4.4-stable patches

added patches:
	kvm-x86-fix-fixing-of-hypercalls.patch
	qla2xxx-fix-erroneous-invalid-handle-message.patch
	scsi-lpfc-set-elsiocb-contexts-to-null-after-freeing-it.patch
	scsi-sd-fix-wrong-dpofua-disable-in-sd_read_cache_type.patch

diff --git a/queue-4.4/kvm-x86-fix-fixing-of-hypercalls.patch b/queue-4.4/kvm-x86-fix-fixing-of-hypercalls.patch
new file mode 100644 (file)
index 0000000..9ca9589
--- /dev/null
+++ b/queue-4.4/kvm-x86-fix-fixing-of-hypercalls.patch
@@ -0,0 +1,55 @@
+From foo@baz Mon Jul  3 11:12:35 CEST 2017
+From: Dmitry Vyukov <dvyukov@google.com>
+Date: Tue, 17 Jan 2017 14:51:04 +0100
+Subject: KVM: x86: fix fixing of hypercalls
+
+From: Dmitry Vyukov <dvyukov@google.com>
+
+
+[ Upstream commit ce2e852ecc9a42e4b8dabb46025cfef63209234a ]
+
+emulator_fix_hypercall() replaces hypercall with vmcall instruction,
+but it does not handle GP exception properly when writes the new instruction.
+It can return X86EMUL_PROPAGATE_FAULT without setting exception information.
+This leads to incorrect emulation and triggers
+WARN_ON(ctxt->exception.vector > 0x1f) in x86_emulate_insn()
+as discovered by syzkaller fuzzer:
+
+WARNING: CPU: 2 PID: 18646 at arch/x86/kvm/emulate.c:5558
+Call Trace:
+ warn_slowpath_null+0x2c/0x40 kernel/panic.c:582
+ x86_emulate_insn+0x16a5/0x4090 arch/x86/kvm/emulate.c:5572
+ x86_emulate_instruction+0x403/0x1cc0 arch/x86/kvm/x86.c:5618
+ emulate_instruction arch/x86/include/asm/kvm_host.h:1127 [inline]
+ handle_exception+0x594/0xfd0 arch/x86/kvm/vmx.c:5762
+ vmx_handle_exit+0x2b7/0x38b0 arch/x86/kvm/vmx.c:8625
+ vcpu_enter_guest arch/x86/kvm/x86.c:6888 [inline]
+ vcpu_run arch/x86/kvm/x86.c:6947 [inline]
+
+Set exception information when write in emulator_fix_hypercall() fails.
+
+Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Wanpeng Li <wanpeng.li@hotmail.com>
+Cc: kvm@vger.kernel.org
+Cc: syzkaller@googlegroups.com
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/x86.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -5974,7 +5974,8 @@ static int emulator_fix_hypercall(struct
+ 
+       kvm_x86_ops->patch_hypercall(vcpu, instruction);
+ 
+-      return emulator_write_emulated(ctxt, rip, instruction, 3, NULL);
++      return emulator_write_emulated(ctxt, rip, instruction, 3,
++              &ctxt->exception);
+ }
+ 
+ static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)

diff --git a/queue-4.4/qla2xxx-fix-erroneous-invalid-handle-message.patch b/queue-4.4/qla2xxx-fix-erroneous-invalid-handle-message.patch
new file mode 100644 (file)
index 0000000..ace4350
--- /dev/null
+++ b/queue-4.4/qla2xxx-fix-erroneous-invalid-handle-message.patch
@@ -0,0 +1,55 @@
+From foo@baz Mon Jul  3 11:12:35 CEST 2017
+From: Quinn Tran <quinn.tran@cavium.com>
+Date: Fri, 23 Dec 2016 18:06:13 -0800
+Subject: qla2xxx: Fix erroneous invalid handle message
+
+From: Quinn Tran <quinn.tran@cavium.com>
+
+
+[ Upstream commit 4f060736f29a960aba8e781a88837464756200a8 ]
+
+Termination of Immediate Notify IOCB was using wrong
+IOCB handle. IOCB completion code was unable to find
+appropriate code path due to wrong handle.
+
+Following message is seen in the logs.
+
+"Error entry - invalid handle/queue (ffff)."
+
+Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+[ bvanassche: Fixed word order in patch title ]
+Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
+
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_isr.c    |    4 ++++
+ drivers/scsi/qla2xxx/qla_target.c |    2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/qla2xxx/qla_isr.c
++++ b/drivers/scsi/qla2xxx/qla_isr.c
+@@ -2466,6 +2466,10 @@ qla2x00_error_entry(scsi_qla_host_t *vha
+       if (pkt->entry_status & RF_BUSY)
+               res = DID_BUS_BUSY << 16;
+ 
++      if (pkt->entry_type == NOTIFY_ACK_TYPE &&
++          pkt->handle == QLA_TGT_SKIP_HANDLE)
++              return;
++
+       sp = qla2x00_get_sp_from_handle(vha, func, req, pkt);
+       if (sp) {
+               sp->done(ha, sp, res);
+--- a/drivers/scsi/qla2xxx/qla_target.c
++++ b/drivers/scsi/qla2xxx/qla_target.c
+@@ -2865,7 +2865,7 @@ static int __qlt_send_term_imm_notif(str
+ 
+       pkt->entry_type = NOTIFY_ACK_TYPE;
+       pkt->entry_count = 1;
+-      pkt->handle = QLA_TGT_SKIP_HANDLE | CTIO_COMPLETION_HANDLE_MARK;
++      pkt->handle = QLA_TGT_SKIP_HANDLE;
+ 
+       nack = (struct nack_to_isp *)pkt;
+       nack->ox_id = ntfy->ox_id;

diff --git a/queue-4.4/scsi-lpfc-set-elsiocb-contexts-to-null-after-freeing-it.patch b/queue-4.4/scsi-lpfc-set-elsiocb-contexts-to-null-after-freeing-it.patch
new file mode 100644 (file)
index 0000000..02eed9d
--- /dev/null
+++ b/queue-4.4/scsi-lpfc-set-elsiocb-contexts-to-null-after-freeing-it.patch
@@ -0,0 +1,38 @@
+From foo@baz Mon Jul  3 11:12:35 CEST 2017
+From: Johannes Thumshirn <jthumshirn@suse.de>
+Date: Tue, 10 Jan 2017 12:05:54 +0100
+Subject: scsi: lpfc: Set elsiocb contexts to NULL after freeing it
+
+From: Johannes Thumshirn <jthumshirn@suse.de>
+
+
+[ Upstream commit 8667f515952feefebb3c0f8d9a9266c91b101a46 ]
+
+Set the elsiocb contexts to NULL after freeing as others depend on it.
+
+Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
+Acked-by: Dick Kennedy <dick.kennedy@broadcom.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/lpfc/lpfc_els.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/scsi/lpfc/lpfc_els.c
++++ b/drivers/scsi/lpfc/lpfc_els.c
+@@ -3563,12 +3563,14 @@ lpfc_els_free_iocb(struct lpfc_hba *phba
+               } else {
+                       buf_ptr1 = (struct lpfc_dmabuf *) elsiocb->context2;
+                       lpfc_els_free_data(phba, buf_ptr1);
++                      elsiocb->context2 = NULL;
+               }
+       }
+ 
+       if (elsiocb->context3) {
+               buf_ptr = (struct lpfc_dmabuf *) elsiocb->context3;
+               lpfc_els_free_bpl(phba, buf_ptr);
++              elsiocb->context3 = NULL;
+       }
+       lpfc_sli_release_iocbq(phba, elsiocb);
+       return 0;

diff --git a/queue-4.4/scsi-sd-fix-wrong-dpofua-disable-in-sd_read_cache_type.patch b/queue-4.4/scsi-sd-fix-wrong-dpofua-disable-in-sd_read_cache_type.patch
new file mode 100644 (file)
index 0000000..95f7cec
--- /dev/null
+++ b/queue-4.4/scsi-sd-fix-wrong-dpofua-disable-in-sd_read_cache_type.patch
@@ -0,0 +1,37 @@
+From foo@baz Mon Jul  3 11:12:35 CEST 2017
+From: Damien Le Moal <damien.lemoal@wdc.com>
+Date: Thu, 12 Jan 2017 15:25:10 +0900
+Subject: scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type
+
+From: Damien Le Moal <damien.lemoal@wdc.com>
+
+
+[ Upstream commit 26f2819772af891dee2843e1f8662c58e5129d5f ]
+
+Zoned block devices force the use of READ/WRITE(16) commands by setting
+sdkp->use_16_for_rw and clearing sdkp->use_10_for_rw. This result in
+DPOFUA always being disabled for these drives as the assumed use of
+the deprecated READ/WRITE(6) commands only looks at sdkp->use_10_for_rw.
+Strenghten the test by also checking that sdkp->use_16_for_rw is false.
+
+Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
+Reviewed-by: Hannes Reinecke <hare@suse.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/sd.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -2566,7 +2566,8 @@ sd_read_cache_type(struct scsi_disk *sdk
+               if (sdp->broken_fua) {
+                       sd_first_printk(KERN_NOTICE, sdkp, "Disabling FUA\n");
+                       sdkp->DPOFUA = 0;
+-              } else if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) {
++              } else if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw &&
++                         !sdkp->device->use_16_for_rw) {
+                       sd_first_printk(KERN_NOTICE, sdkp,
+                                 "Uses READ/WRITE(6), disabling FUA\n");
+                       sdkp->DPOFUA = 0;

diff --git a/queue-4.4/series b/queue-4.4/series
index 6237ab75072b8f14162a09fac39656bacad670ca..f0fc210ce7db89e2dbd7a1f75a93f2ecf9c98555 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -29,3 +29,7 @@ usb-gadget-f_fs-fix-possibe-deadlock.patch
 sysctl-enable-strict-writes.patch
 block-fix-module-reference-leak-on-put_disk-call-for-cgroups-throttle.patch
 mm-numa-avoid-waiting-on-freed-migrated-pages.patch
+kvm-x86-fix-fixing-of-hypercalls.patch
+scsi-sd-fix-wrong-dpofua-disable-in-sd_read_cache_type.patch
+scsi-lpfc-set-elsiocb-contexts-to-null-after-freeing-it.patch
+qla2xxx-fix-erroneous-invalid-handle-message.patch