--- /dev/null
+From e1a00b5b253a4f97216b9a33199a863987075162 Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Tue, 10 Sep 2019 22:51:52 +0900
+Subject: ALSA: firewire-tascam: check intermediate state of clock status and retry
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit e1a00b5b253a4f97216b9a33199a863987075162 upstream.
+
+2 bytes in MSB of register for clock status is zero during intermediate
+state after changing status of sampling clock in models of TASCAM FireWire
+series. The duration of this state differs depending on cases. During the
+state, it's better to retry reading the register for current status of
+the clock.
+
+In current implementation, the intermediate state is checked only when
+getting current sampling transmission frequency, then retry reading.
+This care is required for the other operations to read the register.
+
+This commit moves the codes of check and retry into helper function
+commonly used for operations to read the register.
+
+Fixes: e453df44f0d6 ("ALSA: firewire-tascam: add PCM functionality")
+Cc: <stable@vger.kernel.org> # v4.4+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20190910135152.29800-3-o-takashi@sakamocchi.jp
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/tascam/tascam-stream.c | 42 ++++++++++++++++++++++------------
+ 1 file changed, 28 insertions(+), 14 deletions(-)
+
+--- a/sound/firewire/tascam/tascam-stream.c
++++ b/sound/firewire/tascam/tascam-stream.c
+@@ -9,20 +9,37 @@
+ #include <linux/delay.h>
+ #include "tascam.h"
+
++#define CLOCK_STATUS_MASK 0xffff0000
++#define CLOCK_CONFIG_MASK 0x0000ffff
++
+ #define CALLBACK_TIMEOUT 500
+
+ static int get_clock(struct snd_tscm *tscm, u32 *data)
+ {
++ int trial = 0;
+ __be32 reg;
+ int err;
+
+- err = snd_fw_transaction(tscm->unit, TCODE_READ_QUADLET_REQUEST,
+- TSCM_ADDR_BASE + TSCM_OFFSET_CLOCK_STATUS,
+- ®, sizeof(reg), 0);
+- if (err >= 0)
++ while (trial++ < 5) {
++ err = snd_fw_transaction(tscm->unit, TCODE_READ_QUADLET_REQUEST,
++ TSCM_ADDR_BASE + TSCM_OFFSET_CLOCK_STATUS,
++ ®, sizeof(reg), 0);
++ if (err < 0)
++ return err;
++
+ *data = be32_to_cpu(reg);
++ if (*data & CLOCK_STATUS_MASK)
++ break;
++
++ // In intermediate state after changing clock status.
++ msleep(50);
++ }
+
+- return err;
++ // Still in the intermediate state.
++ if (trial >= 5)
++ return -EAGAIN;
++
++ return 0;
+ }
+
+ static int set_clock(struct snd_tscm *tscm, unsigned int rate,
+@@ -35,7 +52,7 @@ static int set_clock(struct snd_tscm *ts
+ err = get_clock(tscm, &data);
+ if (err < 0)
+ return err;
+- data &= 0x0000ffff;
++ data &= CLOCK_CONFIG_MASK;
+
+ if (rate > 0) {
+ data &= 0x000000ff;
+@@ -80,17 +97,14 @@ static int set_clock(struct snd_tscm *ts
+
+ int snd_tscm_stream_get_rate(struct snd_tscm *tscm, unsigned int *rate)
+ {
+- u32 data = 0x0;
+- unsigned int trials = 0;
++ u32 data;
+ int err;
+
+- while (data == 0x0 || trials++ < 5) {
+- err = get_clock(tscm, &data);
+- if (err < 0)
+- return err;
++ err = get_clock(tscm, &data);
++ if (err < 0)
++ return err;
+
+- data = (data & 0xff000000) >> 24;
+- }
++ data = (data & 0xff000000) >> 24;
+
+ /* Check base rate. */
+ if ((data & 0x0f) == 0x01)
--- /dev/null
+From 2617120f4de6d0423384e0e86b14c78b9de84d5a Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Tue, 10 Sep 2019 22:51:51 +0900
+Subject: ALSA: firewire-tascam: handle error code when getting current source of clock
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 2617120f4de6d0423384e0e86b14c78b9de84d5a upstream.
+
+The return value of snd_tscm_stream_get_clock() is ignored. This commit
+checks the value and handle error.
+
+Fixes: e453df44f0d6 ("ALSA: firewire-tascam: add PCM functionality")
+Cc: <stable@vger.kernel.org> # v4.4+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20190910135152.29800-2-o-takashi@sakamocchi.jp
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/tascam/tascam-pcm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/sound/firewire/tascam/tascam-pcm.c
++++ b/sound/firewire/tascam/tascam-pcm.c
+@@ -57,6 +57,9 @@ static int pcm_open(struct snd_pcm_subst
+ goto err_locked;
+
+ err = snd_tscm_stream_get_clock(tscm, &clock);
++ if (err < 0)
++ goto err_locked;
++
+ if (clock != SND_TSCM_CLOCK_INTERNAL ||
+ amdtp_stream_pcm_running(&tscm->rx_stream) ||
+ amdtp_stream_pcm_running(&tscm->tx_stream)) {
--- /dev/null
+From f8659d68e2bee5b86a1beaf7be42d942e1fc81f4 Mon Sep 17 00:00:00 2001
+From: Ira Weiny <ira.weiny@intel.com>
+Date: Wed, 11 Sep 2019 07:30:53 -0400
+Subject: IB/hfi1: Define variables as unsigned long to fix KASAN warning
+
+From: Ira Weiny <ira.weiny@intel.com>
+
+commit f8659d68e2bee5b86a1beaf7be42d942e1fc81f4 upstream.
+
+Define the working variables to be unsigned long to be compatible with
+for_each_set_bit and change types as needed.
+
+While we are at it remove unused variables from a couple of functions.
+
+This was found because of the following KASAN warning:
+ ==================================================================
+ BUG: KASAN: stack-out-of-bounds in find_first_bit+0x19/0x70
+ Read of size 8 at addr ffff888362d778d0 by task kworker/u308:2/1889
+
+ CPU: 21 PID: 1889 Comm: kworker/u308:2 Tainted: G W 5.3.0-rc2-mm1+ #2
+ Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.02.04.0003.102320141138 10/23/2014
+ Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]
+ Call Trace:
+ dump_stack+0x9a/0xf0
+ ? find_first_bit+0x19/0x70
+ print_address_description+0x6c/0x332
+ ? find_first_bit+0x19/0x70
+ ? find_first_bit+0x19/0x70
+ __kasan_report.cold.6+0x1a/0x3b
+ ? find_first_bit+0x19/0x70
+ kasan_report+0xe/0x12
+ find_first_bit+0x19/0x70
+ pma_get_opa_portstatus+0x5cc/0xa80 [hfi1]
+ ? ret_from_fork+0x3a/0x50
+ ? pma_get_opa_port_ectrs+0x200/0x200 [hfi1]
+ ? stack_trace_consume_entry+0x80/0x80
+ hfi1_process_mad+0x39b/0x26c0 [hfi1]
+ ? __lock_acquire+0x65e/0x21b0
+ ? clear_linkup_counters+0xb0/0xb0 [hfi1]
+ ? check_chain_key+0x1d7/0x2e0
+ ? lock_downgrade+0x3a0/0x3a0
+ ? match_held_lock+0x2e/0x250
+ ib_mad_recv_done+0x698/0x15e0 [ib_core]
+ ? clear_linkup_counters+0xb0/0xb0 [hfi1]
+ ? ib_mad_send_done+0xc80/0xc80 [ib_core]
+ ? mark_held_locks+0x79/0xa0
+ ? _raw_spin_unlock_irqrestore+0x44/0x60
+ ? rvt_poll_cq+0x1e1/0x340 [rdmavt]
+ __ib_process_cq+0x97/0x100 [ib_core]
+ ib_cq_poll_work+0x31/0xb0 [ib_core]
+ process_one_work+0x4ee/0xa00
+ ? pwq_dec_nr_in_flight+0x110/0x110
+ ? do_raw_spin_lock+0x113/0x1d0
+ worker_thread+0x57/0x5a0
+ ? process_one_work+0xa00/0xa00
+ kthread+0x1bb/0x1e0
+ ? kthread_create_on_node+0xc0/0xc0
+ ret_from_fork+0x3a/0x50
+
+ The buggy address belongs to the page:
+ page:ffffea000d8b5dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
+ flags: 0x17ffffc0000000()
+ raw: 0017ffffc0000000 0000000000000000 ffffea000d8b5dc8 0000000000000000
+ raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
+ page dumped because: kasan: bad access detected
+
+ addr ffff888362d778d0 is located in stack of task kworker/u308:2/1889 at offset 32 in frame:
+ pma_get_opa_portstatus+0x0/0xa80 [hfi1]
+
+ this frame has 1 object:
+ [32, 36) 'vl_select_mask'
+
+ Memory state around the buggy address:
+ ffff888362d77780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffff888362d77800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ >ffff888362d77880: 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 00 00
+ ^
+ ffff888362d77900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffff888362d77980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2
+
+ ==================================================================
+
+Cc: <stable@vger.kernel.org>
+Fixes: 7724105686e7 ("IB/hfi1: add driver files")
+Link: https://lore.kernel.org/r/20190911113053.126040.47327.stgit@awfm-01.aw.intel.com
+Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
+Signed-off-by: Ira Weiny <ira.weiny@intel.com>
+Signed-off-by: Kaike Wan <kaike.wan@intel.com>
+Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/hfi1/mad.c | 45 ++++++++++++++++-----------------------
+ 1 file changed, 19 insertions(+), 26 deletions(-)
+
+--- a/drivers/infiniband/hw/hfi1/mad.c
++++ b/drivers/infiniband/hw/hfi1/mad.c
+@@ -2326,7 +2326,7 @@ struct opa_port_status_req {
+ __be32 vl_select_mask;
+ };
+
+-#define VL_MASK_ALL 0x000080ff
++#define VL_MASK_ALL 0x00000000000080ffUL
+
+ struct opa_port_status_rsp {
+ __u8 port_num;
+@@ -2625,15 +2625,14 @@ static int pma_get_opa_classportinfo(str
+ }
+
+ static void a0_portstatus(struct hfi1_pportdata *ppd,
+- struct opa_port_status_rsp *rsp, u32 vl_select_mask)
++ struct opa_port_status_rsp *rsp)
+ {
+ if (!is_bx(ppd->dd)) {
+ unsigned long vl;
+ u64 sum_vl_xmit_wait = 0;
+- u32 vl_all_mask = VL_MASK_ALL;
++ unsigned long vl_all_mask = VL_MASK_ALL;
+
+- for_each_set_bit(vl, (unsigned long *)&(vl_all_mask),
+- 8 * sizeof(vl_all_mask)) {
++ for_each_set_bit(vl, &vl_all_mask, BITS_PER_LONG) {
+ u64 tmp = sum_vl_xmit_wait +
+ read_port_cntr(ppd, C_TX_WAIT_VL,
+ idx_from_vl(vl));
+@@ -2730,12 +2729,12 @@ static int pma_get_opa_portstatus(struct
+ (struct opa_port_status_req *)pmp->data;
+ struct hfi1_devdata *dd = dd_from_ibdev(ibdev);
+ struct opa_port_status_rsp *rsp;
+- u32 vl_select_mask = be32_to_cpu(req->vl_select_mask);
++ unsigned long vl_select_mask = be32_to_cpu(req->vl_select_mask);
+ unsigned long vl;
+ size_t response_data_size;
+ u32 nports = be32_to_cpu(pmp->mad_hdr.attr_mod) >> 24;
+ u8 port_num = req->port_num;
+- u8 num_vls = hweight32(vl_select_mask);
++ u8 num_vls = hweight64(vl_select_mask);
+ struct _vls_pctrs *vlinfo;
+ struct hfi1_ibport *ibp = to_iport(ibdev, port);
+ struct hfi1_pportdata *ppd = ppd_from_ibp(ibp);
+@@ -2771,7 +2770,7 @@ static int pma_get_opa_portstatus(struct
+
+ hfi1_read_link_quality(dd, &rsp->link_quality_indicator);
+
+- rsp->vl_select_mask = cpu_to_be32(vl_select_mask);
++ rsp->vl_select_mask = cpu_to_be32((u32)vl_select_mask);
+ rsp->port_xmit_data = cpu_to_be64(read_dev_cntr(dd, C_DC_XMIT_FLITS,
+ CNTR_INVALID_VL));
+ rsp->port_rcv_data = cpu_to_be64(read_dev_cntr(dd, C_DC_RCV_FLITS,
+@@ -2842,8 +2841,7 @@ static int pma_get_opa_portstatus(struct
+ * So in the for_each_set_bit() loop below, we don't need
+ * any additional checks for vl.
+ */
+- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
+- 8 * sizeof(vl_select_mask)) {
++ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
+ memset(vlinfo, 0, sizeof(*vlinfo));
+
+ tmp = read_dev_cntr(dd, C_DC_RX_FLIT_VL, idx_from_vl(vl));
+@@ -2884,7 +2882,7 @@ static int pma_get_opa_portstatus(struct
+ vfi++;
+ }
+
+- a0_portstatus(ppd, rsp, vl_select_mask);
++ a0_portstatus(ppd, rsp);
+
+ if (resp_len)
+ *resp_len += response_data_size;
+@@ -2931,16 +2929,14 @@ static u64 get_error_counter_summary(str
+ return error_counter_summary;
+ }
+
+-static void a0_datacounters(struct hfi1_pportdata *ppd, struct _port_dctrs *rsp,
+- u32 vl_select_mask)
++static void a0_datacounters(struct hfi1_pportdata *ppd, struct _port_dctrs *rsp)
+ {
+ if (!is_bx(ppd->dd)) {
+ unsigned long vl;
+ u64 sum_vl_xmit_wait = 0;
+- u32 vl_all_mask = VL_MASK_ALL;
++ unsigned long vl_all_mask = VL_MASK_ALL;
+
+- for_each_set_bit(vl, (unsigned long *)&(vl_all_mask),
+- 8 * sizeof(vl_all_mask)) {
++ for_each_set_bit(vl, &vl_all_mask, BITS_PER_LONG) {
+ u64 tmp = sum_vl_xmit_wait +
+ read_port_cntr(ppd, C_TX_WAIT_VL,
+ idx_from_vl(vl));
+@@ -2995,7 +2991,7 @@ static int pma_get_opa_datacounters(stru
+ u64 port_mask;
+ u8 port_num;
+ unsigned long vl;
+- u32 vl_select_mask;
++ unsigned long vl_select_mask;
+ int vfi;
+ u16 link_width;
+ u16 link_speed;
+@@ -3073,8 +3069,7 @@ static int pma_get_opa_datacounters(stru
+ * So in the for_each_set_bit() loop below, we don't need
+ * any additional checks for vl.
+ */
+- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
+- 8 * sizeof(req->vl_select_mask)) {
++ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
+ memset(vlinfo, 0, sizeof(*vlinfo));
+
+ rsp->vls[vfi].port_vl_xmit_data =
+@@ -3122,7 +3117,7 @@ static int pma_get_opa_datacounters(stru
+ vfi++;
+ }
+
+- a0_datacounters(ppd, rsp, vl_select_mask);
++ a0_datacounters(ppd, rsp);
+
+ if (resp_len)
+ *resp_len += response_data_size;
+@@ -3217,7 +3212,7 @@ static int pma_get_opa_porterrors(struct
+ struct _vls_ectrs *vlinfo;
+ unsigned long vl;
+ u64 port_mask, tmp;
+- u32 vl_select_mask;
++ unsigned long vl_select_mask;
+ int vfi;
+
+ req = (struct opa_port_error_counters64_msg *)pmp->data;
+@@ -3276,8 +3271,7 @@ static int pma_get_opa_porterrors(struct
+ vlinfo = &rsp->vls[0];
+ vfi = 0;
+ vl_select_mask = be32_to_cpu(req->vl_select_mask);
+- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
+- 8 * sizeof(req->vl_select_mask)) {
++ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
+ memset(vlinfo, 0, sizeof(*vlinfo));
+ rsp->vls[vfi].port_vl_xmit_discards =
+ cpu_to_be64(read_port_cntr(ppd, C_SW_XMIT_DSCD_VL,
+@@ -3488,7 +3482,7 @@ static int pma_set_opa_portstatus(struct
+ u32 nports = be32_to_cpu(pmp->mad_hdr.attr_mod) >> 24;
+ u64 portn = be64_to_cpu(req->port_select_mask[3]);
+ u32 counter_select = be32_to_cpu(req->counter_select_mask);
+- u32 vl_select_mask = VL_MASK_ALL; /* clear all per-vl cnts */
++ unsigned long vl_select_mask = VL_MASK_ALL; /* clear all per-vl cnts */
+ unsigned long vl;
+
+ if ((nports != 1) || (portn != 1 << port)) {
+@@ -3582,8 +3576,7 @@ static int pma_set_opa_portstatus(struct
+ if (counter_select & CS_UNCORRECTABLE_ERRORS)
+ write_dev_cntr(dd, C_DC_UNC_ERR, CNTR_INVALID_VL, 0);
+
+- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
+- 8 * sizeof(vl_select_mask)) {
++ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
+ if (counter_select & CS_PORT_XMIT_DATA)
+ write_port_cntr(ppd, C_TX_FLIT_VL, idx_from_vl(vl), 0);
+
--- /dev/null
+From 5d44adebbb7e785939df3db36ac360f5e8b73e44 Mon Sep 17 00:00:00 2001
+From: Danit Goldberg <danitg@mellanox.com>
+Date: Mon, 16 Sep 2019 09:48:18 +0300
+Subject: IB/mlx5: Free mpi in mp_slave mode
+
+From: Danit Goldberg <danitg@mellanox.com>
+
+commit 5d44adebbb7e785939df3db36ac360f5e8b73e44 upstream.
+
+ib_add_slave_port() allocates a multiport struct but never frees it.
+Don't leak memory, free the allocated mpi struct during driver unload.
+
+Cc: <stable@vger.kernel.org>
+Fixes: 32f69e4be269 ("{net, IB}/mlx5: Manage port association for multiport RoCE")
+Link: https://lore.kernel.org/r/20190916064818.19823-3-leon@kernel.org
+Signed-off-by: Danit Goldberg <danitg@mellanox.com>
+Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/mlx5/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/infiniband/hw/mlx5/main.c
++++ b/drivers/infiniband/hw/mlx5/main.c
+@@ -6370,6 +6370,7 @@ static void mlx5_ib_remove(struct mlx5_c
+ mlx5_ib_unbind_slave_port(mpi->ibdev, mpi);
+ list_del(&mpi->list);
+ mutex_unlock(&mlx5_ib_multiport_mutex);
++ kfree(mpi);
+ return;
+ }
+
--- /dev/null
+From fddbfeece9c7882cc47754c7da460fe427e3e85b Mon Sep 17 00:00:00 2001
+From: Luca Coelho <luciano.coelho@intel.com>
+Date: Tue, 24 Sep 2019 13:30:57 +0300
+Subject: iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
+
+From: Luca Coelho <luciano.coelho@intel.com>
+
+commit fddbfeece9c7882cc47754c7da460fe427e3e85b upstream.
+
+The intention was to have the GEO_TX_POWER_LIMIT command in FW version
+36 as well, but not all 8000 family got this feature enabled. The
+8000 family is the only one using version 36, so skip this version
+entirely. If we try to send this command to the firmwares that do not
+support it, we get a BAD_COMMAND response from the firmware.
+
+This fixes https://bugzilla.kernel.org/show_bug.cgi?id=204151.
+
+Cc: stable@vger.kernel.org # 4.19+
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+@@ -843,11 +843,13 @@ static bool iwl_mvm_sar_geo_support(stru
+ * firmware versions. Unfortunately, we don't have a TLV API
+ * flag to rely on, so rely on the major version which is in
+ * the first byte of ucode_ver. This was implemented
+- * initially on version 38 and then backported to 36, 29 and
+- * 17.
++ * initially on version 38 and then backported to29 and 17.
++ * The intention was to have it in 36 as well, but not all
++ * 8000 family got this feature enabled. The 8000 family is
++ * the only one using version 36, so skip this version
++ * entirely.
+ */
+ return IWL_UCODE_SERIAL(mvm->fw->ucode_ver) >= 38 ||
+- IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 36 ||
+ IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 29 ||
+ IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 17;
+ }
--- /dev/null
+From c9dccacfccc72c32692eedff4a27a4b0833a2afd Mon Sep 17 00:00:00 2001
+From: Vincent Whitchurch <vincent.whitchurch@axis.com>
+Date: Thu, 11 Jul 2019 16:29:37 +0200
+Subject: printk: Do not lose last line in kmsg buffer dump
+
+From: Vincent Whitchurch <vincent.whitchurch@axis.com>
+
+commit c9dccacfccc72c32692eedff4a27a4b0833a2afd upstream.
+
+kmsg_dump_get_buffer() is supposed to select all the youngest log
+messages which fit into the provided buffer. It determines the correct
+start index by using msg_print_text() with a NULL buffer to calculate
+the size of each entry. However, when performing the actual writes,
+msg_print_text() only writes the entry to the buffer if the written len
+is lesser than the size of the buffer. So if the lengths of the
+selected youngest log messages happen to precisely fill up the provided
+buffer, the last log message is not included.
+
+We don't want to modify msg_print_text() to fill up the buffer and start
+returning a length which is equal to the size of the buffer, since
+callers of its other users, such as kmsg_dump_get_line(), depend upon
+the current behaviour.
+
+Instead, fix kmsg_dump_get_buffer() to compensate for this.
+
+For example, with the following two final prints:
+
+[ 6.427502] AAAAAAAAAAAAA
+[ 6.427769] BBBBBBBB12345
+
+A dump of a 64-byte buffer filled by kmsg_dump_get_buffer(), before this
+patch:
+
+ 00000000: 3c 30 3e 5b 20 20 20 20 36 2e 35 32 32 31 39 37 <0>[ 6.522197
+ 00000010: 5d 20 41 41 41 41 41 41 41 41 41 41 41 41 41 0a ] AAAAAAAAAAAAA.
+ 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+
+After this patch:
+
+ 00000000: 3c 30 3e 5b 20 20 20 20 36 2e 34 35 36 36 37 38 <0>[ 6.456678
+ 00000010: 5d 20 42 42 42 42 42 42 42 42 31 32 33 34 35 0a ] BBBBBBBB12345.
+ 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+
+Link: http://lkml.kernel.org/r/20190711142937.4083-1-vincent.whitchurch@axis.com
+Fixes: e2ae715d66bf4bec ("kmsg - kmsg_dump() use iterator to receive log buffer content")
+To: rostedt@goodmis.org
+Cc: linux-kernel@vger.kernel.org
+Cc: <stable@vger.kernel.org> # v3.5+
+Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
+Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/printk/printk.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/printk/printk.c
++++ b/kernel/printk/printk.c
+@@ -3210,7 +3210,7 @@ bool kmsg_dump_get_buffer(struct kmsg_du
+ /* move first record forward until length fits into the buffer */
+ seq = dumper->cur_seq;
+ idx = dumper->cur_idx;
+- while (l > size && seq < dumper->next_seq) {
++ while (l >= size && seq < dumper->next_seq) {
+ struct printk_log *msg = log_from_idx(idx);
+
+ l -= msg_print_text(msg, true, NULL, 0);
--- /dev/null
+From 60f2c82ed20bde57c362e66f796cf9e0e38a6dbb Mon Sep 17 00:00:00 2001
+From: Joonwon Kang <kjw1627@gmail.com>
+Date: Sun, 28 Jul 2019 00:58:41 +0900
+Subject: randstruct: Check member structs in is_pure_ops_struct()
+
+From: Joonwon Kang <kjw1627@gmail.com>
+
+commit 60f2c82ed20bde57c362e66f796cf9e0e38a6dbb upstream.
+
+While no uses in the kernel triggered this case, it was possible to have
+a false negative where a struct contains other structs which contain only
+function pointers because of unreachable code in is_pure_ops_struct().
+
+Signed-off-by: Joonwon Kang <kjw1627@gmail.com>
+Link: https://lore.kernel.org/r/20190727155841.GA13586@host
+Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin")
+Cc: stable@vger.kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/gcc-plugins/randomize_layout_plugin.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/scripts/gcc-plugins/randomize_layout_plugin.c
++++ b/scripts/gcc-plugins/randomize_layout_plugin.c
+@@ -443,13 +443,13 @@ static int is_pure_ops_struct(const_tree
+ if (node == fieldtype)
+ continue;
+
+- if (!is_fptr(fieldtype))
+- return 0;
+-
+- if (code != RECORD_TYPE && code != UNION_TYPE)
++ if (code == RECORD_TYPE || code == UNION_TYPE) {
++ if (!is_pure_ops_struct(fieldtype))
++ return 0;
+ continue;
++ }
+
+- if (!is_pure_ops_struct(fieldtype))
++ if (!is_fptr(fieldtype))
+ return 0;
+ }
+
--- /dev/null
+From 8b5292bcfcacf15182a77a973a98d310e76fd58b Mon Sep 17 00:00:00 2001
+From: Quinn Tran <qutran@marvell.com>
+Date: Fri, 26 Jul 2019 09:07:32 -0700
+Subject: scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
+
+From: Quinn Tran <qutran@marvell.com>
+
+commit 8b5292bcfcacf15182a77a973a98d310e76fd58b upstream.
+
+Relogin fails to move forward due to scan_state flag indicating device is
+not there. Before relogin process, Session delete process accidently
+modified the scan_state flag.
+
+[mkp: typos plus corrected Fixes: sha as reported by sfr]
+
+Fixes: 2dee5521028c ("scsi: qla2xxx: Fix login state machine freeze")
+Cc: stable@vger.kernel.org
+Signed-off-by: Quinn Tran <qutran@marvell.com>
+Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_init.c | 25 ++++++++++++++++++++-----
+ drivers/scsi/qla2xxx/qla_os.c | 1 +
+ drivers/scsi/qla2xxx/qla_target.c | 1 -
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -216,8 +216,13 @@ qla2x00_async_login(struct scsi_qla_host
+ struct srb_iocb *lio;
+ int rval = QLA_FUNCTION_FAILED;
+
+- if (!vha->flags.online)
+- goto done;
++ if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) ||
++ fcport->loop_id == FC_NO_LOOP_ID) {
++ ql_log(ql_log_warn, vha, 0xffff,
++ "%s: %8phC - not sending command.\n",
++ __func__, fcport->port_name);
++ return rval;
++ }
+
+ sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL);
+ if (!sp)
+@@ -1123,8 +1128,13 @@ int qla24xx_async_gpdb(struct scsi_qla_h
+ struct port_database_24xx *pd;
+ struct qla_hw_data *ha = vha->hw;
+
+- if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT))
++ if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) ||
++ fcport->loop_id == FC_NO_LOOP_ID) {
++ ql_log(ql_log_warn, vha, 0xffff,
++ "%s: %8phC - not sending command.\n",
++ __func__, fcport->port_name);
+ return rval;
++ }
+
+ fcport->disc_state = DSC_GPDB;
+
+@@ -1904,8 +1914,11 @@ qla24xx_handle_plogi_done_event(struct s
+ return;
+ }
+
+- if (fcport->disc_state == DSC_DELETE_PEND)
++ if ((fcport->disc_state == DSC_DELETE_PEND) ||
++ (fcport->disc_state == DSC_DELETED)) {
++ set_bit(RELOGIN_NEEDED, &vha->dpc_flags);
+ return;
++ }
+
+ if (ea->sp->gen2 != fcport->login_gen) {
+ /* target side must have changed it. */
+@@ -6557,8 +6570,10 @@ qla2x00_abort_isp_cleanup(scsi_qla_host_
+ }
+
+ /* Clear all async request states across all VPs. */
+- list_for_each_entry(fcport, &vha->vp_fcports, list)
++ list_for_each_entry(fcport, &vha->vp_fcports, list) {
+ fcport->flags &= ~(FCF_LOGIN_NEEDED | FCF_ASYNC_SENT);
++ fcport->scan_state = 0;
++ }
+ spin_lock_irqsave(&ha->vport_slock, flags);
+ list_for_each_entry(vp, &ha->vp_list, list) {
+ atomic_inc(&vp->vref_count);
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -4864,6 +4864,7 @@ void qla24xx_create_new_sess(struct scsi
+ if (fcport) {
+ fcport->id_changed = 1;
+ fcport->scan_state = QLA_FCPORT_FOUND;
++ fcport->chip_reset = vha->hw->base_qpair->chip_reset;
+ memcpy(fcport->node_name, e->u.new_sess.node_name, WWN_SIZE);
+
+ if (pla) {
+--- a/drivers/scsi/qla2xxx/qla_target.c
++++ b/drivers/scsi/qla2xxx/qla_target.c
+@@ -1216,7 +1216,6 @@ static void qla24xx_chk_fcp_state(struct
+ sess->logout_on_delete = 0;
+ sess->logo_ack_needed = 0;
+ sess->fw_login_state = DSC_LS_PORT_UNAVAIL;
+- sess->scan_state = 0;
+ }
+ }
+
--- /dev/null
+From 57adf5d4cfd3198aa480e7c94a101fc8c4e6109d Mon Sep 17 00:00:00 2001
+From: Martin Wilck <Martin.Wilck@suse.com>
+Date: Wed, 4 Sep 2019 15:52:29 +0000
+Subject: scsi: scsi_dh_rdac: zero cdb in send_mode_select()
+
+From: Martin Wilck <Martin.Wilck@suse.com>
+
+commit 57adf5d4cfd3198aa480e7c94a101fc8c4e6109d upstream.
+
+cdb in send_mode_select() is not zeroed and is only partially filled in
+rdac_failover_get(), which leads to some random data getting to the
+device. Users have reported storage responding to such commands with
+INVALID FIELD IN CDB. Code before commit 327825574132 was not affected, as
+it called blk_rq_set_block_pc().
+
+Fix this by zeroing out the cdb first.
+
+Identified & fix proposed by HPE.
+
+Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20190904155205.1666-1-martin.wilck@suse.com
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Acked-by: Ales Novak <alnovak@suse.cz>
+Reviewed-by: Shane Seymour <shane.seymour@hpe.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/device_handler/scsi_dh_rdac.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/scsi/device_handler/scsi_dh_rdac.c
++++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
+@@ -546,6 +546,8 @@ static void send_mode_select(struct work
+ spin_unlock(&ctlr->ms_lock);
+
+ retry:
++ memset(cdb, 0, sizeof(cdb));
++
+ data_size = rdac_failover_get(ctlr, &list, cdb);
+
+ RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, "
ieee802154-enforce-cap_net_raw-for-raw-sockets.patch
nfc-enforce-cap_net_raw-for-raw-sockets.patch
nfp-flower-prevent-memory-leak-in-nfp_flower_spawn_phy_reprs.patch
+iwlwifi-fw-don-t-send-geo_tx_power_limit-command-to-fw-version-36.patch
+alsa-firewire-tascam-handle-error-code-when-getting-current-source-of-clock.patch
+alsa-firewire-tascam-check-intermediate-state-of-clock-status-and-retry.patch
+scsi-scsi_dh_rdac-zero-cdb-in-send_mode_select.patch
+scsi-qla2xxx-fix-relogin-to-prevent-modifying-scan_state-flag.patch
+printk-do-not-lose-last-line-in-kmsg-buffer-dump.patch
+ib-mlx5-free-mpi-in-mp_slave-mode.patch
+ib-hfi1-define-variables-as-unsigned-long-to-fix-kasan-warning.patch
+randstruct-check-member-structs-in-is_pure_ops_struct.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
