--- /dev/null
+From acc9cf8c66c66b2cbbdb4a375537edee72be64df Mon Sep 17 00:00:00 2001
+From: Kent Overstreet <kent.overstreet@gmail.com>
+Date: Wed, 17 Aug 2016 18:21:24 -0700
+Subject: bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two.
+
+From: Kent Overstreet <kent.overstreet@gmail.com>
+
+commit acc9cf8c66c66b2cbbdb4a375537edee72be64df upstream.
+
+This patch fixes a cachedev registration-time allocation deadlock.
+This can deadlock on boot if your initrd auto-registeres bcache devices:
+
+Allocator thread:
+[ 720.727614] INFO: task bcache_allocato:3833 blocked for more than 120 seconds.
+[ 720.732361] [<ffffffff816eeac7>] schedule+0x37/0x90
+[ 720.732963] [<ffffffffa05192b8>] bch_bucket_alloc+0x188/0x360 [bcache]
+[ 720.733538] [<ffffffff810e6950>] ? prepare_to_wait_event+0xf0/0xf0
+[ 720.734137] [<ffffffffa05302bd>] bch_prio_write+0x19d/0x340 [bcache]
+[ 720.734715] [<ffffffffa05190bf>] bch_allocator_thread+0x3ff/0x470 [bcache]
+[ 720.735311] [<ffffffff816ee41c>] ? __schedule+0x2dc/0x950
+[ 720.735884] [<ffffffffa0518cc0>] ? invalidate_buckets+0x980/0x980 [bcache]
+
+Registration thread:
+[ 720.710403] INFO: task bash:3531 blocked for more than 120 seconds.
+[ 720.715226] [<ffffffff816eeac7>] schedule+0x37/0x90
+[ 720.715805] [<ffffffffa05235cd>] __bch_btree_map_nodes+0x12d/0x150 [bcache]
+[ 720.716409] [<ffffffffa0522d30>] ? bch_btree_insert_check_key+0x1c0/0x1c0 [bcache]
+[ 720.717008] [<ffffffffa05236e4>] bch_btree_insert+0xf4/0x170 [bcache]
+[ 720.717586] [<ffffffff810e6950>] ? prepare_to_wait_event+0xf0/0xf0
+[ 720.718191] [<ffffffffa0527d9a>] bch_journal_replay+0x14a/0x290 [bcache]
+[ 720.718766] [<ffffffff810cc90d>] ? ttwu_do_activate.constprop.94+0x5d/0x70
+[ 720.719369] [<ffffffff810cf684>] ? try_to_wake_up+0x1d4/0x350
+[ 720.719968] [<ffffffffa05317d0>] run_cache_set+0x580/0x8e0 [bcache]
+[ 720.720553] [<ffffffffa053302e>] register_bcache+0xe2e/0x13b0 [bcache]
+[ 720.721153] [<ffffffff81354cef>] kobj_attr_store+0xf/0x20
+[ 720.721730] [<ffffffff812a2dad>] sysfs_kf_write+0x3d/0x50
+[ 720.722327] [<ffffffff812a225a>] kernfs_fop_write+0x12a/0x180
+[ 720.722904] [<ffffffff81225177>] __vfs_write+0x37/0x110
+[ 720.723503] [<ffffffff81228048>] ? __sb_start_write+0x58/0x110
+[ 720.724100] [<ffffffff812cedb3>] ? security_file_permission+0x23/0xa0
+[ 720.724675] [<ffffffff812258a9>] vfs_write+0xa9/0x1b0
+[ 720.725275] [<ffffffff8102479c>] ? do_audit_syscall_entry+0x6c/0x70
+[ 720.725849] [<ffffffff81226755>] SyS_write+0x55/0xd0
+[ 720.726451] [<ffffffff8106a390>] ? do_page_fault+0x30/0x80
+[ 720.727045] [<ffffffff816f2cae>] system_call_fastpath+0x12/0x71
+
+The fifo code in upstream bcache can't use the last element in the buffer,
+which was the cause of the bug: if you asked for a power of two size,
+it'd give you a fifo that could hold one less than what you asked for
+rather than allocating a buffer twice as big.
+
+Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
+Tested-by: Eric Wheeler <bcache@linux.ewheeler.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/bcache/super.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/md/bcache/super.c
++++ b/drivers/md/bcache/super.c
+@@ -1818,7 +1818,7 @@ static int cache_alloc(struct cache_sb *
+ free = roundup_pow_of_two(ca->sb.nbuckets) >> 10;
+
+ if (!init_fifo(&ca->free[RESERVE_BTREE], 8, GFP_KERNEL) ||
+- !init_fifo(&ca->free[RESERVE_PRIO], prio_buckets(ca), GFP_KERNEL) ||
++ !init_fifo_exact(&ca->free[RESERVE_PRIO], prio_buckets(ca), GFP_KERNEL) ||
+ !init_fifo(&ca->free[RESERVE_MOVINGGC], free, GFP_KERNEL) ||
+ !init_fifo(&ca->free[RESERVE_NONE], free, GFP_KERNEL) ||
+ !init_fifo(&ca->free_inc, free << 2, GFP_KERNEL) ||
--- /dev/null
+From 0956254a2d5b9e2141385514553aeef694dfe3b5 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Mon, 8 Aug 2016 15:08:49 +0200
+Subject: ovl: don't copy up opaqueness
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 0956254a2d5b9e2141385514553aeef694dfe3b5 upstream.
+
+When a copy up of a directory occurs which has the opaque xattr set, the
+xattr remains in the upper directory. The immediate behavior with overlayfs
+is that the upper directory is not treated as opaque, however after a
+remount the opaque flag is used and upper directory is treated as opaque.
+This causes files created in the lower layer to be hidden when using
+multiple lower directories.
+
+Fix by not copying up the opaque flag.
+
+To reproduce:
+
+ ----8<---------8<---------8<---------8<---------8<---------8<----
+mkdir -p l/d/s u v w mnt
+mount -t overlay overlay -olowerdir=l,upperdir=u,workdir=w mnt
+rm -rf mnt/d/
+mkdir -p mnt/d/n
+umount mnt
+mount -t overlay overlay -olowerdir=u:l,upperdir=v,workdir=w mnt
+touch mnt/d/foo
+umount mnt
+mount -t overlay overlay -olowerdir=u:l,upperdir=v,workdir=w mnt
+ls mnt/d
+ ----8<---------8<---------8<---------8<---------8<---------8<----
+
+output should be: "foo n"
+
+Reported-by: Derek McGowan <dmcg@drizz.net>
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=151291
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/copy_up.c | 2 ++
+ fs/overlayfs/inode.c | 2 +-
+ fs/overlayfs/overlayfs.h | 1 +
+ 3 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/overlayfs/copy_up.c
++++ b/fs/overlayfs/copy_up.c
+@@ -48,6 +48,8 @@ int ovl_copy_xattr(struct dentry *old, s
+ }
+
+ for (name = buf; name < (buf + list_size); name += strlen(name) + 1) {
++ if (ovl_is_private_xattr(name))
++ continue;
+ retry:
+ size = vfs_getxattr(old, name, value, value_size);
+ if (size == -ERANGE)
+--- a/fs/overlayfs/inode.c
++++ b/fs/overlayfs/inode.c
+@@ -219,7 +219,7 @@ static int ovl_readlink(struct dentry *d
+ }
+
+
+-static bool ovl_is_private_xattr(const char *name)
++bool ovl_is_private_xattr(const char *name)
+ {
+ return strncmp(name, OVL_XATTR_PRE_NAME, OVL_XATTR_PRE_LEN) == 0;
+ }
+--- a/fs/overlayfs/overlayfs.h
++++ b/fs/overlayfs/overlayfs.h
+@@ -176,6 +176,7 @@ ssize_t ovl_getxattr(struct dentry *dent
+ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size);
+ int ovl_removexattr(struct dentry *dentry, const char *name);
+ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags);
++bool ovl_is_private_xattr(const char *name);
+
+ struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
+ struct ovl_entry *oe);
--- /dev/null
+From e1ff3dd1ae52cef5b5373c8cc4ad949c2c25a71c Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Mon, 5 Sep 2016 13:55:20 +0200
+Subject: ovl: fix workdir creation
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit e1ff3dd1ae52cef5b5373c8cc4ad949c2c25a71c upstream.
+
+Workdir creation fails in latest kernel.
+
+Fix by allowing EOPNOTSUPP as a valid return value from
+vfs_removexattr(XATTR_NAME_POSIX_ACL_*). Upper filesystem may not support
+ACL and still be perfectly able to support overlayfs.
+
+Reported-by: Martin Ziegler <ziegler@uni-freiburg.de>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: c11b9fdd6a61 ("ovl: remove posix_acl_default from workdir")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/super.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/overlayfs/super.c
++++ b/fs/overlayfs/super.c
+@@ -784,11 +784,11 @@ retry:
+ goto out_dput;
+
+ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
+- if (err && err != -ENODATA)
++ if (err && err != -ENODATA && err != -EOPNOTSUPP)
+ goto out_dput;
+
+ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
+- if (err && err != -ENODATA)
++ if (err && err != -ENODATA && err != -EOPNOTSUPP)
+ goto out_dput;
+
+ /* Clear any inherited mode bits */
--- /dev/null
+From 7cb35119d067191ce9ebc380a599db0b03cbd9d9 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Thu, 1 Sep 2016 11:12:00 +0200
+Subject: ovl: listxattr: use strnlen()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 7cb35119d067191ce9ebc380a599db0b03cbd9d9 upstream.
+
+Be defensive about what underlying fs provides us in the returned xattr
+list buffer. If it's not properly null terminated, bail out with a warning
+insead of BUG.
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/inode.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+--- a/fs/overlayfs/inode.c
++++ b/fs/overlayfs/inode.c
+@@ -277,7 +277,8 @@ ssize_t ovl_listxattr(struct dentry *den
+ struct path realpath;
+ enum ovl_path_type type = ovl_path_real(dentry, &realpath);
+ ssize_t res;
+- int off;
++ size_t len;
++ char *s;
+
+ res = vfs_listxattr(realpath.dentry, list, size);
+ if (res <= 0 || size == 0)
+@@ -287,17 +288,19 @@ ssize_t ovl_listxattr(struct dentry *den
+ return res;
+
+ /* filter out private xattrs */
+- for (off = 0; off < res;) {
+- char *s = list + off;
+- size_t slen = strlen(s) + 1;
++ for (s = list, len = res; len;) {
++ size_t slen = strnlen(s, len) + 1;
+
+- BUG_ON(off + slen > res);
++ /* underlying fs providing us with an broken xattr list? */
++ if (WARN_ON(slen > len))
++ return -EIO;
+
++ len -= slen;
+ if (ovl_is_private_xattr(s)) {
+ res -= slen;
+- memmove(s, s + slen, res - off);
++ memmove(s, s + slen, len);
+ } else {
+- off += slen;
++ s += slen;
+ }
+ }
+
--- /dev/null
+From eea2fb4851e9dcbab6b991aaf47e2e024f1f55a0 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Thu, 1 Sep 2016 11:11:59 +0200
+Subject: ovl: proper cleanup of workdir
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit eea2fb4851e9dcbab6b991aaf47e2e024f1f55a0 upstream.
+
+When mounting overlayfs it needs a clean "work" directory under the
+supplied workdir.
+
+Previously the mount code removed this directory if it already existed and
+created a new one. If the removal failed (e.g. directory was not empty)
+then it fell back to a read-only mount not using the workdir.
+
+While this has never been reported, it is possible to get a non-empty
+"work" dir from a previous mount of overlayfs in case of crash in the
+middle of an operation using the work directory.
+
+In this case the left over state should be discarded and the overlay
+filesystem will be consistent, guaranteed by the atomicity of operations on
+moving to/from the workdir to the upper layer.
+
+This patch implements cleaning out any files left in workdir. It is
+implemented using real recursion for simplicity, but the depth is limited
+to 2, because the worst case is that of a directory containing whiteouts
+under "work".
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/overlayfs.h | 2 +
+ fs/overlayfs/readdir.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++-
+ fs/overlayfs/super.c | 2 -
+ 3 files changed, 65 insertions(+), 2 deletions(-)
+
+--- a/fs/overlayfs/overlayfs.h
++++ b/fs/overlayfs/overlayfs.h
+@@ -163,6 +163,8 @@ extern const struct file_operations ovl_
+ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list);
+ void ovl_cleanup_whiteouts(struct dentry *upper, struct list_head *list);
+ void ovl_cache_free(struct list_head *list);
++void ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt,
++ struct dentry *dentry, int level);
+
+ /* inode.c */
+ int ovl_setattr(struct dentry *dentry, struct iattr *attr);
+--- a/fs/overlayfs/readdir.c
++++ b/fs/overlayfs/readdir.c
+@@ -256,7 +256,7 @@ static inline int ovl_dir_read(struct pa
+ err = rdd->err;
+ } while (!err && rdd->count);
+
+- if (!err && rdd->first_maybe_whiteout)
++ if (!err && rdd->first_maybe_whiteout && rdd->dentry)
+ err = ovl_check_whiteouts(realpath->dentry, rdd);
+
+ fput(realfile);
+@@ -577,3 +577,64 @@ void ovl_cleanup_whiteouts(struct dentry
+ }
+ mutex_unlock(&upper->d_inode->i_mutex);
+ }
++
++static void ovl_workdir_cleanup_recurse(struct path *path, int level)
++{
++ int err;
++ struct inode *dir = path->dentry->d_inode;
++ LIST_HEAD(list);
++ struct ovl_cache_entry *p;
++ struct ovl_readdir_data rdd = {
++ .ctx.actor = ovl_fill_merge,
++ .dentry = NULL,
++ .list = &list,
++ .root = RB_ROOT,
++ .is_lowest = false,
++ };
++
++ err = ovl_dir_read(path, &rdd);
++ if (err)
++ goto out;
++
++ inode_lock_nested(dir, I_MUTEX_PARENT);
++ list_for_each_entry(p, &list, l_node) {
++ struct dentry *dentry;
++
++ if (p->name[0] == '.') {
++ if (p->len == 1)
++ continue;
++ if (p->len == 2 && p->name[1] == '.')
++ continue;
++ }
++ dentry = lookup_one_len(p->name, path->dentry, p->len);
++ if (IS_ERR(dentry))
++ continue;
++ if (dentry->d_inode)
++ ovl_workdir_cleanup(dir, path->mnt, dentry, level);
++ dput(dentry);
++ }
++ inode_unlock(dir);
++out:
++ ovl_cache_free(&list);
++}
++
++void ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt,
++ struct dentry *dentry, int level)
++{
++ int err;
++
++ if (!d_is_dir(dentry) || level > 1) {
++ ovl_cleanup(dir, dentry);
++ return;
++ }
++
++ err = ovl_do_rmdir(dir, dentry);
++ if (err) {
++ struct path path = { .mnt = mnt, .dentry = dentry };
++
++ inode_unlock(dir);
++ ovl_workdir_cleanup_recurse(&path, level + 1);
++ inode_lock_nested(dir, I_MUTEX_PARENT);
++ ovl_cleanup(dir, dentry);
++ }
++}
+--- a/fs/overlayfs/super.c
++++ b/fs/overlayfs/super.c
+@@ -770,7 +770,7 @@ retry:
+ goto out_dput;
+
+ retried = true;
+- ovl_cleanup(dir, work);
++ ovl_workdir_cleanup(dir, mnt, work, 0);
+ dput(work);
+ goto retry;
+ }
--- /dev/null
+From c11b9fdd6a612f376a5e886505f1c54c16d8c380 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Thu, 1 Sep 2016 11:11:59 +0200
+Subject: ovl: remove posix_acl_default from workdir
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit c11b9fdd6a612f376a5e886505f1c54c16d8c380 upstream.
+
+Clear out posix acl xattrs on workdir and also reset the mode after
+creation so that an inherited sgid bit is cleared.
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/super.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+--- a/fs/overlayfs/super.c
++++ b/fs/overlayfs/super.c
+@@ -763,6 +763,10 @@ retry:
+ struct kstat stat = {
+ .mode = S_IFDIR | 0,
+ };
++ struct iattr attr = {
++ .ia_valid = ATTR_MODE,
++ .ia_mode = stat.mode,
++ };
+
+ if (work->d_inode) {
+ err = -EEXIST;
+@@ -778,6 +782,21 @@ retry:
+ err = ovl_create_real(dir, work, &stat, NULL, NULL, true);
+ if (err)
+ goto out_dput;
++
++ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
++ if (err && err != -ENODATA)
++ goto out_dput;
++
++ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
++ if (err && err != -ENODATA)
++ goto out_dput;
++
++ /* Clear any inherited mode bits */
++ inode_lock(work->d_inode);
++ err = notify_change(work, &attr, NULL);
++ inode_unlock(work->d_inode);
++ if (err)
++ goto out_dput;
+ }
+ out_unlock:
+ mutex_unlock(&dir->i_mutex);
xfs-fix-superblock-inprogress-check.patch
timekeeping-cap-array-access-in-timekeeping_debug.patch
timekeeping-avoid-taking-lock-in-nmi-path-with-config_debug_timekeeping.patch
+wrappers-for-i_mutex-access.patch
+ovl-proper-cleanup-of-workdir.patch
+ovl-don-t-copy-up-opaqueness.patch
+ovl-remove-posix_acl_default-from-workdir.patch
+ovl-listxattr-use-strnlen.patch
+ovl-fix-workdir-creation.patch
+ubifs-fix-assertion-in-layout_in_gaps.patch
+bcache-reserve_prio-is-too-small-by-one-when-prio_buckets-is-a-power-of-two.patch
+vhost-scsi-fix-reuse-of-vq-iov-in-response.patch
+x86-apic-do-not-init-irq-remapping-if-ioapic-is-disabled.patch
--- /dev/null
+From c0082e985fdf77b02fc9e0dac3b58504dcf11b7a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@intel.com>
+Date: Fri, 12 Aug 2016 15:26:30 +0200
+Subject: ubifs: Fix assertion in layout_in_gaps()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Vincent Stehlé <vincent.stehle@intel.com>
+
+commit c0082e985fdf77b02fc9e0dac3b58504dcf11b7a upstream.
+
+An assertion in layout_in_gaps() verifies that the gap_lebs pointer is
+below the maximum bound. When computing this maximum bound the idx_lebs
+count is multiplied by sizeof(int), while C pointers arithmetic does take
+into account the size of the pointed elements implicitly already. Remove
+the multiplication to fix the assertion.
+
+Fixes: 1e51764a3c2ac05a ("UBIFS: add new flash file system")
+Signed-off-by: Vincent Stehlé <vincent.stehle@intel.com>
+Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
+Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ubifs/tnc_commit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ubifs/tnc_commit.c
++++ b/fs/ubifs/tnc_commit.c
+@@ -370,7 +370,7 @@ static int layout_in_gaps(struct ubifs_i
+
+ p = c->gap_lebs;
+ do {
+- ubifs_assert(p < c->gap_lebs + sizeof(int) * c->lst.idx_lebs);
++ ubifs_assert(p < c->gap_lebs + c->lst.idx_lebs);
+ written = layout_leb_in_gaps(c, p);
+ if (written < 0) {
+ err = written;
--- /dev/null
+From a77ec83a57890240c546df00ca5df1cdeedb1cc3 Mon Sep 17 00:00:00 2001
+From: Benjamin Coddington <bcodding@redhat.com>
+Date: Mon, 6 Jun 2016 18:07:59 -0400
+Subject: vhost/scsi: fix reuse of &vq->iov[out] in response
+
+From: Benjamin Coddington <bcodding@redhat.com>
+
+commit a77ec83a57890240c546df00ca5df1cdeedb1cc3 upstream.
+
+The address of the iovec &vq->iov[out] is not guaranteed to contain the scsi
+command's response iovec throughout the lifetime of the command. Rather, it
+is more likely to contain an iovec from an immediately following command
+after looping back around to vhost_get_vq_desc(). Pass along the iovec
+entirely instead.
+
+Fixes: 79c14141a487 ("vhost/scsi: Convert completion path to use copy_to_iter")
+Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vhost/scsi.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/vhost/scsi.c
++++ b/drivers/vhost/scsi.c
+@@ -88,7 +88,7 @@ struct vhost_scsi_cmd {
+ struct scatterlist *tvc_prot_sgl;
+ struct page **tvc_upages;
+ /* Pointer to response header iovec */
+- struct iovec *tvc_resp_iov;
++ struct iovec tvc_resp_iov;
+ /* Pointer to vhost_scsi for our device */
+ struct vhost_scsi *tvc_vhost;
+ /* Pointer to vhost_virtqueue for the cmd */
+@@ -557,7 +557,7 @@ static void vhost_scsi_complete_cmd_work
+ memcpy(v_rsp.sense, cmd->tvc_sense_buf,
+ se_cmd->scsi_sense_length);
+
+- iov_iter_init(&iov_iter, READ, cmd->tvc_resp_iov,
++ iov_iter_init(&iov_iter, READ, &cmd->tvc_resp_iov,
+ cmd->tvc_in_iovs, sizeof(v_rsp));
+ ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter);
+ if (likely(ret == sizeof(v_rsp))) {
+@@ -1054,7 +1054,7 @@ vhost_scsi_handle_vq(struct vhost_scsi *
+ }
+ cmd->tvc_vhost = vs;
+ cmd->tvc_vq = vq;
+- cmd->tvc_resp_iov = &vq->iov[out];
++ cmd->tvc_resp_iov = vq->iov[out];
+ cmd->tvc_in_iovs = in;
+
+ pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n",
--- /dev/null
+From 5955102c9984fa081b2d570cfac75c97eecf8f3b Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Fri, 22 Jan 2016 15:40:57 -0500
+Subject: [PATCH] wrappers for ->i_mutex access
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 5955102c9984fa081b2d570cfac75c97eecf8f3b upstream
+
+parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
+inode_foo(inode) being mutex_foo(&inode->i_mutex).
+
+Please, use those for access to ->i_mutex; over the coming cycle
+->i_mutex will become rwsem, with ->lookup() done with it held
+only shared.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+[only the fs.h change included to make backports easier - gregkh]
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/fs.h | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -710,6 +710,31 @@ enum inode_i_mutex_lock_class
+ I_MUTEX_PARENT2,
+ };
+
++static inline void inode_lock(struct inode *inode)
++{
++ mutex_lock(&inode->i_mutex);
++}
++
++static inline void inode_unlock(struct inode *inode)
++{
++ mutex_unlock(&inode->i_mutex);
++}
++
++static inline int inode_trylock(struct inode *inode)
++{
++ return mutex_trylock(&inode->i_mutex);
++}
++
++static inline int inode_is_locked(struct inode *inode)
++{
++ return mutex_is_locked(&inode->i_mutex);
++}
++
++static inline void inode_lock_nested(struct inode *inode, unsigned subclass)
++{
++ mutex_lock_nested(&inode->i_mutex, subclass);
++}
++
+ void lock_two_nondirectories(struct inode *, struct inode*);
+ void unlock_two_nondirectories(struct inode *, struct inode*);
+
+@@ -3029,8 +3054,8 @@ static inline bool dir_emit_dots(struct
+ }
+ static inline bool dir_relax(struct inode *inode)
+ {
+- mutex_unlock(&inode->i_mutex);
+- mutex_lock(&inode->i_mutex);
++ inode_unlock(inode);
++ inode_lock(inode);
+ return !IS_DEADDIR(inode);
+ }
+
--- /dev/null
+From 2e63ad4bd5dd583871e6602f9d398b9322d358d9 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpeng.li@hotmail.com>
+Date: Tue, 23 Aug 2016 20:07:19 +0800
+Subject: x86/apic: Do not init irq remapping if ioapic is disabled
+
+From: Wanpeng Li <wanpeng.li@hotmail.com>
+
+commit 2e63ad4bd5dd583871e6602f9d398b9322d358d9 upstream.
+
+native_smp_prepare_cpus
+ -> default_setup_apic_routing
+ -> enable_IR_x2apic
+ -> irq_remapping_prepare
+ -> intel_prepare_irq_remapping
+ -> intel_setup_irq_remapping
+
+So IR table is setup even if "noapic" boot parameter is added. As a result we
+crash later when the interrupt affinity is set due to a half initialized
+remapping infrastructure.
+
+Prevent remap initialization when IOAPIC is disabled.
+
+Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Joerg Roedel <joro@8bytes.org>
+Link: http://lkml.kernel.org/r/1471954039-3942-1-git-send-email-wanpeng.li@hotmail.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/apic/apic.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kernel/apic/apic.c
++++ b/arch/x86/kernel/apic/apic.c
+@@ -1587,6 +1587,9 @@ void __init enable_IR_x2apic(void)
+ unsigned long flags;
+ int ret, ir_stat;
+
++ if (skip_ioapic_setup)
++ return;
++
+ ir_stat = irq_remapping_prepare();
+ if (ir_stat < 0 && !x2apic_supported())
+ return;
projects / thirdparty / kernel / stable-queue.git / commitdiff
