--- /dev/null
+From e406f12dde1a8375d77ea02d91f313fb1a9c6aec Mon Sep 17 00:00:00 2001
+From: Aditya Pakki <pakki001@umn.edu>
+Date: Mon, 4 Mar 2019 16:48:54 -0600
+Subject: md: Fix failed allocation of md_register_thread
+
+From: Aditya Pakki <pakki001@umn.edu>
+
+commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec upstream.
+
+mddev->sync_thread can be set to NULL on kzalloc failure downstream.
+The patch checks for such a scenario and frees allocated resources.
+
+Committer node:
+
+Added similar fix to raid5.c, as suggested by Guoqing.
+
+Cc: stable@vger.kernel.org # v3.16+
+Acked-by: Guoqing Jiang <gqjiang@suse.com>
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid10.c | 2 ++
+ drivers/md/raid5.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/md/raid10.c
++++ b/drivers/md/raid10.c
+@@ -3755,6 +3755,8 @@ static int run(struct mddev *mddev)
+ set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
+ mddev->sync_thread = md_register_thread(md_do_sync, mddev,
+ "reshape");
++ if (!mddev->sync_thread)
++ goto out_free_conf;
+ }
+
+ return 0;
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -6973,6 +6973,8 @@ static int run(struct mddev *mddev)
+ set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
+ mddev->sync_thread = md_register_thread(md_do_sync, mddev,
+ "reshape");
++ if (!mddev->sync_thread)
++ goto abort;
+ }
+
+ /* Ok, everything is just fine now */
--- /dev/null
+From 8127d82705998568b52ac724e28e00941538083d Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 15 Feb 2019 16:08:25 -0500
+Subject: NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 8127d82705998568b52ac724e28e00941538083d upstream.
+
+If the I/O completion failed with a fatal error, then we should just
+exit nfs_pageio_complete_mirror() rather than try to recoalesce.
+
+Fixes: a7d42ddb3099 ("nfs: add mirroring support to pgio layer")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org # v4.0+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/pagelist.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1202,7 +1202,7 @@ static void nfs_pageio_complete_mirror(s
+ desc->pg_mirror_idx = mirror_idx;
+ for (;;) {
+ nfs_pageio_doio(desc);
+- if (!mirror->pg_recoalesce)
++ if (desc->pg_error < 0 || !mirror->pg_recoalesce)
+ break;
+ if (!nfs_do_recoalesce(desc))
+ break;
--- /dev/null
+From 4d91969ed4dbcefd0e78f77494f0cb8fada9048a Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 15 Feb 2019 14:59:52 -0500
+Subject: NFS: Fix an I/O request leakage in nfs_do_recoalesce
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 4d91969ed4dbcefd0e78f77494f0cb8fada9048a upstream.
+
+Whether we need to exit early, or just reprocess the list, we
+must not lost track of the request which failed to get recoalesced.
+
+Fixes: 03d5eb65b538 ("NFS: Fix a memory leak in nfs_do_recoalesce")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org # v4.0+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/pagelist.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1107,7 +1107,6 @@ static int nfs_do_recoalesce(struct nfs_
+ struct nfs_page *req;
+
+ req = list_first_entry(&head, struct nfs_page, wb_list);
+- nfs_list_remove_request(req);
+ if (__nfs_pageio_add_request(desc, req))
+ continue;
+ if (desc->pg_error < 0) {
--- /dev/null
+From d600ad1f2bdbf97c4818dcc85b174f72c90c21bd Mon Sep 17 00:00:00 2001
+From: Peng Tao <tao.peng@primarydata.com>
+Date: Fri, 4 Dec 2015 02:57:48 +0800
+Subject: NFS41: pop some layoutget errors to application
+
+From: Peng Tao <tao.peng@primarydata.com>
+
+commit d600ad1f2bdbf97c4818dcc85b174f72c90c21bd upstream.
+
+For ERESTARTSYS/EIO/EROFS/ENOSPC/E2BIG in layoutget, we
+should just bail out instead of hiding the error and
+retrying inband IO.
+
+Change all the call sites to pop the error all the way up.
+
+Signed-off-by: Peng Tao <tao.peng@primarydata.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/direct.c | 15 ++++++++++++++-
+ fs/nfs/filelayout/filelayout.c | 17 +++++++++++++++--
+ fs/nfs/flexfilelayout/flexfilelayout.c | 25 ++++++++++++++++++++++---
+ fs/nfs/pagelist.c | 9 ++++++++-
+ fs/nfs/pnfs.c | 24 ++++++++++++++++++------
+ fs/nfs/read.c | 2 +-
+ 6 files changed, 78 insertions(+), 14 deletions(-)
+
+--- a/fs/nfs/direct.c
++++ b/fs/nfs/direct.c
+@@ -670,6 +670,10 @@ static void nfs_direct_write_reschedule(
+
+ req = nfs_list_entry(reqs.next);
+ nfs_direct_setup_mirroring(dreq, &desc, req);
++ if (desc.pg_error < 0) {
++ list_splice_init(&reqs, &failed);
++ goto out_failed;
++ }
+
+ list_for_each_entry_safe(req, tmp, &reqs, wb_list) {
+ if (!nfs_pageio_add_request(&desc, req)) {
+@@ -677,13 +681,17 @@ static void nfs_direct_write_reschedule(
+ nfs_list_add_request(req, &failed);
+ spin_lock(cinfo.lock);
+ dreq->flags = 0;
+- dreq->error = -EIO;
++ if (desc.pg_error < 0)
++ dreq->error = desc.pg_error;
++ else
++ dreq->error = -EIO;
+ spin_unlock(cinfo.lock);
+ }
+ nfs_release_request(req);
+ }
+ nfs_pageio_complete(&desc);
+
++out_failed:
+ while (!list_empty(&failed)) {
+ req = nfs_list_entry(failed.next);
+ nfs_list_remove_request(req);
+@@ -898,6 +906,11 @@ static ssize_t nfs_direct_write_schedule
+ }
+
+ nfs_direct_setup_mirroring(dreq, &desc, req);
++ if (desc.pg_error < 0) {
++ nfs_free_request(req);
++ result = desc.pg_error;
++ break;
++ }
+
+ nfs_lock_request(req);
+ req->wb_index = pos >> PAGE_SHIFT;
+--- a/fs/nfs/filelayout/filelayout.c
++++ b/fs/nfs/filelayout/filelayout.c
+@@ -882,13 +882,19 @@ static void
+ filelayout_pg_init_read(struct nfs_pageio_descriptor *pgio,
+ struct nfs_page *req)
+ {
+- if (!pgio->pg_lseg)
++ if (!pgio->pg_lseg) {
+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+ req->wb_context,
+ 0,
+ NFS4_MAX_UINT64,
+ IOMODE_READ,
+ GFP_KERNEL);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ return;
++ }
++ }
+ /* If no lseg, fall back to read through mds */
+ if (pgio->pg_lseg == NULL)
+ nfs_pageio_reset_read_mds(pgio);
+@@ -901,13 +907,20 @@ filelayout_pg_init_write(struct nfs_page
+ struct nfs_commit_info cinfo;
+ int status;
+
+- if (!pgio->pg_lseg)
++ if (!pgio->pg_lseg) {
+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+ req->wb_context,
+ 0,
+ NFS4_MAX_UINT64,
+ IOMODE_RW,
+ GFP_NOFS);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ return;
++ }
++ }
++
+ /* If no lseg, fall back to write through mds */
+ if (pgio->pg_lseg == NULL)
+ goto out_mds;
+--- a/fs/nfs/flexfilelayout/flexfilelayout.c
++++ b/fs/nfs/flexfilelayout/flexfilelayout.c
+@@ -786,13 +786,19 @@ ff_layout_pg_init_read(struct nfs_pageio
+ int ds_idx;
+
+ /* Use full layout for now */
+- if (!pgio->pg_lseg)
++ if (!pgio->pg_lseg) {
+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+ req->wb_context,
+ 0,
+ NFS4_MAX_UINT64,
+ IOMODE_READ,
+ GFP_KERNEL);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ return;
++ }
++ }
+ /* If no lseg, fall back to read through mds */
+ if (pgio->pg_lseg == NULL)
+ goto out_mds;
+@@ -826,13 +832,19 @@ ff_layout_pg_init_write(struct nfs_pagei
+ int i;
+ int status;
+
+- if (!pgio->pg_lseg)
++ if (!pgio->pg_lseg) {
+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+ req->wb_context,
+ 0,
+ NFS4_MAX_UINT64,
+ IOMODE_RW,
+ GFP_NOFS);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ return;
++ }
++ }
+ /* If no lseg, fall back to write through mds */
+ if (pgio->pg_lseg == NULL)
+ goto out_mds;
+@@ -868,18 +880,25 @@ static unsigned int
+ ff_layout_pg_get_mirror_count_write(struct nfs_pageio_descriptor *pgio,
+ struct nfs_page *req)
+ {
+- if (!pgio->pg_lseg)
++ if (!pgio->pg_lseg) {
+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+ req->wb_context,
+ 0,
+ NFS4_MAX_UINT64,
+ IOMODE_RW,
+ GFP_NOFS);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ goto out;
++ }
++ }
+ if (pgio->pg_lseg)
+ return FF_LAYOUT_MIRROR_COUNT(pgio->pg_lseg);
+
+ /* no lseg means that pnfs is not in use, so no mirroring here */
+ nfs_pageio_reset_write_mds(pgio);
++out:
+ return 1;
+ }
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -872,6 +872,9 @@ static int nfs_pageio_setup_mirroring(st
+
+ mirror_count = pgio->pg_ops->pg_get_mirror_count(pgio, req);
+
++ if (pgio->pg_error < 0)
++ return pgio->pg_error;
++
+ if (!mirror_count || mirror_count > NFS_PAGEIO_DESCRIPTOR_MIRROR_MAX)
+ return -EINVAL;
+
+@@ -980,6 +983,8 @@ static int nfs_pageio_do_add_request(str
+ } else {
+ if (desc->pg_ops->pg_init)
+ desc->pg_ops->pg_init(desc, req);
++ if (desc->pg_error < 0)
++ return 0;
+ mirror->pg_base = req->wb_pgbase;
+ }
+ if (!nfs_can_coalesce_requests(prev, req, desc))
+@@ -1145,6 +1150,8 @@ int nfs_pageio_add_request(struct nfs_pa
+ bytes = req->wb_bytes;
+
+ nfs_pageio_setup_mirroring(desc, req);
++ if (desc->pg_error < 0)
++ return 0;
+
+ for (midx = 0; midx < desc->pg_mirror_count; midx++) {
+ if (midx) {
+@@ -1230,7 +1237,7 @@ int nfs_pageio_resend(struct nfs_pageio_
+ nfs_pageio_complete(desc);
+ if (!list_empty(&failed)) {
+ list_move(&failed, &hdr->pages);
+- return -EIO;
++ return desc->pg_error < 0 ? desc->pg_error : -EIO;
+ }
+ return 0;
+ }
+--- a/fs/nfs/pnfs.c
++++ b/fs/nfs/pnfs.c
+@@ -909,14 +909,15 @@ send_layoutget(struct pnfs_layout_hdr *l
+
+ if (IS_ERR(lseg)) {
+ switch (PTR_ERR(lseg)) {
+- case -ENOMEM:
+ case -ERESTARTSYS:
++ case -EIO:
++ case -ENOSPC:
++ case -EROFS:
++ case -E2BIG:
+ break;
+ default:
+- /* remember that LAYOUTGET failed and suspend trying */
+- pnfs_layout_io_set_failed(lo, range->iomode);
++ return NULL;
+ }
+- return NULL;
+ } else
+ pnfs_layout_clear_fail_bit(lo,
+ pnfs_iomode_to_fail_bit(range->iomode));
+@@ -1625,7 +1626,7 @@ out:
+ "(%s, offset: %llu, length: %llu)\n",
+ __func__, ino->i_sb->s_id,
+ (unsigned long long)NFS_FILEID(ino),
+- lseg == NULL ? "not found" : "found",
++ IS_ERR_OR_NULL(lseg) ? "not found" : "found",
+ iomode==IOMODE_RW ? "read/write" : "read-only",
+ (unsigned long long)pos,
+ (unsigned long long)count);
+@@ -1804,6 +1805,11 @@ pnfs_generic_pg_init_read(struct nfs_pag
+ rd_size,
+ IOMODE_READ,
+ GFP_KERNEL);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ return;
++ }
+ }
+ /* If no lseg, fall back to read through mds */
+ if (pgio->pg_lseg == NULL)
+@@ -1816,13 +1822,19 @@ void
+ pnfs_generic_pg_init_write(struct nfs_pageio_descriptor *pgio,
+ struct nfs_page *req, u64 wb_size)
+ {
+- if (pgio->pg_lseg == NULL)
++ if (pgio->pg_lseg == NULL) {
+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
+ req->wb_context,
+ req_offset(req),
+ wb_size,
+ IOMODE_RW,
+ GFP_NOFS);
++ if (IS_ERR(pgio->pg_lseg)) {
++ pgio->pg_error = PTR_ERR(pgio->pg_lseg);
++ pgio->pg_lseg = NULL;
++ return;
++ }
++ }
+ /* If no lseg, fall back to write through mds */
+ if (pgio->pg_lseg == NULL)
+ nfs_pageio_reset_write_mds(pgio);
+--- a/fs/nfs/read.c
++++ b/fs/nfs/read.c
+@@ -115,7 +115,7 @@ int nfs_readpage_async(struct nfs_open_c
+ pgm = &pgio.pg_mirrors[0];
+ NFS_I(inode)->read_io += pgm->pg_bytes_written;
+
+- return 0;
++ return pgio.pg_error < 0 ? pgio.pg_error : 0;
+ }
+
+ static void nfs_readpage_release(struct nfs_page *req)
--- /dev/null
+From b602345da6cbb135ba68cf042df8ec9a73da7981 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.com>
+Date: Mon, 4 Mar 2019 14:08:22 +1100
+Subject: nfsd: fix memory corruption caused by readdir
+
+From: NeilBrown <neilb@suse.com>
+
+commit b602345da6cbb135ba68cf042df8ec9a73da7981 upstream.
+
+If the result of an NFSv3 readdir{,plus} request results in the
+"offset" on one entry having to be split across 2 pages, and is sized
+so that the next directory entry doesn't fit in the requested size,
+then memory corruption can happen.
+
+When encode_entry() is called after encoding the last entry that fits,
+it notices that ->offset and ->offset1 are set, and so stores the
+offset value in the two pages as required. It clears ->offset1 but
+*does not* clear ->offset.
+
+Normally this omission doesn't matter as encode_entry_baggage() will
+be called, and will set ->offset to a suitable value (not on a page
+boundary).
+But in the case where cd->buflen < elen and nfserr_toosmall is
+returned, ->offset is not reset.
+
+This means that nfsd3proc_readdirplus will see ->offset with a value 4
+bytes before the end of a page, and ->offset1 set to NULL.
+It will try to write 8bytes to ->offset.
+If we are lucky, the next page will be read-only, and the system will
+ BUG: unable to handle kernel paging request at...
+
+If we are unlucky, some innocent page will have the first 4 bytes
+corrupted.
+
+nfsd3proc_readdir() doesn't even check for ->offset1, it just blindly
+writes 8 bytes to the offset wherever it is.
+
+Fix this by clearing ->offset after it is used, and copying the
+->offset handling code from nfsd3_proc_readdirplus into
+nfsd3_proc_readdir.
+
+(Note that the commit hash in the Fixes tag is from the 'history'
+ tree - this bug predates git).
+
+Fixes: 0b1d57cf7654 ("[PATCH] kNFSd: Fix nfs3 dentry encoding")
+Fixes-URL: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=0b1d57cf7654
+Cc: stable@vger.kernel.org (v2.6.12+)
+Signed-off-by: NeilBrown <neilb@suse.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs3proc.c | 16 ++++++++++++++--
+ fs/nfsd/nfs3xdr.c | 1 +
+ 2 files changed, 15 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs3proc.c
++++ b/fs/nfsd/nfs3proc.c
+@@ -430,8 +430,19 @@ nfsd3_proc_readdir(struct svc_rqst *rqst
+ &resp->common, nfs3svc_encode_entry);
+ memcpy(resp->verf, argp->verf, 8);
+ resp->count = resp->buffer - argp->buffer;
+- if (resp->offset)
+- xdr_encode_hyper(resp->offset, argp->cookie);
++ if (resp->offset) {
++ loff_t offset = argp->cookie;
++
++ if (unlikely(resp->offset1)) {
++ /* we ended up with offset on a page boundary */
++ *resp->offset = htonl(offset >> 32);
++ *resp->offset1 = htonl(offset & 0xffffffff);
++ resp->offset1 = NULL;
++ } else {
++ xdr_encode_hyper(resp->offset, offset);
++ }
++ resp->offset = NULL;
++ }
+
+ RETURN_STATUS(nfserr);
+ }
+@@ -499,6 +510,7 @@ nfsd3_proc_readdirplus(struct svc_rqst *
+ } else {
+ xdr_encode_hyper(resp->offset, offset);
+ }
++ resp->offset = NULL;
+ }
+
+ RETURN_STATUS(nfserr);
+--- a/fs/nfsd/nfs3xdr.c
++++ b/fs/nfsd/nfs3xdr.c
+@@ -898,6 +898,7 @@ encode_entry(struct readdir_cd *ccd, con
+ } else {
+ xdr_encode_hyper(cd->offset, offset64);
+ }
++ cd->offset = NULL;
+ }
+
+ /*
--- /dev/null
+From dd838821f0a29781b185cd8fb8e48d5c177bd838 Mon Sep 17 00:00:00 2001
+From: Yihao Wu <wuyihao@linux.alibaba.com>
+Date: Wed, 6 Mar 2019 21:03:50 +0800
+Subject: nfsd: fix wrong check in write_v4_end_grace()
+
+From: Yihao Wu <wuyihao@linux.alibaba.com>
+
+commit dd838821f0a29781b185cd8fb8e48d5c177bd838 upstream.
+
+Commit 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before
+nfsd startup" is trying to fix a NULL dereference issue, but it
+mistakenly checks if the nfsd server is started. So fix it.
+
+Fixes: 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before nfsd startup"
+Cc: stable@vger.kernel.org
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Signed-off-by: Yihao Wu <wuyihao@linux.alibaba.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfsctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfsctl.c
++++ b/fs/nfsd/nfsctl.c
+@@ -1106,7 +1106,7 @@ static ssize_t write_v4_end_grace(struct
+ case 'Y':
+ case 'y':
+ case '1':
+- if (nn->nfsd_serv)
++ if (!nn->nfsd_serv)
+ return -EBUSY;
+ nfsd4_end_grace(nn);
+ break;
--- /dev/null
+From c3fcadf0bb765faf45d6d562246e1d08885466df Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 6 Feb 2019 12:39:43 +0200
+Subject: perf auxtrace: Define auxtrace record alignment
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit c3fcadf0bb765faf45d6d562246e1d08885466df upstream.
+
+Define auxtrace record alignment so that it can be referenced elsewhere.
+
+Note this is preparation for patch "perf intel-pt: Fix overlap calculation
+for padding"
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20190206103947.15750-2-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/auxtrace.c | 4 ++--
+ tools/perf/util/auxtrace.h | 3 +++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/util/auxtrace.c
++++ b/tools/perf/util/auxtrace.c
+@@ -1226,9 +1226,9 @@ static int __auxtrace_mmap__read(struct
+ }
+
+ /* padding must be written by fn() e.g. record__process_auxtrace() */
+- padding = size & 7;
++ padding = size & (PERF_AUXTRACE_RECORD_ALIGNMENT - 1);
+ if (padding)
+- padding = 8 - padding;
++ padding = PERF_AUXTRACE_RECORD_ALIGNMENT - padding;
+
+ memset(&ev, 0, sizeof(ev));
+ ev.auxtrace.header.type = PERF_RECORD_AUXTRACE;
+--- a/tools/perf/util/auxtrace.h
++++ b/tools/perf/util/auxtrace.h
+@@ -37,6 +37,9 @@ struct record_opts;
+ struct auxtrace_info_event;
+ struct events_stats;
+
++/* Auxtrace records must have the same alignment as perf event records */
++#define PERF_AUXTRACE_RECORD_ALIGNMENT 8
++
+ enum auxtrace_type {
+ PERF_AUXTRACE_UNKNOWN,
+ PERF_AUXTRACE_INTEL_PT,
--- /dev/null
+From 03997612904866abe7cdcc992784ef65cb3a4b81 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 6 Feb 2019 12:39:45 +0200
+Subject: perf intel-pt: Fix CYC timestamp calculation after OVF
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 03997612904866abe7cdcc992784ef65cb3a4b81 upstream.
+
+CYC packet timestamp calculation depends upon CBR which was being
+cleared upon overflow (OVF). That can cause errors due to failing to
+synchronize with sideband events. Even if a CBR change has been lost,
+the old CBR is still a better estimate than zero. So remove the clearing
+of CBR.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20190206103947.15750-4-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1281,7 +1281,6 @@ static int intel_pt_overflow(struct inte
+ {
+ intel_pt_log("ERROR: Buffer overflow\n");
+ intel_pt_clear_tx_flags(decoder);
+- decoder->cbr = 0;
+ decoder->timestamp_insn_cnt = 0;
+ decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC;
+ decoder->overflow = true;
--- /dev/null
+From 5a99d99e3310a565b0cf63f785b347be9ee0da45 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 6 Feb 2019 12:39:44 +0200
+Subject: perf intel-pt: Fix overlap calculation for padding
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 5a99d99e3310a565b0cf63f785b347be9ee0da45 upstream.
+
+Auxtrace records might have up to 7 bytes of padding appended. Adjust
+the overlap accordingly.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20190206103947.15750-3-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 36 ++++++++++++++++++--
+ 1 file changed, 34 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -26,6 +26,7 @@
+
+ #include "../cache.h"
+ #include "../util.h"
++#include "../auxtrace.h"
+
+ #include "intel-pt-insn-decoder.h"
+ #include "intel-pt-pkt-decoder.h"
+@@ -2320,6 +2321,34 @@ static int intel_pt_tsc_cmp(uint64_t tsc
+ }
+ }
+
++#define MAX_PADDING (PERF_AUXTRACE_RECORD_ALIGNMENT - 1)
++
++/**
++ * adj_for_padding - adjust overlap to account for padding.
++ * @buf_b: second buffer
++ * @buf_a: first buffer
++ * @len_a: size of first buffer
++ *
++ * @buf_a might have up to 7 bytes of padding appended. Adjust the overlap
++ * accordingly.
++ *
++ * Return: A pointer into @buf_b from where non-overlapped data starts
++ */
++static unsigned char *adj_for_padding(unsigned char *buf_b,
++ unsigned char *buf_a, size_t len_a)
++{
++ unsigned char *p = buf_b - MAX_PADDING;
++ unsigned char *q = buf_a + len_a - MAX_PADDING;
++ int i;
++
++ for (i = MAX_PADDING; i; i--, p++, q++) {
++ if (*p != *q)
++ break;
++ }
++
++ return p;
++}
++
+ /**
+ * intel_pt_find_overlap_tsc - determine start of non-overlapped trace data
+ * using TSC.
+@@ -2370,8 +2399,11 @@ static unsigned char *intel_pt_find_over
+
+ /* Same TSC, so buffers are consecutive */
+ if (!cmp && rem_b >= rem_a) {
++ unsigned char *start;
++
+ *consecutive = true;
+- return buf_b + len_b - (rem_b - rem_a);
++ start = buf_b + len_b - (rem_b - rem_a);
++ return adj_for_padding(start, buf_a, len_a);
+ }
+ if (cmp < 0)
+ return buf_b; /* tsc_a < tsc_b => no overlap */
+@@ -2434,7 +2466,7 @@ unsigned char *intel_pt_find_overlap(uns
+ found = memmem(buf_a, len_a, buf_b, len_a);
+ if (found) {
+ *consecutive = true;
+- return buf_b + len_a;
++ return adj_for_padding(buf_b + len_a, buf_a, len_a);
+ }
+
+ /* Try again at next PSB in buffer 'a' */
--- /dev/null
+From 1fad17fb1bbcd73159c2b992668a6957ecc5af8a Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Fri, 8 Mar 2019 15:23:11 +0530
+Subject: PM / wakeup: Rework wakeup source timer cancellation
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 1fad17fb1bbcd73159c2b992668a6957ecc5af8a upstream.
+
+If wakeup_source_add() is called right after wakeup_source_remove()
+for the same wakeup source, timer_setup() may be called for a
+potentially scheduled timer which is incorrect.
+
+To avoid that, move the wakeup source timer cancellation from
+wakeup_source_drop() to wakeup_source_remove().
+
+Moreover, make wakeup_source_remove() clear the timer function after
+canceling the timer to let wakeup_source_not_registered() treat
+unregistered wakeup sources in the same way as the ones that have
+never been registered.
+
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Cc: 4.4+ <stable@vger.kernel.org> # 4.4+
+[ rjw: Subject, changelog, merged two patches together ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/power/wakeup.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/base/power/wakeup.c
++++ b/drivers/base/power/wakeup.c
+@@ -113,7 +113,6 @@ void wakeup_source_drop(struct wakeup_so
+ if (!ws)
+ return;
+
+- del_timer_sync(&ws->timer);
+ __pm_relax(ws);
+ }
+ EXPORT_SYMBOL_GPL(wakeup_source_drop);
+@@ -201,6 +200,13 @@ void wakeup_source_remove(struct wakeup_
+ list_del_rcu(&ws->entry);
+ spin_unlock_irqrestore(&events_lock, flags);
+ synchronize_srcu(&wakeup_srcu);
++
++ del_timer_sync(&ws->timer);
++ /*
++ * Clear timer.function to make wakeup_source_not_registered() treat
++ * this wakeup source as not registered.
++ */
++ ws->timer.function = NULL;
+ }
+ EXPORT_SYMBOL_GPL(wakeup_source_remove);
+
powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch
arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch
dm-fix-to_sector-for-32bit.patch
+nfs41-pop-some-layoutget-errors-to-application.patch
+perf-intel-pt-fix-cyc-timestamp-calculation-after-ovf.patch
+perf-auxtrace-define-auxtrace-record-alignment.patch
+perf-intel-pt-fix-overlap-calculation-for-padding.patch
+md-fix-failed-allocation-of-md_register_thread.patch
+nfs-fix-an-i-o-request-leakage-in-nfs_do_recoalesce.patch
+nfs-don-t-recoalesce-on-error-in-nfs_pageio_complete_mirror.patch
+nfsd-fix-memory-corruption-caused-by-readdir.patch
+nfsd-fix-wrong-check-in-write_v4_end_grace.patch
+pm-wakeup-rework-wakeup-source-timer-cancellation.patch