--- /dev/null
+From b6dd8e0719c0d2d01429639a11b7bc2677de240c Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Thu, 8 Oct 2015 11:11:17 +0100
+Subject: arm64: errata: use KBUILD_CFLAGS_MODULE for erratum #843419
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit b6dd8e0719c0d2d01429639a11b7bc2677de240c upstream.
+
+Commit df057cc7b4fa ("arm64: errata: add module build workaround for
+erratum #843419") sets CFLAGS_MODULE to ensure that the large memory
+model is used by the compiler when building kernel modules.
+
+However, CFLAGS_MODULE is an environment variable and intended to be
+overridden on the command line, which appears to be the case with the
+Ubuntu kernel packaging system, so use KBUILD_CFLAGS_MODULE instead.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Fixes: df057cc7b4fa ("arm64: errata: add module build workaround for erratum #843419")
+Reported-by: Dann Frazier <dann.frazier@canonical.com>
+Tested-by: Dann Frazier <dann.frazier@canonical.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/Makefile
++++ b/arch/arm64/Makefile
+@@ -31,7 +31,7 @@ endif
+ CHECKFLAGS += -D__aarch64__
+
+ ifeq ($(CONFIG_ARM64_ERRATUM_843419), y)
+-CFLAGS_MODULE += -mcmodel=large
++KBUILD_CFLAGS_MODULE += -mcmodel=large
+ endif
+
+ # Default value
--- /dev/null
+From 8eb934591f8bf584969454a658f629cd06e59f3a Mon Sep 17 00:00:00 2001
+From: David Sterba <dsterba@suse.com>
+Date: Mon, 12 Oct 2015 16:55:54 +0200
+Subject: btrfs: check unsupported filters in balance arguments
+
+From: David Sterba <dsterba@suse.com>
+
+commit 8eb934591f8bf584969454a658f629cd06e59f3a upstream.
+
+We don't verify that all the balance filter arguments supplemented by
+the flags are actually known to the kernel. Thus we let it silently pass
+and do nothing.
+
+At the moment this means only the 'limit' filter, but we're going to add
+a few more soon so it's better to have that fixed. Also in older stable
+kernels so that it works with newer userspace tools.
+
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Chris Mason <clm@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/ioctl.c | 5 +++++
+ fs/btrfs/volumes.h | 8 ++++++++
+ 2 files changed, 13 insertions(+)
+
+--- a/fs/btrfs/ioctl.c
++++ b/fs/btrfs/ioctl.c
+@@ -4492,6 +4492,11 @@ locked:
+ bctl->flags |= BTRFS_BALANCE_TYPE_MASK;
+ }
+
++ if (bctl->flags & ~(BTRFS_BALANCE_ARGS_MASK | BTRFS_BALANCE_TYPE_MASK)) {
++ ret = -EINVAL;
++ goto out_bargs;
++ }
++
+ do_balance:
+ /*
+ * Ownership of bctl and mutually_exclusive_operation_running
+--- a/fs/btrfs/volumes.h
++++ b/fs/btrfs/volumes.h
+@@ -372,6 +372,14 @@ struct map_lookup {
+ #define BTRFS_BALANCE_ARGS_VRANGE (1ULL << 4)
+ #define BTRFS_BALANCE_ARGS_LIMIT (1ULL << 5)
+
++#define BTRFS_BALANCE_ARGS_MASK \
++ (BTRFS_BALANCE_ARGS_PROFILES | \
++ BTRFS_BALANCE_ARGS_USAGE | \
++ BTRFS_BALANCE_ARGS_DEVID | \
++ BTRFS_BALANCE_ARGS_DRANGE | \
++ BTRFS_BALANCE_ARGS_VRANGE | \
++ BTRFS_BALANCE_ARGS_LIMIT)
++
+ /*
+ * Profile changing flags. When SOFT is set we won't relocate chunk if
+ * it already has the target profile (even though it may be
--- /dev/null
+From dc6c5fb3b514221f2e9d21ee626a9d95d3418dff Mon Sep 17 00:00:00 2001
+From: Chris Mason <clm@fb.com>
+Date: Tue, 13 Oct 2015 14:06:48 -0400
+Subject: btrfs: fix use after free iterating extrefs
+
+From: Chris Mason <clm@fb.com>
+
+commit dc6c5fb3b514221f2e9d21ee626a9d95d3418dff upstream.
+
+The code for btrfs inode-resolve has never worked properly for
+files with enough hard links to trigger extrefs. It was trying to
+get the leaf out of a path after freeing the path:
+
+ btrfs_release_path(path);
+ leaf = path->nodes[0];
+ item_size = btrfs_item_size_nr(leaf, slot);
+
+The fix here is to use the extent buffer we cloned just a little higher
+up to avoid deadlocks caused by using the leaf in the path.
+
+Signed-off-by: Chris Mason <clm@fb.com>
+cc: Mark Fasheh <mfasheh@suse.de>
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Mark Fasheh <mfasheh@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/backref.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+--- a/fs/btrfs/backref.c
++++ b/fs/btrfs/backref.c
+@@ -1786,7 +1786,6 @@ static int iterate_inode_extrefs(u64 inu
+ int found = 0;
+ struct extent_buffer *eb;
+ struct btrfs_inode_extref *extref;
+- struct extent_buffer *leaf;
+ u32 item_size;
+ u32 cur_offset;
+ unsigned long ptr;
+@@ -1814,9 +1813,8 @@ static int iterate_inode_extrefs(u64 inu
+ btrfs_set_lock_blocking_rw(eb, BTRFS_READ_LOCK);
+ btrfs_release_path(path);
+
+- leaf = path->nodes[0];
+- item_size = btrfs_item_size_nr(leaf, slot);
+- ptr = btrfs_item_ptr_offset(leaf, slot);
++ item_size = btrfs_item_size_nr(eb, slot);
++ ptr = btrfs_item_ptr_offset(eb, slot);
+ cur_offset = 0;
+
+ while (cur_offset < item_size) {
+@@ -1830,7 +1828,7 @@ static int iterate_inode_extrefs(u64 inu
+ if (ret)
+ break;
+
+- cur_offset += btrfs_inode_extref_name_len(leaf, extref);
++ cur_offset += btrfs_inode_extref_name_len(eb, extref);
+ cur_offset += sizeof(*extref);
+ }
+ btrfs_tree_read_unlock_blocking(eb);
--- /dev/null
+From 8996eafdcbad149ac0f772fb1649fbb75c482a6a Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Fri, 9 Oct 2015 20:43:33 +0100
+Subject: crypto: ahash - ensure statesize is non-zero
+
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+
+commit 8996eafdcbad149ac0f772fb1649fbb75c482a6a upstream.
+
+Unlike shash algorithms, ahash drivers must implement export
+and import as their descriptors may contain hardware state and
+cannot be exported as is. Unfortunately some ahash drivers did
+not provide them and end up causing crashes with algif_hash.
+
+This patch adds a check to prevent these drivers from registering
+ahash algorithms until they are fixed.
+
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ahash.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -544,7 +544,8 @@ static int ahash_prepare_alg(struct ahas
+ struct crypto_alg *base = &alg->halg.base;
+
+ if (alg->halg.digestsize > PAGE_SIZE / 8 ||
+- alg->halg.statesize > PAGE_SIZE / 8)
++ alg->halg.statesize > PAGE_SIZE / 8 ||
++ alg->halg.statesize == 0)
+ return -EINVAL;
+
+ base->cra_type = &crypto_ahash_type;
--- /dev/null
+From a66d7f724a96d6fd279bfbd2ee488def6b081bea Mon Sep 17 00:00:00 2001
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+Date: Mon, 5 Oct 2015 10:08:51 -0500
+Subject: crypto: sparc - initialize blkcipher.ivsize
+
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+
+commit a66d7f724a96d6fd279bfbd2ee488def6b081bea upstream.
+
+Some of the crypto algorithms write to the initialization vector,
+but no space has been allocated for it. This clobbers adjacent memory.
+
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/sparc/crypto/aes_glue.c | 2 ++
+ arch/sparc/crypto/camellia_glue.c | 1 +
+ arch/sparc/crypto/des_glue.c | 2 ++
+ 3 files changed, 5 insertions(+)
+
+--- a/arch/sparc/crypto/aes_glue.c
++++ b/arch/sparc/crypto/aes_glue.c
+@@ -433,6 +433,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
++ .ivsize = AES_BLOCK_SIZE,
+ .setkey = aes_set_key,
+ .encrypt = cbc_encrypt,
+ .decrypt = cbc_decrypt,
+@@ -452,6 +453,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
++ .ivsize = AES_BLOCK_SIZE,
+ .setkey = aes_set_key,
+ .encrypt = ctr_crypt,
+ .decrypt = ctr_crypt,
+--- a/arch/sparc/crypto/camellia_glue.c
++++ b/arch/sparc/crypto/camellia_glue.c
+@@ -274,6 +274,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = CAMELLIA_MIN_KEY_SIZE,
+ .max_keysize = CAMELLIA_MAX_KEY_SIZE,
++ .ivsize = CAMELLIA_BLOCK_SIZE,
+ .setkey = camellia_set_key,
+ .encrypt = cbc_encrypt,
+ .decrypt = cbc_decrypt,
+--- a/arch/sparc/crypto/des_glue.c
++++ b/arch/sparc/crypto/des_glue.c
+@@ -429,6 +429,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = DES_KEY_SIZE,
+ .max_keysize = DES_KEY_SIZE,
++ .ivsize = DES_BLOCK_SIZE,
+ .setkey = des_set_key,
+ .encrypt = cbc_encrypt,
+ .decrypt = cbc_decrypt,
+@@ -485,6 +486,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = DES3_EDE_KEY_SIZE,
+ .max_keysize = DES3_EDE_KEY_SIZE,
++ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .setkey = des3_ede_set_key,
+ .encrypt = cbc3_encrypt,
+ .decrypt = cbc3_decrypt,
--- /dev/null
+From 621bd0f6982badd6483acb191eb7b6226a578328 Mon Sep 17 00:00:00 2001
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+Date: Tue, 29 Sep 2015 09:56:53 +0200
+Subject: drm: Fix locking for sysfs dpms file
+
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+
+commit 621bd0f6982badd6483acb191eb7b6226a578328 upstream.
+
+With atomic drivers we need to make sure that (at least in general)
+property reads hold the right locks. But the legacy dpms property is
+special and can be read locklessly. Since userspace loves to just
+randomly look at that all the time (like with "status") do that.
+
+To make it clear that we play tricks use the READ_ONCE compiler
+barrier (and also for paranoia).
+
+Note that there's not really anything bad going on since even with the
+new atomic paths we eventually end up not chasing any pointers (and
+hence possibly freed memory and other fun stuff). The locking WARNING
+has been added in
+
+commit 88a48e297b3a3bac6022c03babfb038f1a886cea
+Author: Rob Clark <robdclark@gmail.com>
+Date: Thu Dec 18 16:01:50 2014 -0500
+
+ drm: add atomic properties
+
+but since drivers are converting not everyone will have seen this from
+the start.
+
+Jens reported this and submitted a patch to just grab the
+mode_config.connection_mutex, but we can do a bit better.
+
+v2: Remove unused variables I failed to git add for real.
+
+Reference: http://mid.gmane.org/20150928194822.GA3930@kernel.dk
+Reported-by: Jens Axboe <axboe@fb.com>
+Tested-by: Jens Axboe <axboe@fb.com>
+Cc: Rob Clark <robdclark@gmail.com>
+Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/drm_sysfs.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+--- a/drivers/gpu/drm/drm_sysfs.c
++++ b/drivers/gpu/drm/drm_sysfs.c
+@@ -235,18 +235,12 @@ static ssize_t dpms_show(struct device *
+ char *buf)
+ {
+ struct drm_connector *connector = to_drm_connector(device);
+- struct drm_device *dev = connector->dev;
+- uint64_t dpms_status;
+- int ret;
++ int dpms;
+
+- ret = drm_object_property_get_value(&connector->base,
+- dev->mode_config.dpms_property,
+- &dpms_status);
+- if (ret)
+- return 0;
++ dpms = READ_ONCE(connector->dpms);
+
+ return snprintf(buf, PAGE_SIZE, "%s\n",
+- drm_get_dpms_name((int)dpms_status));
++ drm_get_dpms_name(dpms));
+ }
+
+ static ssize_t enabled_show(struct device *device,
--- /dev/null
+From 424cdc14138088ada1b0e407a2195b2783c6e5ef Mon Sep 17 00:00:00 2001
+From: Shaohua Li <shli@fb.com>
+Date: Thu, 15 Oct 2015 15:28:29 -0700
+Subject: memcg: convert threshold to bytes
+
+From: Shaohua Li <shli@fb.com>
+
+commit 424cdc14138088ada1b0e407a2195b2783c6e5ef upstream.
+
+page_counter_memparse() returns pages for the threshold, while
+mem_cgroup_usage() returns bytes for memory usage. Convert the
+threshold to bytes.
+
+Fixes: 3e32cb2e0a12b6915 ("memcg: rename cgroup_event to mem_cgroup_event").
+Signed-off-by: Shaohua Li <shli@fb.com>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/memcontrol.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/mm/memcontrol.c
++++ b/mm/memcontrol.c
+@@ -3677,6 +3677,7 @@ static int __mem_cgroup_usage_register_e
+ ret = page_counter_memparse(args, "-1", &threshold);
+ if (ret)
+ return ret;
++ threshold <<= PAGE_SHIFT;
+
+ mutex_lock(&memcg->thresholds_lock);
+
--- /dev/null
+From 8c3ad9cb7343dc5f61b8cf3cdbe1016c5e7c2c8b Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Fri, 9 Oct 2015 15:03:26 +0200
+Subject: nfsd/blocklayout: accept any minlength
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 8c3ad9cb7343dc5f61b8cf3cdbe1016c5e7c2c8b upstream.
+
+Recent Linux clients have started to send GETLAYOUT requests with
+minlength less than blocksize.
+
+Servers aren't really allowed to impose this kind of restriction on
+layouts; see RFC 5661 section 18.43.3 for details.
+
+This has been observed to cause indefinite hangs on fsx runs on some
+clients.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/blocklayout.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+--- a/fs/nfsd/blocklayout.c
++++ b/fs/nfsd/blocklayout.c
+@@ -56,14 +56,6 @@ nfsd4_block_proc_layoutget(struct inode
+ u32 device_generation = 0;
+ int error;
+
+- /*
+- * We do not attempt to support I/O smaller than the fs block size,
+- * or not aligned to it.
+- */
+- if (args->lg_minlength < block_size) {
+- dprintk("pnfsd: I/O too small\n");
+- goto out_layoutunavailable;
+- }
+ if (seg->offset & (block_size - 1)) {
+ dprintk("pnfsd: I/O misaligned\n");
+ goto out_layoutunavailable;
af_unix-convert-the-unix_sk-macro-to-an-inline-function-for-type-safety.patch
af_unix-return-data-from-multiple-skbs-on-recv-with-msg_peek-flag.patch
net-unix-fix-logic-about-sk_peek_offset.patch
+drm-fix-locking-for-sysfs-dpms-file.patch
+crypto-sparc-initialize-blkcipher.ivsize.patch
+crypto-ahash-ensure-statesize-is-non-zero.patch
+memcg-convert-threshold-to-bytes.patch
+btrfs-check-unsupported-filters-in-balance-arguments.patch
+btrfs-fix-use-after-free-iterating-extrefs.patch
+arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch
+nfsd-blocklayout-accept-any-minlength.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
