--- /dev/null
+From 07d369857808b7e8e471bbbbb0074a6718f89b31 Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Fri, 25 Oct 2019 17:46:25 +0900
+Subject: perf probe: Fix wrong address verification
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+commit 07d369857808b7e8e471bbbbb0074a6718f89b31 upstream.
+
+Since there are some DIE which has only ranges instead of the
+combination of entrypc/highpc, address verification must use
+dwarf_haspc() instead of dwarf_entrypc/dwarf_highpc.
+
+Also, the ranges only DIE will have a partial code in different section
+(e.g. unlikely code will be in text.unlikely as "FUNC.cold" symbol). In
+that case, we can not use dwarf_entrypc() or die_entrypc(), because the
+offset from original DIE can be a minus value.
+
+Instead, this simply gets the symbol and offset from symtab.
+
+Without this patch;
+
+ # perf probe -D clear_tasks_mm_cpumask:1
+ Failed to get entry address of clear_tasks_mm_cpumask
+ Error: Failed to add events.
+
+And with this patch:
+
+ # perf probe -D clear_tasks_mm_cpumask:1
+ p:probe/clear_tasks_mm_cpumask clear_tasks_mm_cpumask+0
+ p:probe/clear_tasks_mm_cpumask_1 clear_tasks_mm_cpumask+5
+ p:probe/clear_tasks_mm_cpumask_2 clear_tasks_mm_cpumask+8
+ p:probe/clear_tasks_mm_cpumask_3 clear_tasks_mm_cpumask+16
+ p:probe/clear_tasks_mm_cpumask_4 clear_tasks_mm_cpumask+82
+
+Committer testing:
+
+I managed to reproduce the above:
+
+ [root@quaco ~]# perf probe -D clear_tasks_mm_cpumask:1
+ p:probe/clear_tasks_mm_cpumask _text+919968
+ p:probe/clear_tasks_mm_cpumask_1 _text+919973
+ p:probe/clear_tasks_mm_cpumask_2 _text+919976
+ [root@quaco ~]#
+
+But then when trying to actually put the probe in place, it fails if I
+use :0 as the offset:
+
+ [root@quaco ~]# perf probe -L clear_tasks_mm_cpumask | head -5
+ <clear_tasks_mm_cpumask@/usr/src/debug/kernel-5.2.fc30/linux-5.2.18-200.fc30.x86_64/kernel/cpu.c:0>
+ 0 void clear_tasks_mm_cpumask(int cpu)
+ 1 {
+ 2 struct task_struct *p;
+
+ [root@quaco ~]# perf probe clear_tasks_mm_cpumask:0
+ Probe point 'clear_tasks_mm_cpumask' not found.
+ Error: Failed to add events.
+ [root@quaco
+
+The next patch is needed to fix this case.
+
+Fixes: 576b523721b7 ("perf probe: Fix probing symbols with optimization suffix")
+Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
+Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Link: http://lore.kernel.org/lkml/157199318513.8075.10463906803299647907.stgit@devnote2
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/probe-finder.c | 32 ++++++++++----------------------
+ 1 file changed, 10 insertions(+), 22 deletions(-)
+
+--- a/tools/perf/util/probe-finder.c
++++ b/tools/perf/util/probe-finder.c
+@@ -615,38 +615,26 @@ static int convert_to_trace_point(Dwarf_
+ const char *function,
+ struct probe_trace_point *tp)
+ {
+- Dwarf_Addr eaddr, highaddr;
++ Dwarf_Addr eaddr;
+ GElf_Sym sym;
+ const char *symbol;
+
+ /* Verify the address is correct */
+- if (dwarf_entrypc(sp_die, &eaddr) != 0) {
+- pr_warning("Failed to get entry address of %s\n",
+- dwarf_diename(sp_die));
+- return -ENOENT;
+- }
+- if (dwarf_highpc(sp_die, &highaddr) != 0) {
+- pr_warning("Failed to get end address of %s\n",
+- dwarf_diename(sp_die));
+- return -ENOENT;
+- }
+- if (paddr > highaddr) {
+- pr_warning("Offset specified is greater than size of %s\n",
++ if (!dwarf_haspc(sp_die, paddr)) {
++ pr_warning("Specified offset is out of %s\n",
+ dwarf_diename(sp_die));
+ return -EINVAL;
+ }
+
+- symbol = dwarf_diename(sp_die);
++ /* Try to get actual symbol name from symtab */
++ symbol = dwfl_module_addrsym(mod, paddr, &sym, NULL);
+ if (!symbol) {
+- /* Try to get the symbol name from symtab */
+- symbol = dwfl_module_addrsym(mod, paddr, &sym, NULL);
+- if (!symbol) {
+- pr_warning("Failed to find symbol at 0x%lx\n",
+- (unsigned long)paddr);
+- return -ENOENT;
+- }
+- eaddr = sym.st_value;
++ pr_warning("Failed to find symbol at 0x%lx\n",
++ (unsigned long)paddr);
++ return -ENOENT;
+ }
++ eaddr = sym.st_value;
++
+ tp->offset = (unsigned long)(paddr - eaddr);
+ tp->address = (unsigned long)paddr;
+ tp->symbol = strdup(symbol);
--- /dev/null
+From 458ea3ad033fc86e291712ce50cbe60c3428cf30 Mon Sep 17 00:00:00 2001
+From: Stephan Gerhold <stephan@gerhold.net>
+Date: Wed, 6 Nov 2019 18:31:25 +0100
+Subject: regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
+
+From: Stephan Gerhold <stephan@gerhold.net>
+
+commit 458ea3ad033fc86e291712ce50cbe60c3428cf30 upstream.
+
+Those regulators are not actually supported by the AB8500 regulator
+driver. There is no ab8500_regulator_info for them and no entry in
+ab8505_regulator_match.
+
+As such, they cannot be registered successfully, and looking them
+up in ab8505_regulator_match causes an out-of-bounds array read.
+
+Fixes: 547f384f33db ("regulator: ab8500: add support for ab8505")
+Cc: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
+Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
+Link: https://lore.kernel.org/r/20191106173125.14496-2-stephan@gerhold.net
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/regulator/ab8500.h | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/include/linux/regulator/ab8500.h
++++ b/include/linux/regulator/ab8500.h
+@@ -43,8 +43,6 @@ enum ab8505_regulator_id {
+ AB8505_LDO_ANAMIC2,
+ AB8505_LDO_AUX8,
+ AB8505_LDO_ANA,
+- AB8505_SYSCLKREQ_2,
+- AB8505_SYSCLKREQ_4,
+ AB8505_NUM_REGULATORS,
+ };
+
--- /dev/null
+From 394440d469413fa9b74f88a11f144d76017221f2 Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Wed, 15 Jan 2020 13:00:59 -0500
+Subject: reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit 394440d469413fa9b74f88a11f144d76017221f2 upstream.
+
+Commit 60e4cf67a58 (reiserfs: fix extended attributes on the root
+directory) introduced a regression open_xa_root started returning
+-EOPNOTSUPP but it was not handled properly in reiserfs_for_each_xattr.
+
+When the reiserfs module is built without CONFIG_REISERFS_FS_XATTR,
+deleting an inode would result in a warning and chowning an inode
+would also result in a warning and then fail to complete.
+
+With CONFIG_REISERFS_FS_XATTR enabled, the xattr root would always be
+present for read-write operations.
+
+This commit handles -EOPNOSUPP in the same way -ENODATA is handled.
+
+Fixes: 60e4cf67a582 ("reiserfs: fix extended attributes on the root directory")
+CC: stable@vger.kernel.org # Commit 60e4cf67a58 was picked up by stable
+Link: https://lore.kernel.org/r/20200115180059.6935-1-jeffm@suse.com
+Reported-by: Michael Brunnbauer <brunni@netestate.de>
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/reiserfs/xattr.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/reiserfs/xattr.c
++++ b/fs/reiserfs/xattr.c
+@@ -319,8 +319,12 @@ static int reiserfs_for_each_xattr(struc
+ out_dir:
+ dput(dir);
+ out:
+- /* -ENODATA isn't an error */
+- if (err == -ENODATA)
++ /*
++ * -ENODATA: this object doesn't have any xattrs
++ * -EOPNOTSUPP: this file system doesn't have xattrs enabled on disk.
++ * Neither are errors
++ */
++ if (err == -ENODATA || err == -EOPNOTSUPP)
+ err = 0;
+ return err;
+ }
--- /dev/null
+From 29d28f2b8d3736ac61c28ef7e20fda63795b74d9 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Wed, 6 Nov 2019 20:32:21 +0800
+Subject: scsi: bnx2i: fix potential use after free
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit 29d28f2b8d3736ac61c28ef7e20fda63795b74d9 upstream.
+
+The member hba->pcidev may be used after its reference is dropped. Move the
+put function to where it is never used to avoid potential use after free
+issues.
+
+Fixes: a77171806515 ("[SCSI] bnx2i: Removed the reference to the netdev->base_addr")
+Link: https://lore.kernel.org/r/1573043541-19126-1-git-send-email-bianpan2016@163.com
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/bnx2i/bnx2i_iscsi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/bnx2i/bnx2i_iscsi.c
++++ b/drivers/scsi/bnx2i/bnx2i_iscsi.c
+@@ -915,12 +915,12 @@ void bnx2i_free_hba(struct bnx2i_hba *hb
+ INIT_LIST_HEAD(&hba->ep_ofld_list);
+ INIT_LIST_HEAD(&hba->ep_active_list);
+ INIT_LIST_HEAD(&hba->ep_destroy_list);
+- pci_dev_put(hba->pcidev);
+
+ if (hba->regview) {
+ pci_iounmap(hba->pcidev, hba->regview);
+ hba->regview = NULL;
+ }
++ pci_dev_put(hba->pcidev);
+ bnx2i_free_mp_bdt(hba);
+ bnx2i_release_free_cid_que(hba);
+ iscsi_host_free(shost);
--- /dev/null
+From b1335f5b0486f61fb66b123b40f8e7a98e49605d Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Fri, 1 Nov 2019 14:14:47 -0700
+Subject: scsi: core: scsi_trace: Use get_unaligned_be*()
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit b1335f5b0486f61fb66b123b40f8e7a98e49605d upstream.
+
+This patch fixes an unintended sign extension on left shifts. From Colin
+King: "Shifting a u8 left will cause the value to be promoted to an
+integer. If the top bit of the u8 is set then the following conversion to
+an u64 will sign extend the value causing the upper 32 bits to be set in
+the result."
+
+Fix this by using get_unaligned_be*() instead.
+
+Fixes: bf8162354233 ("[SCSI] add scsi trace core functions and put trace points")
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Hannes Reinecke <hare@suse.com>
+Cc: Douglas Gilbert <dgilbert@interlog.com>
+Link: https://lore.kernel.org/r/20191101211447.187151-1-bvanassche@acm.org
+Reported-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_trace.c | 103 ++++++++++++----------------------------------
+ 1 file changed, 28 insertions(+), 75 deletions(-)
+
+--- a/drivers/scsi/scsi_trace.c
++++ b/drivers/scsi/scsi_trace.c
+@@ -21,7 +21,7 @@
+ #include <trace/events/scsi.h>
+
+ #define SERVICE_ACTION16(cdb) (cdb[1] & 0x1f)
+-#define SERVICE_ACTION32(cdb) ((cdb[8] << 8) | cdb[9])
++#define SERVICE_ACTION32(cdb) (get_unaligned_be16(&cdb[8]))
+
+ static const char *
+ scsi_trace_misc(struct trace_seq *, unsigned char *, int);
+@@ -51,17 +51,12 @@ static const char *
+ scsi_trace_rw10(struct trace_seq *p, unsigned char *cdb, int len)
+ {
+ const char *ret = trace_seq_buffer_ptr(p);
+- sector_t lba = 0, txlen = 0;
++ u32 lba, txlen;
+
+- lba |= (cdb[2] << 24);
+- lba |= (cdb[3] << 16);
+- lba |= (cdb[4] << 8);
+- lba |= cdb[5];
+- txlen |= (cdb[7] << 8);
+- txlen |= cdb[8];
++ lba = get_unaligned_be32(&cdb[2]);
++ txlen = get_unaligned_be16(&cdb[7]);
+
+- trace_seq_printf(p, "lba=%llu txlen=%llu protect=%u",
+- (unsigned long long)lba, (unsigned long long)txlen,
++ trace_seq_printf(p, "lba=%u txlen=%u protect=%u", lba, txlen,
+ cdb[1] >> 5);
+
+ if (cdb[0] == WRITE_SAME)
+@@ -76,19 +71,12 @@ static const char *
+ scsi_trace_rw12(struct trace_seq *p, unsigned char *cdb, int len)
+ {
+ const char *ret = trace_seq_buffer_ptr(p);
+- sector_t lba = 0, txlen = 0;
++ u32 lba, txlen;
+
+- lba |= (cdb[2] << 24);
+- lba |= (cdb[3] << 16);
+- lba |= (cdb[4] << 8);
+- lba |= cdb[5];
+- txlen |= (cdb[6] << 24);
+- txlen |= (cdb[7] << 16);
+- txlen |= (cdb[8] << 8);
+- txlen |= cdb[9];
++ lba = get_unaligned_be32(&cdb[2]);
++ txlen = get_unaligned_be32(&cdb[6]);
+
+- trace_seq_printf(p, "lba=%llu txlen=%llu protect=%u",
+- (unsigned long long)lba, (unsigned long long)txlen,
++ trace_seq_printf(p, "lba=%u txlen=%u protect=%u", lba, txlen,
+ cdb[1] >> 5);
+ trace_seq_putc(p, 0);
+
+@@ -99,23 +87,13 @@ static const char *
+ scsi_trace_rw16(struct trace_seq *p, unsigned char *cdb, int len)
+ {
+ const char *ret = trace_seq_buffer_ptr(p);
+- sector_t lba = 0, txlen = 0;
++ u64 lba;
++ u32 txlen;
+
+- lba |= ((u64)cdb[2] << 56);
+- lba |= ((u64)cdb[3] << 48);
+- lba |= ((u64)cdb[4] << 40);
+- lba |= ((u64)cdb[5] << 32);
+- lba |= (cdb[6] << 24);
+- lba |= (cdb[7] << 16);
+- lba |= (cdb[8] << 8);
+- lba |= cdb[9];
+- txlen |= (cdb[10] << 24);
+- txlen |= (cdb[11] << 16);
+- txlen |= (cdb[12] << 8);
+- txlen |= cdb[13];
++ lba = get_unaligned_be64(&cdb[2]);
++ txlen = get_unaligned_be32(&cdb[10]);
+
+- trace_seq_printf(p, "lba=%llu txlen=%llu protect=%u",
+- (unsigned long long)lba, (unsigned long long)txlen,
++ trace_seq_printf(p, "lba=%llu txlen=%u protect=%u", lba, txlen,
+ cdb[1] >> 5);
+
+ if (cdb[0] == WRITE_SAME_16)
+@@ -130,8 +108,8 @@ static const char *
+ scsi_trace_rw32(struct trace_seq *p, unsigned char *cdb, int len)
+ {
+ const char *ret = trace_seq_buffer_ptr(p), *cmd;
+- sector_t lba = 0, txlen = 0;
+- u32 ei_lbrt = 0;
++ u64 lba;
++ u32 ei_lbrt, txlen;
+
+ switch (SERVICE_ACTION32(cdb)) {
+ case READ_32:
+@@ -151,26 +129,12 @@ scsi_trace_rw32(struct trace_seq *p, uns
+ goto out;
+ }
+
+- lba |= ((u64)cdb[12] << 56);
+- lba |= ((u64)cdb[13] << 48);
+- lba |= ((u64)cdb[14] << 40);
+- lba |= ((u64)cdb[15] << 32);
+- lba |= (cdb[16] << 24);
+- lba |= (cdb[17] << 16);
+- lba |= (cdb[18] << 8);
+- lba |= cdb[19];
+- ei_lbrt |= (cdb[20] << 24);
+- ei_lbrt |= (cdb[21] << 16);
+- ei_lbrt |= (cdb[22] << 8);
+- ei_lbrt |= cdb[23];
+- txlen |= (cdb[28] << 24);
+- txlen |= (cdb[29] << 16);
+- txlen |= (cdb[30] << 8);
+- txlen |= cdb[31];
+-
+- trace_seq_printf(p, "%s_32 lba=%llu txlen=%llu protect=%u ei_lbrt=%u",
+- cmd, (unsigned long long)lba,
+- (unsigned long long)txlen, cdb[10] >> 5, ei_lbrt);
++ lba = get_unaligned_be64(&cdb[12]);
++ ei_lbrt = get_unaligned_be32(&cdb[20]);
++ txlen = get_unaligned_be32(&cdb[28]);
++
++ trace_seq_printf(p, "%s_32 lba=%llu txlen=%u protect=%u ei_lbrt=%u",
++ cmd, lba, txlen, cdb[10] >> 5, ei_lbrt);
+
+ if (SERVICE_ACTION32(cdb) == WRITE_SAME_32)
+ trace_seq_printf(p, " unmap=%u", cdb[10] >> 3 & 1);
+@@ -185,7 +149,7 @@ static const char *
+ scsi_trace_unmap(struct trace_seq *p, unsigned char *cdb, int len)
+ {
+ const char *ret = trace_seq_buffer_ptr(p);
+- unsigned int regions = cdb[7] << 8 | cdb[8];
++ unsigned int regions = get_unaligned_be16(&cdb[7]);
+
+ trace_seq_printf(p, "regions=%u", (regions - 8) / 16);
+ trace_seq_putc(p, 0);
+@@ -197,8 +161,8 @@ static const char *
+ scsi_trace_service_action_in(struct trace_seq *p, unsigned char *cdb, int len)
+ {
+ const char *ret = trace_seq_buffer_ptr(p), *cmd;
+- sector_t lba = 0;
+- u32 alloc_len = 0;
++ u64 lba;
++ u32 alloc_len;
+
+ switch (SERVICE_ACTION16(cdb)) {
+ case SAI_READ_CAPACITY_16:
+@@ -212,21 +176,10 @@ scsi_trace_service_action_in(struct trac
+ goto out;
+ }
+
+- lba |= ((u64)cdb[2] << 56);
+- lba |= ((u64)cdb[3] << 48);
+- lba |= ((u64)cdb[4] << 40);
+- lba |= ((u64)cdb[5] << 32);
+- lba |= (cdb[6] << 24);
+- lba |= (cdb[7] << 16);
+- lba |= (cdb[8] << 8);
+- lba |= cdb[9];
+- alloc_len |= (cdb[10] << 24);
+- alloc_len |= (cdb[11] << 16);
+- alloc_len |= (cdb[12] << 8);
+- alloc_len |= cdb[13];
++ lba = get_unaligned_be64(&cdb[2]);
++ alloc_len = get_unaligned_be32(&cdb[10]);
+
+- trace_seq_printf(p, "%s lba=%llu alloc_len=%u", cmd,
+- (unsigned long long)lba, alloc_len);
++ trace_seq_printf(p, "%s lba=%llu alloc_len=%u", cmd, lba, alloc_len);
+
+ out:
+ trace_seq_putc(p, 0);
--- /dev/null
+From 906ca6353ac09696c1bf0892513c8edffff5e0a6 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 22 Oct 2019 13:23:24 +0300
+Subject: scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 906ca6353ac09696c1bf0892513c8edffff5e0a6 upstream.
+
+This error path is missing an unlock.
+
+Fixes: 26780d9e12ed ("[SCSI] esas2r: ATTO Technology ExpressSAS 6G SAS/SATA RAID Adapter Driver")
+Link: https://lore.kernel.org/r/20191022102324.GA27540@mwanda
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/esas2r/esas2r_flash.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/scsi/esas2r/esas2r_flash.c
++++ b/drivers/scsi/esas2r/esas2r_flash.c
+@@ -1197,6 +1197,7 @@ bool esas2r_nvram_read_direct(struct esa
+ if (!esas2r_read_flash_block(a, a->nvram, FLS_OFFSET_NVR,
+ sizeof(struct esas2r_sas_nvram))) {
+ esas2r_hdebug("NVRAM read failed, using defaults");
++ up(&a->nvram_semaphore);
+ return false;
+ }
+
--- /dev/null
+From 45dc8f2d9c94ed74a5e31e63e9136a19a7e16081 Mon Sep 17 00:00:00 2001
+From: Huacai Chen <chenhc@lemote.com>
+Date: Thu, 21 Nov 2019 13:40:47 +0800
+Subject: scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
+
+From: Huacai Chen <chenhc@lemote.com>
+
+commit 45dc8f2d9c94ed74a5e31e63e9136a19a7e16081 upstream.
+
+Commit 4fa183455988 ("scsi: qla2xxx: Utilize pci_alloc_irq_vectors/
+pci_free_irq_vectors calls.") use pci_alloc_irq_vectors() to replace
+pci_enable_msi() but it didn't handle the return value correctly. This bug
+make qla2x00 always fail to setup MSI if MSI-X fail, so fix it.
+
+BTW, improve the log message of return value in qla2x00_request_irqs() to
+avoid confusion.
+
+Fixes: 4fa183455988 ("scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls.")
+Cc: Michael Hernandez <michael.hernandez@cavium.com>
+Link: https://lore.kernel.org/r/1574314847-14280-1-git-send-email-chenhc@lemote.com
+Signed-off-by: Huacai Chen <chenhc@lemote.com>
+Acked-by: Himanshu Madhani <hmadhani@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_isr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_isr.c
++++ b/drivers/scsi/qla2xxx/qla_isr.c
+@@ -3519,7 +3519,7 @@ qla2x00_request_irqs(struct qla_hw_data
+ skip_msix:
+
+ ql_log(ql_log_info, vha, 0x0037,
+- "Falling back-to MSI mode -%d.\n", ret);
++ "Falling back-to MSI mode -- ret=%d.\n", ret);
+
+ if (!IS_QLA24XX(ha) && !IS_QLA2532(ha) && !IS_QLA8432(ha) &&
+ !IS_QLA8001(ha) && !IS_P3P_TYPE(ha) && !IS_QLAFX00(ha) &&
+@@ -3527,13 +3527,13 @@ skip_msix:
+ goto skip_msi;
+
+ ret = pci_alloc_irq_vectors(ha->pdev, 1, 1, PCI_IRQ_MSI);
+- if (!ret) {
++ if (ret > 0) {
+ ql_dbg(ql_dbg_init, vha, 0x0038,
+ "MSI: Enabled.\n");
+ ha->flags.msi_enabled = 1;
+ } else
+ ql_log(ql_log_warn, vha, 0x0039,
+- "Falling back-to INTa mode -- %d.\n", ret);
++ "Falling back-to INTa mode -- ret=%d.\n", ret);
+ skip_msi:
+
+ /* Skip INTx on ISP82xx. */
--- /dev/null
+From d341e9a8f2cffe4000c610225c629f62c7489c74 Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Fri, 22 Nov 2019 22:19:22 +0000
+Subject: scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit d341e9a8f2cffe4000c610225c629f62c7489c74 upstream.
+
+In qla2x00_find_all_fabric_devs(), fcport->flags & FCF_LOGIN_NEEDED is a
+necessary condition for logging into new rports, but not for dropping lost
+ones.
+
+Fixes: 726b85487067 ("qla2xxx: Add framework for async fabric discovery")
+Link: https://lore.kernel.org/r/20191122221912.20100-2-martin.wilck@suse.com
+Tested-by: David Bond <dbond@suse.com>
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Acked-by: Himanshu Madhani <hmadhani@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_init.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -5145,8 +5145,7 @@ qla2x00_find_all_fabric_devs(scsi_qla_ho
+ if (test_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags))
+ break;
+
+- if ((fcport->flags & FCF_FABRIC_DEVICE) == 0 ||
+- (fcport->flags & FCF_LOGIN_NEEDED) == 0)
++ if ((fcport->flags & FCF_FABRIC_DEVICE) == 0)
+ continue;
+
+ if (fcport->scan_state == QLA_FCPORT_SCAN) {
+@@ -5171,7 +5170,8 @@ qla2x00_find_all_fabric_devs(scsi_qla_ho
+ }
+ }
+
+- if (fcport->scan_state == QLA_FCPORT_FOUND)
++ if (fcport->scan_state == QLA_FCPORT_FOUND &&
++ (fcport->flags & FCF_LOGIN_NEEDED) != 0)
+ qla24xx_fcport_handle_login(vha, fcport);
+ }
+ return (rval);
--- /dev/null
+From 3fe3d2428b62822b7b030577cd612790bdd8c941 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Tue, 5 Nov 2019 17:25:27 +0800
+Subject: scsi: qla4xxx: fix double free bug
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit 3fe3d2428b62822b7b030577cd612790bdd8c941 upstream.
+
+The variable init_fw_cb is released twice, resulting in a double free
+bug. The call to the function dma_free_coherent() before goto is removed to
+get rid of potential double free.
+
+Fixes: 2a49a78ed3c8 ("[SCSI] qla4xxx: added IPv6 support.")
+Link: https://lore.kernel.org/r/1572945927-27796-1-git-send-email-bianpan2016@163.com
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Acked-by: Manish Rangankar <mrangankar@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla4xxx/ql4_mbx.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/scsi/qla4xxx/ql4_mbx.c
++++ b/drivers/scsi/qla4xxx/ql4_mbx.c
+@@ -641,9 +641,6 @@ int qla4xxx_initialize_fw_cb(struct scsi
+
+ if (qla4xxx_get_ifcb(ha, &mbox_cmd[0], &mbox_sts[0], init_fw_cb_dma) !=
+ QLA_SUCCESS) {
+- dma_free_coherent(&ha->pdev->dev,
+- sizeof(struct addr_ctrl_blk),
+- init_fw_cb, init_fw_cb_dma);
+ goto exit_init_fw_cb;
+ }
+
--- /dev/null
+From 82ea3e0e129e2ab913dd6684bab7a6e5e9896dee Mon Sep 17 00:00:00 2001
+From: John Garry <john.garry@huawei.com>
+Date: Wed, 20 Nov 2019 17:39:15 +0800
+Subject: scsi: scsi_transport_sas: Fix memory leak when removing devices
+
+From: John Garry <john.garry@huawei.com>
+
+commit 82ea3e0e129e2ab913dd6684bab7a6e5e9896dee upstream.
+
+Removing a non-host rphy causes a memory leak:
+
+root@(none)$ echo 0 > /sys/devices/platform/HISI0162:01/host0/port-0:0/expander-0:0/port-0:0:10/phy-0:0:10/sas_phy/phy-0:0:10/enable
+[ 79.857888] hisi_sas_v2_hw HISI0162:01: dev[7:1] is gone
+root@(none)$ echo scan > /sys/kernel/debug/kmemleak
+[ 131.656603] kmemleak: 3 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
+root@(none)$ more /sys/kernel/debug/kmemleak
+unreferenced object 0xffff041da5c66000 (size 256):
+ comm "kworker/u128:1", pid 549, jiffies 4294898543 (age 113.728s)
+ hex dump (first 32 bytes):
+ 00 5e c6 a5 1d 04 ff ff 01 00 00 00 00 00 00 00 .^..............
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ backtrace:
+ [<(____ptrval____)>] kmem_cache_alloc+0x188/0x260
+ [<(____ptrval____)>] bsg_setup_queue+0x48/0x1a8
+ [<(____ptrval____)>] sas_rphy_add+0x108/0x2d0
+ [<(____ptrval____)>] sas_probe_devices+0x168/0x208
+ [<(____ptrval____)>] sas_discover_domain+0x660/0x9c8
+ [<(____ptrval____)>] process_one_work+0x3f8/0x690
+ [<(____ptrval____)>] worker_thread+0x70/0x6a0
+ [<(____ptrval____)>] kthread+0x1b8/0x1c0
+ [<(____ptrval____)>] ret_from_fork+0x10/0x18
+unreferenced object 0xffff041d8c075400 (size 128):
+ comm "kworker/u128:1", pid 549, jiffies 4294898543 (age 113.728s)
+ hex dump (first 32 bytes):
+ 00 40 25 97 1d 00 ff ff 00 00 00 00 00 00 00 00 .@%.............
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ backtrace:
+ [<(____ptrval____)>] __kmalloc_node+0x1a8/0x2c8
+ [<(____ptrval____)>] blk_mq_realloc_tag_set_tags.part.70+0x48/0xd8
+ [<(____ptrval____)>] blk_mq_alloc_tag_set+0x1dc/0x530
+ [<(____ptrval____)>] bsg_setup_queue+0xe8/0x1a8
+ [<(____ptrval____)>] sas_rphy_add+0x108/0x2d0
+ [<(____ptrval____)>] sas_probe_devices+0x168/0x208
+ [<(____ptrval____)>] sas_discover_domain+0x660/0x9c8
+ [<(____ptrval____)>] process_one_work+0x3f8/0x690
+ [<(____ptrval____)>] worker_thread+0x70/0x6a0
+ [<(____ptrval____)>] kthread+0x1b8/0x1c0
+ [<(____ptrval____)>] ret_from_fork+0x10/0x18
+unreferenced object 0xffff041da5c65e00 (size 256):
+ comm "kworker/u128:1", pid 549, jiffies 4294898543 (age 113.728s)
+ hex dump (first 32 bytes):
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ backtrace:
+ [<(____ptrval____)>] __kmalloc_node+0x1a8/0x2c8
+ [<(____ptrval____)>] blk_mq_alloc_tag_set+0x254/0x530
+ [<(____ptrval____)>] bsg_setup_queue+0xe8/0x1a8
+ [<(____ptrval____)>] sas_rphy_add+0x108/0x2d0
+ [<(____ptrval____)>] sas_probe_devices+0x168/0x208
+ [<(____ptrval____)>] sas_discover_domain+0x660/0x9c8
+ [<(____ptrval____)>] process_one_work+0x3f8/0x690
+ [<(____ptrval____)>] worker_thread+0x70/0x6a0
+ [<(____ptrval____)>] kthread+0x1b8/0x1c0
+ [<(____ptrval____)>] ret_from_fork+0x10/0x18
+root@(none)$
+
+It turns out that we don't clean up the request queue fully for bsg
+devices, as the blk mq tags for the request queue are not freed.
+
+Fix by doing the queue removal in one place - in sas_rphy_remove() -
+instead of unregistering the queue in sas_rphy_remove() and finally
+cleaning up the queue in calling blk_cleanup_queue() from
+sas_end_device_release() or sas_expander_release().
+
+Function bsg_remove_queue() can handle a NULL pointer q, so remove the
+precheck in sas_rphy_remove().
+
+Fixes: 651a013649943 ("scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough")
+Link: https://lore.kernel.org/r/1574242755-94156-1-git-send-email-john.garry@huawei.com
+Signed-off-by: John Garry <john.garry@huawei.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_transport_sas.c | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+--- a/drivers/scsi/scsi_transport_sas.c
++++ b/drivers/scsi/scsi_transport_sas.c
+@@ -1409,9 +1409,6 @@ static void sas_expander_release(struct
+ struct sas_rphy *rphy = dev_to_rphy(dev);
+ struct sas_expander_device *edev = rphy_to_expander_device(rphy);
+
+- if (rphy->q)
+- blk_cleanup_queue(rphy->q);
+-
+ put_device(dev->parent);
+ kfree(edev);
+ }
+@@ -1421,9 +1418,6 @@ static void sas_end_device_release(struc
+ struct sas_rphy *rphy = dev_to_rphy(dev);
+ struct sas_end_device *edev = rphy_to_end_device(rphy);
+
+- if (rphy->q)
+- blk_cleanup_queue(rphy->q);
+-
+ put_device(dev->parent);
+ kfree(edev);
+ }
+@@ -1652,8 +1646,7 @@ sas_rphy_remove(struct sas_rphy *rphy)
+ }
+
+ sas_rphy_unlink(rphy);
+- if (rphy->q)
+- bsg_unregister_queue(rphy->q);
++ bsg_remove_queue(rphy->q);
+ transport_remove_device(dev);
+ device_del(dev);
+ }
--- /dev/null
+From c941e0d172605731de9b4628bd4146d35cf2e7d6 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Thu, 7 Nov 2019 13:55:25 -0800
+Subject: scsi: target: core: Fix a pr_debug() argument
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit c941e0d172605731de9b4628bd4146d35cf2e7d6 upstream.
+
+Print the string for which conversion failed instead of printing the
+function name twice.
+
+Fixes: 2650d71e244f ("target: move transport ID handling to the core")
+Cc: Christoph Hellwig <hch@lst.de>
+Link: https://lore.kernel.org/r/20191107215525.64415-1-bvanassche@acm.org
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_fabric_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/target/target_core_fabric_lib.c
++++ b/drivers/target/target_core_fabric_lib.c
+@@ -131,7 +131,7 @@ static int srp_get_pr_transport_id(
+ memset(buf + 8, 0, leading_zero_bytes);
+ rc = hex2bin(buf + 8 + leading_zero_bytes, p, count);
+ if (rc < 0) {
+- pr_debug("hex2bin failed for %s: %d\n", __func__, rc);
++ pr_debug("hex2bin failed for %s: %d\n", p, rc);
+ return rc;
+ }
+
cfg80211-check-for-set_wiphy_params.patch
tick-sched-annotate-lockless-access-to-last_jiffies_update.patch
revert-arm64-dts-juno-add-dma-ranges-property.patch
+reiserfs-fix-handling-of-eopnotsupp-in-reiserfs_for_each_xattr.patch
+scsi-esas2r-unlock-on-error-in-esas2r_nvram_read_direct.patch
+scsi-qla4xxx-fix-double-free-bug.patch
+scsi-bnx2i-fix-potential-use-after-free.patch
+scsi-target-core-fix-a-pr_debug-argument.patch
+scsi-scsi_transport_sas-fix-memory-leak-when-removing-devices.patch
+scsi-qla2xxx-fix-qla2x00_request_irqs-for-msi.patch
+scsi-qla2xxx-fix-rports-not-being-mark-as-lost-in-sync-fabric-scan.patch
+scsi-core-scsi_trace-use-get_unaligned_be.patch
+perf-probe-fix-wrong-address-verification.patch
+regulator-ab8500-remove-sysclkreq-from-enum-ab8505_regulator_id.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
