--- /dev/null
+From e71ab2aa06f731a944993120b0eef1556c63b81c Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Thu, 21 Mar 2019 14:59:02 +1000
+Subject: cifs: allow guest mounts to work for smb3.11
+
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+
+commit e71ab2aa06f731a944993120b0eef1556c63b81c upstream.
+
+Fix Guest/Anonymous sessions so that they work with SMB 3.11.
+
+The commit noted below tightened the conditions and forced signing for
+the SMB2-TreeConnect commands as per MS-SMB2.
+However, this should only apply to normal user sessions and not for
+Guest/Anonumous sessions.
+
+Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
+
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2pdu.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1605,9 +1605,13 @@ SMB2_tcon(const unsigned int xid, struct
+ iov[1].iov_base = unc_path;
+ iov[1].iov_len = unc_path_len;
+
+- /* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 */
++ /*
++ * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
++ * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
++ */
+ if ((ses->server->dialect == SMB311_PROT_ID) &&
+- !smb3_encryption_required(tcon))
++ !smb3_encryption_required(tcon) &&
++ !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)))
+ req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
+
+ memset(&rqst, 0, sizeof(struct smb_rqst));
--- /dev/null
+From 32d0be018f6f5ee2d5d19c4795304613560814cf Mon Sep 17 00:00:00 2001
+From: Atish Patra <atish.patra@wdc.com>
+Date: Fri, 22 Mar 2019 14:54:11 -0700
+Subject: clocksource/drivers/riscv: Fix clocksource mask
+
+From: Atish Patra <atish.patra@wdc.com>
+
+commit 32d0be018f6f5ee2d5d19c4795304613560814cf upstream.
+
+For all riscv architectures (RV32, RV64 and RV128), the clocksource
+is a 64 bit incrementing counter.
+
+Fix the clock source mask accordingly.
+
+Tested on both 64bit and 32 bit virt machine in QEMU.
+
+Fixes: 62b019436814 ("clocksource: new RISC-V SBI timer driver")
+Signed-off-by: Atish Patra <atish.patra@wdc.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Anup Patel <anup@brainfault.org>
+Cc: Albert Ou <aou@eecs.berkeley.edu>
+Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
+Cc: linux-riscv@lists.infradead.org
+Cc: Palmer Dabbelt <palmer@sifive.com>
+Cc: Anup Patel <Anup.Patel@wdc.com>
+Cc: Damien Le Moal <Damien.LeMoal@wdc.com>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20190322215411.19362-1-atish.patra@wdc.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/clocksource/timer-riscv.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/clocksource/timer-riscv.c
++++ b/drivers/clocksource/timer-riscv.c
+@@ -58,7 +58,7 @@ static u64 riscv_sched_clock(void)
+ static DEFINE_PER_CPU(struct clocksource, riscv_clocksource) = {
+ .name = "riscv_clocksource",
+ .rating = 300,
+- .mask = CLOCKSOURCE_MASK(BITS_PER_LONG),
++ .mask = CLOCKSOURCE_MASK(64),
+ .flags = CLOCK_SOURCE_IS_CONTINUOUS,
+ .read = riscv_clocksource_rdtime,
+ };
+@@ -103,8 +103,7 @@ static int __init riscv_timer_init_dt(st
+ cs = per_cpu_ptr(&riscv_clocksource, cpuid);
+ clocksource_register_hz(cs, riscv_timebase);
+
+- sched_clock_register(riscv_sched_clock,
+- BITS_PER_LONG, riscv_timebase);
++ sched_clock_register(riscv_sched_clock, 64, riscv_timebase);
+
+ error = cpuhp_setup_state(CPUHP_AP_RISCV_TIMER_STARTING,
+ "clockevents/riscv/timer:starting",
--- /dev/null
+From 5a07168d8d89b00fe1760120714378175b3ef992 Mon Sep 17 00:00:00 2001
+From: Chen Jie <chenjie6@huawei.com>
+Date: Fri, 15 Mar 2019 03:44:38 +0000
+Subject: futex: Ensure that futex address is aligned in handle_futex_death()
+
+From: Chen Jie <chenjie6@huawei.com>
+
+commit 5a07168d8d89b00fe1760120714378175b3ef992 upstream.
+
+The futex code requires that the user space addresses of futexes are 32bit
+aligned. sys_futex() checks this in futex_get_keys() but the robust list
+code has no alignment check in place.
+
+As a consequence the kernel crashes on architectures with strict alignment
+requirements in handle_futex_death() when trying to cmpxchg() on an
+unaligned futex address which was retrieved from the robust list.
+
+[ tglx: Rewrote changelog, proper sizeof() based alignement check and add
+ comment ]
+
+Fixes: 0771dfefc9e5 ("[PATCH] lightweight robust futexes: core")
+Signed-off-by: Chen Jie <chenjie6@huawei.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: <dvhart@infradead.org>
+Cc: <peterz@infradead.org>
+Cc: <zengweilin@huawei.com>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/1552621478-119787-1-git-send-email-chenjie6@huawei.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -3440,6 +3440,10 @@ static int handle_futex_death(u32 __user
+ {
+ u32 uval, uninitialized_var(nval), mval;
+
++ /* Futex address must be 32bit aligned */
++ if ((((unsigned long)uaddr) % sizeof(*uaddr)) != 0)
++ return -1;
++
+ retry:
+ if (get_user(uval, uaddr))
+ return -1;
--- /dev/null
+From 89dc891792c2e046b030f87600109c22209da32e Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Tue, 12 Mar 2019 18:33:46 +0100
+Subject: irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit 89dc891792c2e046b030f87600109c22209da32e upstream.
+
+The lpi_range_list is supposed to be sorted in ascending order of
+->base_id (at least if the range merging is to work), but the current
+comparison function returns a positive value if rb->base_id >
+ra->base_id, which means that list_sort() will put A after B in that
+case - and vice versa, of course.
+
+Fixes: 880cb3cddd16 (irqchip/gic-v3-its: Refactor LPI allocator)
+Cc: stable@vger.kernel.org (v4.19+)
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/irqchip/irq-gic-v3-its.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/irqchip/irq-gic-v3-its.c
++++ b/drivers/irqchip/irq-gic-v3-its.c
+@@ -1482,7 +1482,7 @@ static int lpi_range_cmp(void *priv, str
+ ra = container_of(a, struct lpi_range, entry);
+ rb = container_of(b, struct lpi_range, entry);
+
+- return rb->base_id - ra->base_id;
++ return ra->base_id - rb->base_id;
+ }
+
+ static void merge_lpi_ranges(void)
--- /dev/null
+From 0c671812f152b628bd87c0af49da032cc2a2c319 Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Mon, 18 Mar 2019 19:09:38 -0500
+Subject: objtool: Move objtool_file struct off the stack
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+commit 0c671812f152b628bd87c0af49da032cc2a2c319 upstream.
+
+Objtool uses over 512k of stack, thanks to the hash table embedded in
+the objtool_file struct. This causes an unnecessarily large stack
+allocation and breaks users with low stack limits.
+
+Move the struct off the stack.
+
+Fixes: 042ba73fe7eb ("objtool: Add several performance improvements")
+Reported-by: Vassili Karpov <moosotc@gmail.com>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/df92dcbc4b84b02ffa252f46876df125fb56e2d7.1552954176.git.jpoimboe@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/objtool/check.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/tools/objtool/check.c
++++ b/tools/objtool/check.c
+@@ -2184,9 +2184,10 @@ static void cleanup(struct objtool_file
+ elf_close(file->elf);
+ }
+
++static struct objtool_file file;
++
+ int check(const char *_objname, bool orc)
+ {
+- struct objtool_file file;
+ int ret, warnings = 0;
+
+ objname = _objname;
--- /dev/null
+From eaeffeb9838a7c0dec981d258666bfcc0fa6a947 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Mon, 4 Mar 2019 15:13:21 +0200
+Subject: perf probe: Fix getting the kernel map
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit eaeffeb9838a7c0dec981d258666bfcc0fa6a947 upstream.
+
+Since commit 4d99e4136580 ("perf machine: Workaround missing maps for
+x86 PTI entry trampolines"), perf tools has been creating more than one
+kernel map, however 'perf probe' assumed there could be only one.
+
+Fix by using machine__kernel_map() to get the main kernel map.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Tested-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Jiufei Xue <jiufei.xue@linux.alibaba.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Cc: Xu Yu <xuyu@linux.alibaba.com>
+Fixes: 4d99e4136580 ("perf machine: Workaround missing maps for x86 PTI entry trampolines")
+Fixes: d83212d5dd67 ("kallsyms, x86: Export addresses of PTI entry trampolines")
+Link: http://lkml.kernel.org/r/2ed432de-e904-85d2-5c36-5897ddc5b23b@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/probe-event.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/util/probe-event.c
++++ b/tools/perf/util/probe-event.c
+@@ -157,8 +157,10 @@ static struct map *kernel_get_module_map
+ if (module && strchr(module, '/'))
+ return dso__new_map(module);
+
+- if (!module)
+- module = "kernel";
++ if (!module) {
++ pos = machine__kernel_map(host_machine);
++ return map__get(pos);
++ }
+
+ for (pos = maps__first(maps); pos; pos = map__next(pos)) {
+ /* short_name is "[module]" */
--- /dev/null
+From 17605afaae825b0291f80c62a7f6565879edaa8a Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Fri, 15 Mar 2019 16:27:58 -0700
+Subject: scsi: core: Avoid that a kernel warning appears during system resume
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit 17605afaae825b0291f80c62a7f6565879edaa8a upstream.
+
+Since scsi_device_quiesce() skips SCSI devices that have another state than
+RUNNING, OFFLINE or TRANSPORT_OFFLINE, scsi_device_resume() should not
+complain about SCSI devices that have been skipped. Hence this patch. This
+patch avoids that the following warning appears during resume:
+
+WARNING: CPU: 3 PID: 1039 at blk_clear_pm_only+0x2a/0x30
+CPU: 3 PID: 1039 Comm: kworker/u8:49 Not tainted 5.0.0+ #1
+Hardware name: LENOVO 4180F42/4180F42, BIOS 83ET75WW (1.45 ) 05/10/2013
+Workqueue: events_unbound async_run_entry_fn
+RIP: 0010:blk_clear_pm_only+0x2a/0x30
+Call Trace:
+ ? scsi_device_resume+0x28/0x50
+ ? scsi_dev_type_resume+0x2b/0x80
+ ? async_run_entry_fn+0x2c/0xd0
+ ? process_one_work+0x1f0/0x3f0
+ ? worker_thread+0x28/0x3c0
+ ? process_one_work+0x3f0/0x3f0
+ ? kthread+0x10c/0x130
+ ? __kthread_create_on_node+0x150/0x150
+ ? ret_from_fork+0x1f/0x30
+
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Hannes Reinecke <hare@suse.com>
+Cc: Ming Lei <ming.lei@redhat.com>
+Cc: Johannes Thumshirn <jthumshirn@suse.de>
+Cc: Oleksandr Natalenko <oleksandr@natalenko.name>
+Cc: Martin Steigerwald <martin@lichtvoll.de>
+Cc: <stable@vger.kernel.org>
+Reported-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
+Tested-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
+Fixes: 3a0a529971ec ("block, scsi: Make SCSI quiesce and resume work reliably") # v4.15
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_lib.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_lib.c
++++ b/drivers/scsi/scsi_lib.c
+@@ -2598,8 +2598,10 @@ void scsi_device_resume(struct scsi_devi
+ * device deleted during suspend)
+ */
+ mutex_lock(&sdev->state_mutex);
+- sdev->quiesced_by = NULL;
+- blk_clear_pm_only(sdev->request_queue);
++ if (sdev->quiesced_by) {
++ sdev->quiesced_by = NULL;
++ blk_clear_pm_only(sdev->request_queue);
++ }
+ if (sdev->sdev_state == SDEV_QUIESCE)
+ scsi_device_set_state(sdev, SDEV_RUNNING);
+ mutex_unlock(&sdev->state_mutex);
--- /dev/null
+From 7f5203c13ba8a7b7f9f6ecfe5a4d5567188d7835 Mon Sep 17 00:00:00 2001
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Date: Wed, 20 Mar 2019 13:41:51 -0500
+Subject: scsi: ibmvscsi: Fix empty event pool access during host removal
+
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+
+commit 7f5203c13ba8a7b7f9f6ecfe5a4d5567188d7835 upstream.
+
+The event pool used for queueing commands is destroyed fairly early in the
+ibmvscsi_remove() code path. Since, this happens prior to the call so
+scsi_remove_host() it is possible for further calls to queuecommand to be
+processed which manifest as a panic due to a NULL pointer dereference as
+seen here:
+
+PANIC: "Unable to handle kernel paging request for data at address
+0x00000000"
+
+Context process backtrace:
+
+DSISR: 0000000042000000 ????Syscall Result: 0000000000000000
+4 [c000000002cb3820] memcpy_power7 at c000000000064204
+[Link Register] [c000000002cb3820] ibmvscsi_send_srp_event at d000000003ed14a4
+5 [c000000002cb3920] ibmvscsi_send_srp_event at d000000003ed14a4 [ibmvscsi] ?(unreliable)
+6 [c000000002cb39c0] ibmvscsi_queuecommand at d000000003ed2388 [ibmvscsi]
+7 [c000000002cb3a70] scsi_dispatch_cmd at d00000000395c2d8 [scsi_mod]
+8 [c000000002cb3af0] scsi_request_fn at d00000000395ef88 [scsi_mod]
+9 [c000000002cb3be0] __blk_run_queue at c000000000429860
+10 [c000000002cb3c10] blk_delay_work at c00000000042a0ec
+11 [c000000002cb3c40] process_one_work at c0000000000dac30
+12 [c000000002cb3cd0] worker_thread at c0000000000db110
+13 [c000000002cb3d80] kthread at c0000000000e3378
+14 [c000000002cb3e30] ret_from_kernel_thread at c00000000000982c
+
+The kernel buffer log is overfilled with this log:
+
+[11261.952732] ibmvscsi: found no event struct in pool!
+
+This patch reorders the operations during host teardown. Start by calling
+the SRP transport and Scsi_Host remove functions to flush any outstanding
+work and set the host offline. LLDD teardown follows including destruction
+of the event pool, freeing the Command Response Queue (CRQ), and unmapping
+any persistent buffers. The event pool destruction is protected by the
+scsi_host lock, and the pool is purged prior of any requests for which we
+never received a response. Finally, move the removal of the scsi host from
+our global list to the end so that the host is easily locatable for
+debugging purposes during teardown.
+
+Cc: <stable@vger.kernel.org> # v2.6.12+
+Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/ibmvscsi/ibmvscsi.c | 22 ++++++++++++++++------
+ 1 file changed, 16 insertions(+), 6 deletions(-)
+
+--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
+@@ -2295,17 +2295,27 @@ static int ibmvscsi_probe(struct vio_dev
+ static int ibmvscsi_remove(struct vio_dev *vdev)
+ {
+ struct ibmvscsi_host_data *hostdata = dev_get_drvdata(&vdev->dev);
+- spin_lock(&ibmvscsi_driver_lock);
+- list_del(&hostdata->host_list);
+- spin_unlock(&ibmvscsi_driver_lock);
+- unmap_persist_bufs(hostdata);
++ unsigned long flags;
++
++ srp_remove_host(hostdata->host);
++ scsi_remove_host(hostdata->host);
++
++ purge_requests(hostdata, DID_ERROR);
++
++ spin_lock_irqsave(hostdata->host->host_lock, flags);
+ release_event_pool(&hostdata->pool, hostdata);
++ spin_unlock_irqrestore(hostdata->host->host_lock, flags);
++
+ ibmvscsi_release_crq_queue(&hostdata->queue, hostdata,
+ max_events);
+
+ kthread_stop(hostdata->work_thread);
+- srp_remove_host(hostdata->host);
+- scsi_remove_host(hostdata->host);
++ unmap_persist_bufs(hostdata);
++
++ spin_lock(&ibmvscsi_driver_lock);
++ list_del(&hostdata->host_list);
++ spin_unlock(&ibmvscsi_driver_lock);
++
+ scsi_host_put(hostdata->host);
+
+ return 0;
--- /dev/null
+From 7205981e045e752ccf96cf6ddd703a98c59d4339 Mon Sep 17 00:00:00 2001
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Date: Wed, 20 Mar 2019 13:41:50 -0500
+Subject: scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
+
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+
+commit 7205981e045e752ccf96cf6ddd703a98c59d4339 upstream.
+
+For each ibmvscsi host created during a probe or destroyed during a remove
+we either add or remove that host to/from the global ibmvscsi_head
+list. This runs the risk of concurrent modification.
+
+This patch adds a simple spinlock around the list modification calls to
+prevent concurrent updates as is done similarly in the ibmvfc driver and
+ipr driver.
+
+Fixes: 32d6e4b6e4ea ("scsi: ibmvscsi: add vscsi hosts to global list_head")
+Cc: <stable@vger.kernel.org> # v4.10+
+Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/ibmvscsi/ibmvscsi.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
+@@ -96,6 +96,7 @@ static int client_reserve = 1;
+ static char partition_name[96] = "UNKNOWN";
+ static unsigned int partition_number = -1;
+ static LIST_HEAD(ibmvscsi_head);
++static DEFINE_SPINLOCK(ibmvscsi_driver_lock);
+
+ static struct scsi_transport_template *ibmvscsi_transport_template;
+
+@@ -2270,7 +2271,9 @@ static int ibmvscsi_probe(struct vio_dev
+ }
+
+ dev_set_drvdata(&vdev->dev, hostdata);
++ spin_lock(&ibmvscsi_driver_lock);
+ list_add_tail(&hostdata->host_list, &ibmvscsi_head);
++ spin_unlock(&ibmvscsi_driver_lock);
+ return 0;
+
+ add_srp_port_failed:
+@@ -2292,7 +2295,9 @@ static int ibmvscsi_probe(struct vio_dev
+ static int ibmvscsi_remove(struct vio_dev *vdev)
+ {
+ struct ibmvscsi_host_data *hostdata = dev_get_drvdata(&vdev->dev);
++ spin_lock(&ibmvscsi_driver_lock);
+ list_del(&hostdata->host_list);
++ spin_unlock(&ibmvscsi_driver_lock);
+ unmap_persist_bufs(hostdata);
+ release_event_pool(&hostdata->pool, hostdata);
+ ibmvscsi_release_crq_queue(&hostdata->queue, hostdata,
--- /dev/null
+From 4705f10e82c63924bd84a9b31d15839ec9ba3d06 Mon Sep 17 00:00:00 2001
+From: Quinn Tran <qtran@marvell.com>
+Date: Fri, 15 Mar 2019 15:04:18 -0700
+Subject: scsi: qla2xxx: Fix FC-AL connection target discovery
+
+From: Quinn Tran <qtran@marvell.com>
+
+commit 4705f10e82c63924bd84a9b31d15839ec9ba3d06 upstream.
+
+Commit 7f147f9bfd44 ("scsi: qla2xxx: Fix N2N target discovery with Local
+loop") fixed N2N target discovery for local loop. However, same code is
+used for FC-AL discovery as well. Added check to make sure we are bypassing
+area and domain check only in N2N topology for target discovery.
+
+Fixes: 7f147f9bfd44 ("scsi: qla2xxx: Fix N2N target discovery with Local loop")
+Cc: stable@vger.kernel.org # 5.0+
+Signed-off-by: Quinn Tran <qtran@marvell.com>
+Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
+Reviewed-by: Ewan D. Milne <emilne@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_init.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -4968,6 +4968,13 @@ qla2x00_configure_local_loop(scsi_qla_ho
+ (area != vha->d_id.b.area || domain != vha->d_id.b.domain))
+ continue;
+
++ /* Bypass if not same domain and area of adapter. */
++ if (area && domain && ((area != vha->d_id.b.area) ||
++ (domain != vha->d_id.b.domain)) &&
++ (ha->current_topology == ISP_CFG_NL))
++ continue;
++
++
+ /* Bypass invalid local loop ID. */
+ if (loop_id > LAST_LOCAL_LOOP_ID)
+ continue;
powerpc-mm-only-define-max_physmem_bits-in-sparsemem-configurations.patch
powerpc-security-fix-spectre_v2-reporting.patch
net-mlx5-fix-dct-creation-bad-flow.patch
+scsi-core-avoid-that-a-kernel-warning-appears-during-system-resume.patch
+scsi-qla2xxx-fix-fc-al-connection-target-discovery.patch
+scsi-ibmvscsi-protect-ibmvscsi_head-from-concurrent-modificaiton.patch
+scsi-ibmvscsi-fix-empty-event-pool-access-during-host-removal.patch
+futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch
+cifs-allow-guest-mounts-to-work-for-smb3.11.patch
+perf-probe-fix-getting-the-kernel-map.patch
+objtool-move-objtool_file-struct-off-the-stack.patch
+irqchip-gic-v3-its-fix-comparison-logic-in-lpi_range_cmp.patch
+clocksource-drivers-riscv-fix-clocksource-mask.patch
+smb3-fix-smb3.1.1-guest-mounts-to-samba.patch
--- /dev/null
+From 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Fri, 22 Mar 2019 22:31:17 -0500
+Subject: SMB3: Fix SMB3.1.1 guest mounts to Samba
+
+From: Steve French <stfrench@microsoft.com>
+
+commit 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a upstream.
+
+Workaround problem with Samba responses to SMB3.1.1
+null user (guest) mounts. The server doesn't set the
+expected flag in the session setup response so we have
+to do a similar check to what is done in smb3_validate_negotiate
+where we also check if the user is a null user (but not sec=krb5
+since username might not be passed in on mount for Kerberos case).
+
+Note that the commit below tightened the conditions and forced signing
+for the SMB2-TreeConnect commands as per MS-SMB2.
+However, this should only apply to normal user sessions and not for
+cases where there is no user (even if server forgets to set the flag
+in the response) since we don't have anything useful to sign with.
+This is especially important now that the more secure SMB3.1.1 protocol
+is in the default dialect list.
+
+An earlier patch ("cifs: allow guest mounts to work for smb3.11") fixed
+the guest mounts to Windows.
+
+ Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
+
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Reviewed-by: Paulo Alcantara <palcantara@suse.de>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2pdu.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1608,10 +1608,13 @@ SMB2_tcon(const unsigned int xid, struct
+ /*
+ * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
+ * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
++ * (Samba servers don't always set the flag so also check if null user)
+ */
+ if ((ses->server->dialect == SMB311_PROT_ID) &&
+ !smb3_encryption_required(tcon) &&
+- !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)))
++ !(ses->session_flags &
++ (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
++ ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
+ req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
+
+ memset(&rqst, 0, sizeof(struct smb_rqst));
projects / thirdparty / kernel / stable-queue.git / commitdiff
