_event_poll(filp->private_data, filp, wait);
++ struct ib_uverbs_async_event_file *file = filp->private_data;
++
++ return ib_uverbs_event_poll(&file->ev_queue, filp, wait);
+ }
+
+ static __poll_t ib_uverbs_comp_event_poll(struct file *filp,
+@@ -388,9 +384,9 @@ static __poll_t ib_uverbs_comp_event_pol
+
+ static int ib_uverbs_async_event_fasync(int fd, struct file *filp, int on)
+ {
+- struct ib_uverbs_event_queue *ev_queue = filp->private_data;
++ struct ib_uverbs_async_event_file *file = filp->private_data;
+
+- return fasync_helper(fd, filp, on, &ev_queue->async_queue);
++ return fasync_helper(fd, filp, on, &file->ev_queue.async_queue);
+ }
+
+ static int ib_uverbs_comp_event_fasync(int fd, struct file *filp, int on)
--- /dev/null
+From a242c36951ecd24bc16086940dbe6b522205c461 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?H=C3=A5kon=20Bugge?= <haakon.bugge@oracle.com>
+Date: Mon, 16 Dec 2019 13:04:36 +0100
+Subject: RDMA/netlink: Do not always generate an ACK for some netlink operations
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Håkon Bugge <haakon.bugge@oracle.com>
+
+commit a242c36951ecd24bc16086940dbe6b522205c461 upstream.
+
+In rdma_nl_rcv_skb(), the local variable err is assigned the return value
+of the supplied callback function, which could be one of
+ib_nl_handle_resolve_resp(), ib_nl_handle_set_timeout(), or
+ib_nl_handle_ip_res_resp(). These three functions all return skb->len on
+success.
+
+rdma_nl_rcv_skb() is merely a copy of netlink_rcv_skb(). The callback
+functions used by the latter have the convention: "Returns 0 on success or
+a negative error code".
+
+In particular, the statement (equal for both functions):
+
+ if (nlh->nlmsg_flags & NLM_F_ACK || err)
+
+implies that rdma_nl_rcv_skb() always will ack a message, independent of
+the NLM_F_ACK being set in nlmsg_flags or not.
+
+The fix could be to change the above statement, but it is better to keep
+the two *_rcv_skb() functions equal in this respect and instead change the
+three callback functions in the rdma subsystem to the correct convention.
+
+Fixes: 2ca546b92a02 ("IB/sa: Route SA pathrecord query through netlink")
+Fixes: ae43f8286730 ("IB/core: Add IP to GID netlink offload")
+Link: https://lore.kernel.org/r/20191216120436.3204814-1-haakon.bugge@oracle.com
+Suggested-by: Mark Haywood <mark.haywood@oracle.com>
+Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
+Tested-by: Mark Haywood <mark.haywood@oracle.com>
+Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
+Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/addr.c | 2 +-
+ drivers/infiniband/core/sa_query.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/infiniband/core/addr.c
++++ b/drivers/infiniband/core/addr.c
+@@ -136,7 +136,7 @@ int ib_nl_handle_ip_res_resp(struct sk_b
+ if (ib_nl_is_good_ip_resp(nlh))
+ ib_nl_process_good_ip_rsep(nlh);
+
+- return skb->len;
++ return 0;
+ }
+
+ static int ib_nl_ip_send_msg(struct rdma_dev_addr *dev_addr,
+--- a/drivers/infiniband/core/sa_query.c
++++ b/drivers/infiniband/core/sa_query.c
+@@ -1078,7 +1078,7 @@ int ib_nl_handle_set_timeout(struct sk_b
+ }
+
+ settimeout_out:
+- return skb->len;
++ return 0;
+ }
+
+ static inline int ib_nl_is_good_resolve_resp(const struct nlmsghdr *nlh)
+@@ -1149,7 +1149,7 @@ int ib_nl_handle_resolve_resp(struct sk_
+ }
+
+ resp_out:
+- return skb->len;
++ return 0;
+ }
+
+ static void free_sm_ah(struct kref *kref)
--- /dev/null
+From ca95c1411198c2d87217c19d44571052cdc94725 Mon Sep 17 00:00:00 2001
+From: Michael Guralnik <michaelgur@mellanox.com>
+Date: Wed, 8 Jan 2020 20:05:35 +0200
+Subject: RDMA/uverbs: Verify MR access flags
+
+From: Michael Guralnik <michaelgur@mellanox.com>
+
+commit ca95c1411198c2d87217c19d44571052cdc94725 upstream.
+
+Verify that MR access flags that are passed from user are all supported
+ones, otherwise an error is returned.
+
+Fixes: 4fca03778351 ("IB/uverbs: Move ib_access_flags and ib_read_counters_flags to uapi")
+Link: https://lore.kernel.org/r/1578506740-22188-6-git-send-email-yishaih@mellanox.com
+Signed-off-by: Michael Guralnik <michaelgur@mellanox.com>
+Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/rdma/ib_verbs.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/include/rdma/ib_verbs.h
++++ b/include/rdma/ib_verbs.h
+@@ -3864,6 +3864,9 @@ static inline int ib_check_mr_access(int
+ !(flags & IB_ACCESS_LOCAL_WRITE))
+ return -EINVAL;
+
++ if (flags & ~IB_ACCESS_SUPPORTED)
++ return -EINVAL;
++
+ return 0;
+ }
+
--- /dev/null
+From b9fc5320212efdfb4e08b825aaa007815fd11d16 Mon Sep 17 00:00:00 2001
+From: Bean Huo <beanhuo@micron.com>
+Date: Mon, 20 Jan 2020 14:08:13 +0100
+Subject: scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
+
+From: Bean Huo <beanhuo@micron.com>
+
+commit b9fc5320212efdfb4e08b825aaa007815fd11d16 upstream.
+
+A non-zero error value likely being returned by ufshcd_scsi_add_wlus() in
+case of failure of adding the WLs, but ufshcd_probe_hba() doesn't use this
+value, and doesn't report this failure to upper caller. This patch is to
+fix this issue.
+
+Fixes: 2a8fa600445c ("ufs: manually add well known logical units")
+Link: https://lore.kernel.org/r/20200120130820.1737-2-huobean@gmail.com
+Reviewed-by: Asutosh Das <asutoshd@codeaurora.org>
+Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
+Reviewed-by: Stanley Chu <stanley.chu@mediatek.com>
+Signed-off-by: Bean Huo <beanhuo@micron.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/ufs/ufshcd.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/ufs/ufshcd.c
++++ b/drivers/scsi/ufs/ufshcd.c
+@@ -6685,7 +6685,8 @@ static int ufshcd_probe_hba(struct ufs_h
+ ufshcd_init_icc_levels(hba);
+
+ /* Add required well known logical units to scsi mid layer */
+- if (ufshcd_scsi_add_wlus(hba))
++ ret = ufshcd_scsi_add_wlus(hba);
++ if (ret)
+ goto out;
+
+ /* Initialize devfreq after UFS device is detected */
asoc-pcm-update-fe-be-trigger-order-based-on-the-com.patch
hv_sock-remove-the-accept-port-restriction.patch
+ib-mlx4-fix-memory-leak-in-add_gid-error-flow.patch
+rdma-netlink-do-not-always-generate-an-ack-for-some-netlink-operations.patch
+rdma-core-fix-locking-in-ib_uverbs_event_read.patch
+rdma-uverbs-verify-mr-access-flags.patch
+scsi-ufs-fix-ufshcd_probe_hba-reture-value-in-case-ufshcd_scsi_add_wlus-fails.patch
+pci-iov-fix-memory-leak-in-pci_iov_add_virtfn.patch
+ath10k-pci-only-dump-ath10k_mem_region_type_ioreg-when-safe.patch
+pci-switchtec-fix-vep_vector_number-ioread-width.patch
+pci-don-t-disable-bridge-bars-when-assigning-bus-resources.patch
+nfs-nfs_swap-should-depend-on-swap.patch
+nfs-revalidate-the-file-size-on-a-fatal-write-error.patch
+nfs-pnfs-fix-pnfs_generic_prepare_to_resend_writes.patch
+nfsv4-try-lease-recovery-on-nfs4err_expired.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
