--- /dev/null
+From 2d4ecb030dcc90fb725ecbfc82ce5d6c37906e0e Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Thu, 30 Jan 2020 13:34:59 +0300
+Subject: cgroup: cgroup_procs_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit 2d4ecb030dcc90fb725ecbfc82ce5d6c37906e0e upstream.
+
+If seq_file .next fuction does not change position index,
+read after some lseek can generate unexpected output:
+
+1) dd bs=1 skip output of each 2nd elements
+$ dd if=/sys/fs/cgroup/cgroup.procs bs=8 count=1
+2
+3
+4
+5
+1+0 records in
+1+0 records out
+8 bytes copied, 0,000267297 s, 29,9 kB/s
+[test@localhost ~]$ dd if=/sys/fs/cgroup/cgroup.procs bs=1 count=8
+2
+4 <<< NB! 3 was skipped
+6 <<< ... and 5 too
+8 <<< ... and 7
+8+0 records in
+8+0 records out
+8 bytes copied, 5,2123e-05 s, 153 kB/s
+
+ This happen because __cgroup_procs_start() makes an extra
+ extra cgroup_procs_next() call
+
+2) read after lseek beyond end of file generates whole last line.
+3) read after lseek into middle of last line generates
+expected rest of last line and unexpected whole line once again.
+
+Additionally patch removes an extra position index changes in
+__cgroup_procs_start()
+
+Cc: stable@vger.kernel.org
+https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup/cgroup.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/kernel/cgroup/cgroup.c
++++ b/kernel/cgroup/cgroup.c
+@@ -4600,6 +4600,9 @@ static void *cgroup_procs_next(struct se
+ struct kernfs_open_file *of = s->private;
+ struct css_task_iter *it = of->priv;
+
++ if (pos)
++ (*pos)++;
++
+ return css_task_iter_next(it);
+ }
+
+@@ -4615,7 +4618,7 @@ static void *__cgroup_procs_start(struct
+ * from position 0, so we can simply keep iterating on !0 *pos.
+ */
+ if (!it) {
+- if (WARN_ON_ONCE((*pos)++))
++ if (WARN_ON_ONCE((*pos)))
+ return ERR_PTR(-EINVAL);
+
+ it = kzalloc(sizeof(*it), GFP_KERNEL);
+@@ -4623,10 +4626,11 @@ static void *__cgroup_procs_start(struct
+ return ERR_PTR(-ENOMEM);
+ of->priv = it;
+ css_task_iter_start(&cgrp->self, iter_flags, it);
+- } else if (!(*pos)++) {
++ } else if (!(*pos)) {
+ css_task_iter_end(it);
+ css_task_iter_start(&cgrp->self, iter_flags, it);
+- }
++ } else
++ return it->cur_task;
+
+ return cgroup_procs_next(s, NULL, NULL);
+ }
--- /dev/null
+From 190ecb190a9cd8c0599d8499b901e3c32e87966a Mon Sep 17 00:00:00 2001
+From: Qian Cai <cai@lca.pw>
+Date: Sun, 23 Feb 2020 22:00:07 -0500
+Subject: cgroup: fix psi_show() crash on 32bit ino archs
+
+From: Qian Cai <cai@lca.pw>
+
+commit 190ecb190a9cd8c0599d8499b901e3c32e87966a upstream.
+
+Similar to the commit d7495343228f ("cgroup: fix incorrect
+WARN_ON_ONCE() in cgroup_setup_root()"), cgroup_id(root_cgrp) does not
+equal to 1 on 32bit ino archs which triggers all sorts of issues with
+psi_show() on s390x. For example,
+
+ BUG: KASAN: slab-out-of-bounds in collect_percpu_times+0x2d0/
+ Read of size 4 at addr 000000001e0ce000 by task read_all/3667
+ collect_percpu_times+0x2d0/0x798
+ psi_show+0x7c/0x2a8
+ seq_read+0x2ac/0x830
+ vfs_read+0x92/0x150
+ ksys_read+0xe2/0x188
+ system_call+0xd8/0x2b4
+
+Fix it by using cgroup_ino().
+
+Fixes: 743210386c03 ("cgroup: use cgrp->kn->id as the cgroup ID")
+Signed-off-by: Qian Cai <cai@lca.pw>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: stable@vger.kernel.org # v5.5
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup/cgroup.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/kernel/cgroup/cgroup.c
++++ b/kernel/cgroup/cgroup.c
+@@ -3547,21 +3547,21 @@ static int cpu_stat_show(struct seq_file
+ static int cgroup_io_pressure_show(struct seq_file *seq, void *v)
+ {
+ struct cgroup *cgrp = seq_css(seq)->cgroup;
+- struct psi_group *psi = cgroup_id(cgrp) == 1 ? &psi_system : &cgrp->psi;
++ struct psi_group *psi = cgroup_ino(cgrp) == 1 ? &psi_system : &cgrp->psi;
+
+ return psi_show(seq, psi, PSI_IO);
+ }
+ static int cgroup_memory_pressure_show(struct seq_file *seq, void *v)
+ {
+ struct cgroup *cgrp = seq_css(seq)->cgroup;
+- struct psi_group *psi = cgroup_id(cgrp) == 1 ? &psi_system : &cgrp->psi;
++ struct psi_group *psi = cgroup_ino(cgrp) == 1 ? &psi_system : &cgrp->psi;
+
+ return psi_show(seq, psi, PSI_MEM);
+ }
+ static int cgroup_cpu_pressure_show(struct seq_file *seq, void *v)
+ {
+ struct cgroup *cgrp = seq_css(seq)->cgroup;
+- struct psi_group *psi = cgroup_id(cgrp) == 1 ? &psi_system : &cgrp->psi;
++ struct psi_group *psi = cgroup_ino(cgrp) == 1 ? &psi_system : &cgrp->psi;
+
+ return psi_show(seq, psi, PSI_CPU);
+ }
--- /dev/null
+From 9c974c77246460fa6a92c18554c3311c8c83c160 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
+Date: Fri, 24 Jan 2020 12:40:15 +0100
+Subject: cgroup: Iterate tasks that did not finish do_exit()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michal Koutný <mkoutny@suse.com>
+
+commit 9c974c77246460fa6a92c18554c3311c8c83c160 upstream.
+
+PF_EXITING is set earlier than actual removal from css_set when a task
+is exitting. This can confuse cgroup.procs readers who see no PF_EXITING
+tasks, however, rmdir is checking against css_set membership so it can
+transitionally fail with EBUSY.
+
+Fix this by listing tasks that weren't unlinked from css_set active
+lists.
+It may happen that other users of the task iterator (without
+CSS_TASK_ITER_PROCS) spot a PF_EXITING task before cgroup_exit(). This
+is equal to the state before commit c03cd7738a83 ("cgroup: Include dying
+leaders with live threads in PROCS iterations") but it may be reviewed
+later.
+
+Reported-by: Suren Baghdasaryan <surenb@google.com>
+Fixes: c03cd7738a83 ("cgroup: Include dying leaders with live threads in PROCS iterations")
+Signed-off-by: Michal Koutný <mkoutny@suse.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/cgroup.h | 1 +
+ kernel/cgroup/cgroup.c | 23 ++++++++++++++++-------
+ 2 files changed, 17 insertions(+), 7 deletions(-)
+
+--- a/include/linux/cgroup.h
++++ b/include/linux/cgroup.h
+@@ -62,6 +62,7 @@ struct css_task_iter {
+ struct list_head *mg_tasks_head;
+ struct list_head *dying_tasks_head;
+
++ struct list_head *cur_tasks_head;
+ struct css_set *cur_cset;
+ struct css_set *cur_dcset;
+ struct task_struct *cur_task;
+--- a/kernel/cgroup/cgroup.c
++++ b/kernel/cgroup/cgroup.c
+@@ -4405,12 +4405,16 @@ static void css_task_iter_advance_css_se
+ }
+ } while (!css_set_populated(cset) && list_empty(&cset->dying_tasks));
+
+- if (!list_empty(&cset->tasks))
++ if (!list_empty(&cset->tasks)) {
+ it->task_pos = cset->tasks.next;
+- else if (!list_empty(&cset->mg_tasks))
++ it->cur_tasks_head = &cset->tasks;
++ } else if (!list_empty(&cset->mg_tasks)) {
+ it->task_pos = cset->mg_tasks.next;
+- else
++ it->cur_tasks_head = &cset->mg_tasks;
++ } else {
+ it->task_pos = cset->dying_tasks.next;
++ it->cur_tasks_head = &cset->dying_tasks;
++ }
+
+ it->tasks_head = &cset->tasks;
+ it->mg_tasks_head = &cset->mg_tasks;
+@@ -4468,10 +4472,14 @@ repeat:
+ else
+ it->task_pos = it->task_pos->next;
+
+- if (it->task_pos == it->tasks_head)
++ if (it->task_pos == it->tasks_head) {
+ it->task_pos = it->mg_tasks_head->next;
+- if (it->task_pos == it->mg_tasks_head)
++ it->cur_tasks_head = it->mg_tasks_head;
++ }
++ if (it->task_pos == it->mg_tasks_head) {
+ it->task_pos = it->dying_tasks_head->next;
++ it->cur_tasks_head = it->dying_tasks_head;
++ }
+ if (it->task_pos == it->dying_tasks_head)
+ css_task_iter_advance_css_set(it);
+ } else {
+@@ -4490,11 +4498,12 @@ repeat:
+ goto repeat;
+
+ /* and dying leaders w/o live member threads */
+- if (!atomic_read(&task->signal->live))
++ if (it->cur_tasks_head == it->dying_tasks_head &&
++ !atomic_read(&task->signal->live))
+ goto repeat;
+ } else {
+ /* skip all dying ones */
+- if (task->flags & PF_EXITING)
++ if (it->cur_tasks_head == it->dying_tasks_head)
+ goto repeat;
+ }
+ }
--- /dev/null
+From 81ee85d0462410de8eeeec1b9761941fd6ed8c7b Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 9 Mar 2020 19:25:10 +0100
+Subject: iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 81ee85d0462410de8eeeec1b9761941fd6ed8c7b upstream.
+
+Quoting from the comment describing the WARN functions in
+include/asm-generic/bug.h:
+
+ * WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
+ * significant kernel issues that need prompt attention if they should ever
+ * appear at runtime.
+ *
+ * Do not use these macros when checking for invalid external inputs
+
+The (buggy) firmware tables which the dmar code was calling WARN_TAINT
+for really are invalid external inputs. They are not under the kernel's
+control and the issues in them cannot be fixed by a kernel update.
+So logging a backtrace, which invites bug reports to be filed about this,
+is not helpful.
+
+Fixes: 556ab45f9a77 ("ioat2: catch and recover from broken vtd configurations v6")
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
+Link: https://lore.kernel.org/r/20200309182510.373875-1-hdegoede@redhat.com
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=701847
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/intel-iommu.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -4141,10 +4141,11 @@ static void quirk_ioat_snb_local_iommu(s
+
+ /* we know that the this iommu should be at offset 0xa000 from vtbar */
+ drhd = dmar_find_matched_drhd_unit(pdev);
+- if (WARN_TAINT_ONCE(!drhd || drhd->reg_base_addr - vtbar != 0xa000,
+- TAINT_FIRMWARE_WORKAROUND,
+- "BIOS assigned incorrect VT-d unit for Intel(R) QuickData Technology device\n"))
++ if (!drhd || drhd->reg_base_addr - vtbar != 0xa000) {
++ pr_warn_once(FW_BUG "BIOS assigned incorrect VT-d unit for Intel(R) QuickData Technology device\n");
++ add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK);
+ pdev->dev.archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
++ }
+ }
+ DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_IOAT_SNB, quirk_ioat_snb_local_iommu);
+
--- /dev/null
+From a9149d243f259ad8f02b1e23dfe8ba06128f15e1 Mon Sep 17 00:00:00 2001
+From: Dan Moulding <dmoulding@me.com>
+Date: Tue, 28 Jan 2020 02:31:07 -0700
+Subject: iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
+
+From: Dan Moulding <dmoulding@me.com>
+
+commit a9149d243f259ad8f02b1e23dfe8ba06128f15e1 upstream.
+
+The logic for checking required NVM sections was recently fixed in
+commit b3f20e098293 ("iwlwifi: mvm: fix NVM check for 3168
+devices"). However, with that fixed the else is now taken for 3168
+devices and within the else clause there is a mandatory check for the
+PHY_SKU section. This causes the parsing to fail for 3168 devices.
+
+The PHY_SKU section is really only mandatory for the IWL_NVM_EXT
+layout (the phy_sku parameter of iwl_parse_nvm_data is only used when
+the NVM type is IWL_NVM_EXT). So this changes the PHY_SKU section
+check so that it's only mandatory for IWL_NVM_EXT.
+
+Fixes: b3f20e098293 ("iwlwifi: mvm: fix NVM check for 3168 devices")
+Signed-off-by: Dan Moulding <dmoulding@me.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/intel/iwlwifi/mvm/nvm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c
+@@ -308,7 +308,8 @@ iwl_parse_nvm_sections(struct iwl_mvm *m
+ }
+
+ /* PHY_SKU section is mandatory in B0 */
+- if (!mvm->nvm_sections[NVM_SECTION_TYPE_PHY_SKU].data) {
++ if (mvm->trans->cfg->nvm_type == IWL_NVM_EXT &&
++ !mvm->nvm_sections[NVM_SECTION_TYPE_PHY_SKU].data) {
+ IWL_ERR(mvm,
+ "Can't parse phy_sku in B0, empty sections\n");
+ return NULL;
--- /dev/null
+From dc15af8e9dbd039ebb06336597d2c491ef46ab74 Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 25 Feb 2020 10:05:47 +0300
+Subject: netfilter: nf_conntrack: ct_cpu_seq_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit dc15af8e9dbd039ebb06336597d2c491ef46ab74 upstream.
+
+If .next function does not change position index,
+following .show function will repeat output related
+to current position index.
+
+Cc: stable@vger.kernel.org
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_conntrack_standalone.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_conntrack_standalone.c
++++ b/net/netfilter/nf_conntrack_standalone.c
+@@ -411,7 +411,7 @@ static void *ct_cpu_seq_next(struct seq_
+ *pos = cpu + 1;
+ return per_cpu_ptr(net->ct.stat, cpu);
+ }
+-
++ (*pos)++;
+ return NULL;
+ }
+
--- /dev/null
+From 1d305ba40eb8081ff21eeb8ca6ba5c70fd920934 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Thu, 5 Mar 2020 11:15:36 +0100
+Subject: netfilter: nf_tables: fix infinite loop when expr is not available
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 1d305ba40eb8081ff21eeb8ca6ba5c70fd920934 upstream.
+
+nft will loop forever if the kernel doesn't support an expression:
+
+1. nft_expr_type_get() appends the family specific name to the module list.
+2. -EAGAIN is returned to nfnetlink, nfnetlink calls abort path.
+3. abort path sets ->done to true and calls request_module for the
+ expression.
+4. nfnetlink replays the batch, we end up in nft_expr_type_get() again.
+5. nft_expr_type_get attempts to append family-specific name. This
+ one already exists on the list, so we continue
+6. nft_expr_type_get adds the generic expression name to the module
+ list. -EAGAIN is returned, nfnetlink calls abort path.
+7. abort path encounters the family-specific expression which
+ has 'done' set, so it gets removed.
+8. abort path requests the generic expression name, sets done to true.
+9. batch is replayed.
+
+If the expression could not be loaded, then we will end up back at 1),
+because the family-specific name got removed and the cycle starts again.
+
+Note that userspace can SIGKILL the nft process to stop the cycle, but
+the desired behaviour is to return an error after the generic expr name
+fails to load the expression.
+
+Fixes: eb014de4fd418 ("netfilter: nf_tables: autoload modules from the abort path")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_api.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -7250,13 +7250,8 @@ static void nf_tables_module_autoload(st
+ list_splice_init(&net->nft.module_list, &module_list);
+ mutex_unlock(&net->nft.commit_mutex);
+ list_for_each_entry_safe(req, next, &module_list, list) {
+- if (req->done) {
+- list_del(&req->list);
+- kfree(req);
+- } else {
+- request_module("%s", req->module);
+- req->done = true;
+- }
++ request_module("%s", req->module);
++ req->done = true;
+ }
+ mutex_lock(&net->nft.commit_mutex);
+ list_splice(&module_list, &net->nft.module_list);
+@@ -8039,6 +8034,7 @@ static void __net_exit nf_tables_exit_ne
+ __nft_release_tables(net);
+ mutex_unlock(&net->nft.commit_mutex);
+ WARN_ON_ONCE(!list_empty(&net->nft.tables));
++ WARN_ON_ONCE(!list_empty(&net->nft.module_list));
+ }
+
+ static struct pernet_operations nf_tables_net_ops = {
--- /dev/null
+From bb71f846a0002239f7058c84f1496648ff4a5c20 Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 25 Feb 2020 10:05:59 +0300
+Subject: netfilter: synproxy: synproxy_cpu_seq_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit bb71f846a0002239f7058c84f1496648ff4a5c20 upstream.
+
+If .next function does not change position index,
+following .show function will repeat output related
+to current position index.
+
+Cc: stable@vger.kernel.org
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_synproxy_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_synproxy_core.c
++++ b/net/netfilter/nf_synproxy_core.c
+@@ -267,7 +267,7 @@ static void *synproxy_cpu_seq_next(struc
+ *pos = cpu + 1;
+ return per_cpu_ptr(snet->stats, cpu);
+ }
+-
++ (*pos)++;
+ return NULL;
+ }
+
--- /dev/null
+From ee84f19cbbe9cf7cba2958acb03163fed3ecbb0f Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 25 Feb 2020 10:07:12 +0300
+Subject: netfilter: x_tables: xt_mttg_seq_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit ee84f19cbbe9cf7cba2958acb03163fed3ecbb0f upstream.
+
+If .next function does not change position index,
+following .show function will repeat output related
+to current position index.
+
+Without patch:
+ # dd if=/proc/net/ip_tables_matches # original file output
+ conntrack
+ conntrack
+ conntrack
+ recent
+ recent
+ icmp
+ udplite
+ udp
+ tcp
+ 0+1 records in
+ 0+1 records out
+ 65 bytes copied, 5.4074e-05 s, 1.2 MB/s
+
+ # dd if=/proc/net/ip_tables_matches bs=62 skip=1
+ dd: /proc/net/ip_tables_matches: cannot skip to specified offset
+ cp <<< end of last line
+ tcp <<< and then unexpected whole last line once again
+ 0+1 records in
+ 0+1 records out
+ 7 bytes copied, 0.000102447 s, 68.3 kB/s
+
+Cc: stable@vger.kernel.org
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/x_tables.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/x_tables.c
++++ b/net/netfilter/x_tables.c
+@@ -1551,6 +1551,9 @@ static void *xt_mttg_seq_next(struct seq
+ uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file));
+ struct nf_mttg_trav *trav = seq->private;
+
++ if (ppos != NULL)
++ ++(*ppos);
++
+ switch (trav->class) {
+ case MTTG_TRAV_INIT:
+ trav->class = MTTG_TRAV_NFP_UNSPEC;
+@@ -1576,9 +1579,6 @@ static void *xt_mttg_seq_next(struct seq
+ default:
+ return NULL;
+ }
+-
+- if (ppos != NULL)
+- ++*ppos;
+ return trav;
+ }
+
--- /dev/null
+From db25517a550926f609c63054b12ea9ad515e1a10 Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 25 Feb 2020 10:06:29 +0300
+Subject: netfilter: xt_recent: recent_seq_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit db25517a550926f609c63054b12ea9ad515e1a10 upstream.
+
+If .next function does not change position index,
+following .show function will repeat output related
+to current position index.
+
+Without the patch:
+ # dd if=/proc/net/xt_recent/SSH # original file outpt
+ src=127.0.0.4 ttl: 0 last_seen: 6275444819 oldest_pkt: 1 6275444819
+ src=127.0.0.2 ttl: 0 last_seen: 6275438906 oldest_pkt: 1 6275438906
+ src=127.0.0.3 ttl: 0 last_seen: 6275441953 oldest_pkt: 1 6275441953
+ 0+1 records in
+ 0+1 records out
+ 204 bytes copied, 6.1332e-05 s, 3.3 MB/s
+
+Read after lseek into middle of last line (offset 140 in example below)
+generates expected end of last line and then unexpected whole last line
+once again
+
+ # dd if=/proc/net/xt_recent/SSH bs=140 skip=1
+ dd: /proc/net/xt_recent/SSH: cannot skip to specified offset
+ 127.0.0.3 ttl: 0 last_seen: 6275441953 oldest_pkt: 1 6275441953
+ src=127.0.0.3 ttl: 0 last_seen: 6275441953 oldest_pkt: 1 6275441953
+ 0+1 records in
+ 0+1 records out
+ 132 bytes copied, 6.2487e-05 s, 2.1 MB/s
+
+Cc: stable@vger.kernel.org
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/xt_recent.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/xt_recent.c
++++ b/net/netfilter/xt_recent.c
+@@ -492,12 +492,12 @@ static void *recent_seq_next(struct seq_
+ const struct recent_entry *e = v;
+ const struct list_head *head = e->list.next;
+
++ (*pos)++;
+ while (head == &t->iphash[st->bucket]) {
+ if (++st->bucket >= ip_list_hash_size)
+ return NULL;
+ head = t->iphash[st->bucket].next;
+ }
+- (*pos)++;
+ return list_entry(head, struct recent_entry, list);
+ }
+
net-dsa-don-t-instantiate-phylink-for-cpu-dsa-ports-unless-needed.patch
net-dsa-mv88e6xxx-add-missing-mask-of-atu-occupancy-register.patch
net-phy-avoid-multiple-suspends.patch
+cgroup-fix-psi_show-crash-on-32bit-ino-archs.patch
+cgroup-cgroup_procs_next-should-increase-position-index.patch
+cgroup-iterate-tasks-that-did-not-finish-do_exit.patch
+netfilter-nf_tables-fix-infinite-loop-when-expr-is-not-available.patch
+iwlwifi-mvm-do-not-require-phy_sku-nvm-section-for-3168-devices.patch
+virtio-blk-fix-hw_queue-stopped-on-arbitrary-error.patch
+iommu-vt-d-quirk_ioat_snb_local_iommu-replace-warn_taint-with-pr_warn-add_taint.patch
+netfilter-nf_conntrack-ct_cpu_seq_next-should-increase-position-index.patch
+netfilter-synproxy-synproxy_cpu_seq_next-should-increase-position-index.patch
+netfilter-xt_recent-recent_seq_next-should-increase-position-index.patch
+netfilter-x_tables-xt_mttg_seq_next-should-increase-position-index.patch
--- /dev/null
+From f5f6b95c72f7f8bb46eace8c5306c752d0133daa Mon Sep 17 00:00:00 2001
+From: Halil Pasic <pasic@linux.ibm.com>
+Date: Thu, 13 Feb 2020 13:37:27 +0100
+Subject: virtio-blk: fix hw_queue stopped on arbitrary error
+
+From: Halil Pasic <pasic@linux.ibm.com>
+
+commit f5f6b95c72f7f8bb46eace8c5306c752d0133daa upstream.
+
+Since nobody else is going to restart our hw_queue for us, the
+blk_mq_start_stopped_hw_queues() is in virtblk_done() is not sufficient
+necessarily sufficient to ensure that the queue will get started again.
+In case of global resource outage (-ENOMEM because mapping failure,
+because of swiotlb full) our virtqueue may be empty and we can get
+stuck with a stopped hw_queue.
+
+Let us not stop the queue on arbitrary errors, but only on -EONSPC which
+indicates a full virtqueue, where the hw_queue is guaranteed to get
+started by virtblk_done() before when it makes sense to carry on
+submitting requests. Let us also remove a stale comment.
+
+Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
+Cc: Jens Axboe <axboe@kernel.dk>
+Fixes: f7728002c1c7 ("virtio_ring: fix return code on DMA mapping fails")
+Link: https://lore.kernel.org/r/20200213123728.61216-2-pasic@linux.ibm.com
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/virtio_blk.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/block/virtio_blk.c
++++ b/drivers/block/virtio_blk.c
+@@ -339,10 +339,12 @@ static blk_status_t virtio_queue_rq(stru
+ err = virtblk_add_req(vblk->vqs[qid].vq, vbr, vbr->sg, num);
+ if (err) {
+ virtqueue_kick(vblk->vqs[qid].vq);
+- blk_mq_stop_hw_queue(hctx);
++ /* Don't stop the queue if -ENOMEM: we may have failed to
++ * bounce the buffer due to global resource outage.
++ */
++ if (err == -ENOSPC)
++ blk_mq_stop_hw_queue(hctx);
+ spin_unlock_irqrestore(&vblk->vqs[qid].lock, flags);
+- /* Out of mem doesn't actually happen, since we fall back
+- * to direct descriptors */
+ if (err == -ENOMEM || err == -ENOSPC)
+ return BLK_STS_DEV_RESOURCE;
+ return BLK_STS_IOERR;
projects / thirdparty / kernel / stable-queue.git / commitdiff
