--- /dev/null
+From d1f0301b3333eef5efbfa1fe0f0edbea01863d5d Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 3 Aug 2018 14:44:59 +0200
+Subject: genirq: Make force irq threading setup more robust
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit d1f0301b3333eef5efbfa1fe0f0edbea01863d5d upstream.
+
+The support of force threading interrupts which are set up with both a
+primary and a threaded handler wreckaged the setup of regular requested
+threaded interrupts (primary handler == NULL).
+
+The reason is that it does not check whether the primary handler is set to
+the default handler which wakes the handler thread. Instead it replaces the
+thread handler with the primary handler as it would do with force threaded
+interrupts which have been requested via request_irq(). So both the primary
+and the thread handler become the same which then triggers the warnon that
+the thread handler tries to wakeup a not configured secondary thread.
+
+Fortunately this only happens when the driver omits the IRQF_ONESHOT flag
+when requesting the threaded interrupt, which is normaly caught by the
+sanity checks when force irq threading is disabled.
+
+Fix it by skipping the force threading setup when a regular threaded
+interrupt is requested. As a consequence the interrupt request which lacks
+the IRQ_ONESHOT flag is rejected correctly instead of silently wreckaging
+it.
+
+Fixes: 2a1d3ab8986d ("genirq: Handle force threading of irqs with primary and thread handler")
+Reported-by: Kurt Kanzenbach <kurt.kanzenbach@linutronix.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Kurt Kanzenbach <kurt.kanzenbach@linutronix.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/manage.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/kernel/irq/manage.c
++++ b/kernel/irq/manage.c
+@@ -1012,6 +1012,13 @@ static int irq_setup_forced_threading(st
+ if (new->flags & (IRQF_NO_THREAD | IRQF_PERCPU | IRQF_ONESHOT))
+ return 0;
+
++ /*
++ * No further action required for interrupts which are requested as
++ * threaded interrupts already
++ */
++ if (new->handler == irq_default_primary_handler)
++ return 0;
++
+ new->flags |= IRQF_ONESHOT;
+
+ /*
+@@ -1019,7 +1026,7 @@ static int irq_setup_forced_threading(st
+ * thread handler. We force thread them as well by creating a
+ * secondary action.
+ */
+- if (new->handler != irq_default_primary_handler && new->thread_fn) {
++ if (new->handler && new->thread_fn) {
+ /* Allocate the secondary action */
+ new->secondary = kzalloc(sizeof(struct irqaction), GFP_KERNEL);
+ if (!new->secondary)
--- /dev/null
+From foo@baz Fri Aug 3 21:25:07 CEST 2018
+From: Dmitry Safonov <dima@arista.com>
+Date: Fri, 27 Jul 2018 16:54:44 +0100
+Subject: netlink: Do not subscribe to non-existent groups
+
+From: Dmitry Safonov <dima@arista.com>
+
+[ Upstream commit 7acf9d4237c46894e0fa0492dd96314a41742e84 ]
+
+Make ABI more strict about subscribing to group > ngroups.
+Code doesn't check for that and it looks bogus.
+(one can subscribe to non-existing group)
+Still, it's possible to bind() to all possible groups with (-1)
+
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: netdev@vger.kernel.org
+Signed-off-by: Dmitry Safonov <dima@arista.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netlink/af_netlink.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -985,6 +985,7 @@ static int netlink_bind(struct socket *s
+ if (err)
+ return err;
+ }
++ groups &= (1UL << nlk->ngroups) - 1;
+
+ bound = nlk->bound;
+ if (bound) {
--- /dev/null
+From 91874ecf32e41b5d86a4cb9d60e0bee50d828058 Mon Sep 17 00:00:00 2001
+From: Dmitry Safonov <dima@arista.com>
+Date: Sun, 5 Aug 2018 01:35:53 +0100
+Subject: netlink: Don't shift on 64 for ngroups
+
+From: Dmitry Safonov <dima@arista.com>
+
+commit 91874ecf32e41b5d86a4cb9d60e0bee50d828058 upstream.
+
+It's legal to have 64 groups for netlink_sock.
+
+As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe
+only to first 32 groups.
+
+The check for correctness of .bind() userspace supplied parameter
+is done by applying mask made from ngroups shift. Which broke Android
+as they have 64 groups and the shift for mask resulted in an overflow.
+
+Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups")
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: netdev@vger.kernel.org
+Cc: stable@vger.kernel.org
+Reported-and-Tested-by: Nathan Chancellor <natechancellor@gmail.com>
+Signed-off-by: Dmitry Safonov <dima@arista.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netlink/af_netlink.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -988,8 +988,8 @@ static int netlink_bind(struct socket *s
+
+ if (nlk->ngroups == 0)
+ groups = 0;
+- else
+- groups &= (1ULL << nlk->ngroups) - 1;
++ else if (nlk->ngroups < 8*sizeof(groups))
++ groups &= (1UL << nlk->ngroups) - 1;
+
+ bound = nlk->bound;
+ if (bound) {
--- /dev/null
+From foo@baz Fri Aug 3 21:25:07 CEST 2018
+From: Dmitry Safonov <dima@arista.com>
+Date: Mon, 30 Jul 2018 18:32:36 +0100
+Subject: netlink: Don't shift with UB on nlk->ngroups
+
+From: Dmitry Safonov <dima@arista.com>
+
+[ Upstream commit 61f4b23769f0cc72ae62c9a81cf08f0397d40da8 ]
+
+On i386 nlk->ngroups might be 32 or 0. Which leads to UB, resulting in
+hang during boot.
+Check for 0 ngroups and use (unsigned long long) as a type to shift.
+
+Fixes: 7acf9d4237c4 ("netlink: Do not subscribe to non-existent groups").
+Reported-by: kernel test robot <rong.a.chen@intel.com>
+Signed-off-by: Dmitry Safonov <dima@arista.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netlink/af_netlink.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -985,7 +985,11 @@ static int netlink_bind(struct socket *s
+ if (err)
+ return err;
+ }
+- groups &= (1UL << nlk->ngroups) - 1;
++
++ if (nlk->ngroups == 0)
++ groups = 0;
++ else
++ groups &= (1ULL << nlk->ngroups) - 1;
+
+ bound = nlk->bound;
+ if (bound) {
--- /dev/null
+From 80d20d35af1edd632a5e7a3b9c0ab7ceff92769e Mon Sep 17 00:00:00 2001
+From: Anna-Maria Gleixner <anna-maria@linutronix.de>
+Date: Tue, 31 Jul 2018 18:13:58 +0200
+Subject: nohz: Fix local_timer_softirq_pending()
+
+From: Anna-Maria Gleixner <anna-maria@linutronix.de>
+
+commit 80d20d35af1edd632a5e7a3b9c0ab7ceff92769e upstream.
+
+local_timer_softirq_pending() checks whether the timer softirq is
+pending with: local_softirq_pending() & TIMER_SOFTIRQ.
+
+This is wrong because TIMER_SOFTIRQ is the softirq number and not a
+bitmask. So the test checks for the wrong bit.
+
+Use BIT(TIMER_SOFTIRQ) instead.
+
+Fixes: 5d62c183f9e9 ("nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()")
+Signed-off-by: Anna-Maria Gleixner <anna-maria@linutronix.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Reviewed-by: Daniel Bristot de Oliveira <bristot@redhat.com>
+Acked-by: Frederic Weisbecker <frederic@kernel.org>
+Cc: bigeasy@linutronix.de
+Cc: peterz@infradead.org
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20180731161358.29472-1-anna-maria@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/tick-sched.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/time/tick-sched.c
++++ b/kernel/time/tick-sched.c
+@@ -570,7 +570,7 @@ static void tick_nohz_restart(struct tic
+
+ static inline bool local_timer_softirq_pending(void)
+ {
+- return local_softirq_pending() & TIMER_SOFTIRQ;
++ return local_softirq_pending() & BIT(TIMER_SOFTIRQ);
+ }
+
+ static ktime_t tick_nohz_stop_sched_tick(struct tick_sched *ts,
--- /dev/null
+From b08abbd9f5996309f021684f9ca74da30dcca36a Mon Sep 17 00:00:00 2001
+From: Quinn Tran <quinn.tran@cavium.com>
+Date: Wed, 18 Jul 2018 14:29:54 -0700
+Subject: scsi: qla2xxx: Fix ISP recovery on unload
+
+From: Quinn Tran <quinn.tran@cavium.com>
+
+commit b08abbd9f5996309f021684f9ca74da30dcca36a upstream.
+
+During unload process, the chip can encounter problem where a FW dump would
+be captured. For this case, the full reset sequence will be skip to bring
+the chip back to full operational state.
+
+Fixes: e315cd28b9ef ("[SCSI] qla2xxx: Code changes for qla data structure refactoring")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_os.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -4938,8 +4938,9 @@ qla2x00_do_dpc(void *data)
+ }
+ }
+
+- if (test_and_clear_bit(ISP_ABORT_NEEDED,
+- &base_vha->dpc_flags)) {
++ if (test_and_clear_bit
++ (ISP_ABORT_NEEDED, &base_vha->dpc_flags) &&
++ !test_bit(UNLOADING, &base_vha->dpc_flags)) {
+
+ ql_dbg(ql_dbg_dpc, base_vha, 0x4007,
+ "ISP abort scheduled.\n");
--- /dev/null
+From b4146c4929ef61d5afca011474d59d0918a0cd82 Mon Sep 17 00:00:00 2001
+From: Anil Gurumurthy <anil.gurumurthy@cavium.com>
+Date: Wed, 18 Jul 2018 14:29:55 -0700
+Subject: scsi: qla2xxx: Return error when TMF returns
+
+From: Anil Gurumurthy <anil.gurumurthy@cavium.com>
+
+commit b4146c4929ef61d5afca011474d59d0918a0cd82 upstream.
+
+Propagate the task management completion status properly to avoid
+unnecessary waits for commands to complete.
+
+Fixes: faef62d13463 ("[SCSI] qla2xxx: Fix Task Management command asynchronous handling")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Anil Gurumurthy <anil.gurumurthy@cavium.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_init.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -325,11 +325,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport,
+
+ wait_for_completion(&tm_iocb->u.tmf.comp);
+
+- rval = tm_iocb->u.tmf.comp_status == CS_COMPLETE ?
+- QLA_SUCCESS : QLA_FUNCTION_FAILED;
++ rval = tm_iocb->u.tmf.data;
+
+- if ((rval != QLA_SUCCESS) || tm_iocb->u.tmf.data) {
+- ql_dbg(ql_dbg_taskm, vha, 0x8030,
++ if (rval != QLA_SUCCESS) {
++ ql_log(ql_log_warn, vha, 0x8030,
+ "TM IOCB failed (%x).\n", rval);
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
