--- /dev/null
+From dcaf9aed995c2b2a49fb86bbbcfa2f92c797ab5d Mon Sep 17 00:00:00 2001
+From: Vijaya Mohan Guvva <vmohan@brocade.com>
+Date: Wed, 4 Dec 2013 05:43:58 -0800
+Subject: SCSI: bfa: Chinook quad port 16G FC HBA claim issue
+
+From: Vijaya Mohan Guvva <vmohan@brocade.com>
+
+commit dcaf9aed995c2b2a49fb86bbbcfa2f92c797ab5d upstream.
+
+Bfa driver crash is observed while pushing the firmware on to chinook
+quad port card due to uninitialized bfi_image_ct2 access which gets
+initialized only for CT2 ASIC based cards after request_firmware().
+For quard port chinook (CT2 ASIC based), bfi_image_ct2 is not getting
+initialized as there is no check for chinook PCI device ID before
+request_firmware and instead bfi_image_cb is initialized as it is the
+default case for card type check.
+
+This patch includes changes to read the right firmware for quad port chinook.
+
+Signed-off-by: Vijaya Mohan Guvva <vmohan@brocade.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/bfa/bfad.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/bfa/bfad.c
++++ b/drivers/scsi/bfa/bfad.c
+@@ -1824,7 +1824,7 @@ out:
+ static u32 *
+ bfad_load_fwimg(struct pci_dev *pdev)
+ {
+- if (pdev->device == BFA_PCI_DEVICE_ID_CT2) {
++ if (bfa_asic_id_ct2(pdev->device)) {
+ if (bfi_image_ct2_size == 0)
+ bfad_read_firmware(pdev, &bfi_image_ct2,
+ &bfi_image_ct2_size, BFAD_FW_FILE_CT2);
+@@ -1834,12 +1834,14 @@ bfad_load_fwimg(struct pci_dev *pdev)
+ bfad_read_firmware(pdev, &bfi_image_ct,
+ &bfi_image_ct_size, BFAD_FW_FILE_CT);
+ return bfi_image_ct;
+- } else {
++ } else if (bfa_asic_id_cb(pdev->device)) {
+ if (bfi_image_cb_size == 0)
+ bfad_read_firmware(pdev, &bfi_image_cb,
+ &bfi_image_cb_size, BFAD_FW_FILE_CB);
+ return bfi_image_cb;
+ }
++
++ return NULL;
+ }
+
+ static void
alsa-hda-hdmi-introduce-patch_nvhdmi.patch
alsa-hda-hdmi-allow-pin_out-to-be-dynamically-enabled.patch
iwlwifi-pcie-fix-interrupt-coalescing-for-7260-3160.patch
+usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch
+scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch
+virtio-scsi-fix-hotcpu_notifier-use-after-free-with-virtscsi_freeze.patch
+target-iscsi-fix-network-portal-creation-race.patch
--- /dev/null
+From ee291e63293146db64668e8d65eb35c97e8324f4 Mon Sep 17 00:00:00 2001
+From: Andy Grover <agrover@redhat.com>
+Date: Fri, 24 Jan 2014 16:18:54 -0800
+Subject: target/iscsi: Fix network portal creation race
+
+From: Andy Grover <agrover@redhat.com>
+
+commit ee291e63293146db64668e8d65eb35c97e8324f4 upstream.
+
+When creating network portals rapidly, such as when restoring a
+configuration, LIO's code to reuse existing portals can return a false
+negative if the thread hasn't run yet and set np_thread_state to
+ISCSI_NP_THREAD_ACTIVE. This causes an error in the network stack
+when attempting to bind to the same address/port.
+
+This patch sets NP_THREAD_ACTIVE before the np is placed on g_np_list,
+so even if the thread hasn't run yet, iscsit_get_np will return the
+existing np.
+
+Also, convert np_lock -> np_mutex + hold across adding new net portal
+to g_np_list to prevent a race where two threads may attempt to create
+the same network portal, resulting in one of them failing.
+
+(nab: Add missing mutex_unlocks in iscsit_add_np failure paths)
+(DanC: Fix incorrect spin_unlock -> spin_unlock_bh)
+
+Signed-off-by: Andy Grover <agrover@redhat.com>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/iscsi_target.c | 34 +++++++++++++++++++++-------------
+ 1 file changed, 21 insertions(+), 13 deletions(-)
+
+--- a/drivers/target/iscsi/iscsi_target.c
++++ b/drivers/target/iscsi/iscsi_target.c
+@@ -54,7 +54,7 @@
+ static LIST_HEAD(g_tiqn_list);
+ static LIST_HEAD(g_np_list);
+ static DEFINE_SPINLOCK(tiqn_lock);
+-static DEFINE_SPINLOCK(np_lock);
++static DEFINE_MUTEX(np_lock);
+
+ static struct idr tiqn_idr;
+ struct idr sess_idr;
+@@ -303,6 +303,9 @@ bool iscsit_check_np_match(
+ return false;
+ }
+
++/*
++ * Called with mutex np_lock held
++ */
+ static struct iscsi_np *iscsit_get_np(
+ struct __kernel_sockaddr_storage *sockaddr,
+ int network_transport)
+@@ -310,11 +313,10 @@ static struct iscsi_np *iscsit_get_np(
+ struct iscsi_np *np;
+ bool match;
+
+- spin_lock_bh(&np_lock);
+ list_for_each_entry(np, &g_np_list, np_list) {
+- spin_lock(&np->np_thread_lock);
++ spin_lock_bh(&np->np_thread_lock);
+ if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
+- spin_unlock(&np->np_thread_lock);
++ spin_unlock_bh(&np->np_thread_lock);
+ continue;
+ }
+
+@@ -326,13 +328,11 @@ static struct iscsi_np *iscsit_get_np(
+ * while iscsi_tpg_add_network_portal() is called.
+ */
+ np->np_exports++;
+- spin_unlock(&np->np_thread_lock);
+- spin_unlock_bh(&np_lock);
++ spin_unlock_bh(&np->np_thread_lock);
+ return np;
+ }
+- spin_unlock(&np->np_thread_lock);
++ spin_unlock_bh(&np->np_thread_lock);
+ }
+- spin_unlock_bh(&np_lock);
+
+ return NULL;
+ }
+@@ -346,16 +346,22 @@ struct iscsi_np *iscsit_add_np(
+ struct sockaddr_in6 *sock_in6;
+ struct iscsi_np *np;
+ int ret;
++
++ mutex_lock(&np_lock);
++
+ /*
+ * Locate the existing struct iscsi_np if already active..
+ */
+ np = iscsit_get_np(sockaddr, network_transport);
+- if (np)
++ if (np) {
++ mutex_unlock(&np_lock);
+ return np;
++ }
+
+ np = kzalloc(sizeof(struct iscsi_np), GFP_KERNEL);
+ if (!np) {
+ pr_err("Unable to allocate memory for struct iscsi_np\n");
++ mutex_unlock(&np_lock);
+ return ERR_PTR(-ENOMEM);
+ }
+
+@@ -378,6 +384,7 @@ struct iscsi_np *iscsit_add_np(
+ ret = iscsi_target_setup_login_socket(np, sockaddr);
+ if (ret != 0) {
+ kfree(np);
++ mutex_unlock(&np_lock);
+ return ERR_PTR(ret);
+ }
+
+@@ -386,6 +393,7 @@ struct iscsi_np *iscsit_add_np(
+ pr_err("Unable to create kthread: iscsi_np\n");
+ ret = PTR_ERR(np->np_thread);
+ kfree(np);
++ mutex_unlock(&np_lock);
+ return ERR_PTR(ret);
+ }
+ /*
+@@ -396,10 +404,10 @@ struct iscsi_np *iscsit_add_np(
+ * point because iscsi_np has not been added to g_np_list yet.
+ */
+ np->np_exports = 1;
++ np->np_thread_state = ISCSI_NP_THREAD_ACTIVE;
+
+- spin_lock_bh(&np_lock);
+ list_add_tail(&np->np_list, &g_np_list);
+- spin_unlock_bh(&np_lock);
++ mutex_unlock(&np_lock);
+
+ pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n",
+ np->np_ip, np->np_port, np->np_transport->name);
+@@ -469,9 +477,9 @@ int iscsit_del_np(struct iscsi_np *np)
+
+ np->np_transport->iscsit_free_np(np);
+
+- spin_lock_bh(&np_lock);
++ mutex_lock(&np_lock);
+ list_del(&np->np_list);
+- spin_unlock_bh(&np_lock);
++ mutex_unlock(&np_lock);
+
+ pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n",
+ np->np_ip, np->np_port, np->np_transport->name);
--- /dev/null
+From 83e83ecb79a8225e79bc8e54e9aff3e0e27658a2 Mon Sep 17 00:00:00 2001
+From: Thomas Pugliese <thomas.pugliese@gmail.com>
+Date: Mon, 9 Dec 2013 13:40:29 -0600
+Subject: usb: core: get config and string descriptors for unauthorized devices
+
+From: Thomas Pugliese <thomas.pugliese@gmail.com>
+
+commit 83e83ecb79a8225e79bc8e54e9aff3e0e27658a2 upstream.
+
+There is no need to skip querying the config and string descriptors for
+unauthorized WUSB devices when usb_new_device is called. It is allowed
+by WUSB spec. The only action that needs to be delayed until
+authorization time is the set config. This change allows user mode
+tools to see the config and string descriptors earlier in enumeration
+which is needed for some WUSB devices to function properly on Android
+systems. It also reduces the amount of divergent code paths needed
+for WUSB devices.
+
+Signed-off-by: Thomas Pugliese <thomas.pugliese@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/core/config.c | 7 -------
+ drivers/usb/core/hub.c | 40 +++++++---------------------------------
+ 2 files changed, 7 insertions(+), 40 deletions(-)
+
+--- a/drivers/usb/core/config.c
++++ b/drivers/usb/core/config.c
+@@ -651,10 +651,6 @@ void usb_destroy_configuration(struct us
+ *
+ * hub-only!! ... and only in reset path, or usb_new_device()
+ * (used by real hubs and virtual root hubs)
+- *
+- * NOTE: if this is a WUSB device and is not authorized, we skip the
+- * whole thing. A non-authorized USB device has no
+- * configurations.
+ */
+ int usb_get_configuration(struct usb_device *dev)
+ {
+@@ -666,8 +662,6 @@ int usb_get_configuration(struct usb_dev
+ struct usb_config_descriptor *desc;
+
+ cfgno = 0;
+- if (dev->authorized == 0) /* Not really an error */
+- goto out_not_authorized;
+ result = -ENOMEM;
+ if (ncfg > USB_MAXCONFIG) {
+ dev_warn(ddev, "too many configurations: %d, "
+@@ -751,7 +745,6 @@ int usb_get_configuration(struct usb_dev
+
+ err:
+ kfree(desc);
+-out_not_authorized:
+ dev->descriptor.bNumConfigurations = cfgno;
+ err2:
+ if (result == -ENOMEM)
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -2231,18 +2231,13 @@ static int usb_enumerate_device(struct u
+ return err;
+ }
+ }
+- if (udev->wusb == 1 && udev->authorized == 0) {
+- udev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+- udev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+- udev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+- }
+- else {
+- /* read the standard strings and cache them if present */
+- udev->product = usb_cache_string(udev, udev->descriptor.iProduct);
+- udev->manufacturer = usb_cache_string(udev,
+- udev->descriptor.iManufacturer);
+- udev->serial = usb_cache_string(udev, udev->descriptor.iSerialNumber);
+- }
++
++ /* read the standard strings and cache them if present */
++ udev->product = usb_cache_string(udev, udev->descriptor.iProduct);
++ udev->manufacturer = usb_cache_string(udev,
++ udev->descriptor.iManufacturer);
++ udev->serial = usb_cache_string(udev, udev->descriptor.iSerialNumber);
++
+ err = usb_enumerate_device_otg(udev);
+ if (err < 0)
+ return err;
+@@ -2421,16 +2416,6 @@ int usb_deauthorize_device(struct usb_de
+ usb_dev->authorized = 0;
+ usb_set_configuration(usb_dev, -1);
+
+- kfree(usb_dev->product);
+- usb_dev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+- kfree(usb_dev->manufacturer);
+- usb_dev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+- kfree(usb_dev->serial);
+- usb_dev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+-
+- usb_destroy_configuration(usb_dev);
+- usb_dev->descriptor.bNumConfigurations = 0;
+-
+ out_unauthorized:
+ usb_unlock_device(usb_dev);
+ return 0;
+@@ -2458,17 +2443,7 @@ int usb_authorize_device(struct usb_devi
+ goto error_device_descriptor;
+ }
+
+- kfree(usb_dev->product);
+- usb_dev->product = NULL;
+- kfree(usb_dev->manufacturer);
+- usb_dev->manufacturer = NULL;
+- kfree(usb_dev->serial);
+- usb_dev->serial = NULL;
+-
+ usb_dev->authorized = 1;
+- result = usb_enumerate_device(usb_dev);
+- if (result < 0)
+- goto error_enumerate;
+ /* Choose and set the configuration. This registers the interfaces
+ * with the driver core and lets interface drivers bind to them.
+ */
+@@ -2484,7 +2459,6 @@ int usb_authorize_device(struct usb_devi
+ }
+ dev_info(&usb_dev->dev, "authorized to connect\n");
+
+-error_enumerate:
+ error_device_descriptor:
+ usb_autosuspend_device(usb_dev);
+ error_autoresume:
--- /dev/null
+From f466f75385369a181409e46da272db3de6f5c5cb Mon Sep 17 00:00:00 2001
+From: Asias He <asias.hejun@gmail.com>
+Date: Thu, 16 Jan 2014 10:18:48 +1030
+Subject: virtio-scsi: Fix hotcpu_notifier use-after-free with virtscsi_freeze
+
+From: Asias He <asias.hejun@gmail.com>
+
+commit f466f75385369a181409e46da272db3de6f5c5cb upstream.
+
+vqs are freed in virtscsi_freeze but the hotcpu_notifier is not
+unregistered. We will have a use-after-free usage when the notifier
+callback is called after virtscsi_freeze.
+
+Fixes: 285e71ea6f3583a85e27cb2b9a7d8c35d4c0d558
+("virtio-scsi: reset virtqueue affinity when doing cpu hotplug")
+
+Signed-off-by: Asias He <asias.hejun@gmail.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/virtio_scsi.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/virtio_scsi.c
++++ b/drivers/scsi/virtio_scsi.c
+@@ -957,6 +957,10 @@ static void virtscsi_remove(struct virti
+ #ifdef CONFIG_PM
+ static int virtscsi_freeze(struct virtio_device *vdev)
+ {
++ struct Scsi_Host *sh = virtio_scsi_host(vdev);
++ struct virtio_scsi *vscsi = shost_priv(sh);
++
++ unregister_hotcpu_notifier(&vscsi->nb);
+ virtscsi_remove_vqs(vdev);
+ return 0;
+ }
+@@ -965,8 +969,17 @@ static int virtscsi_restore(struct virti
+ {
+ struct Scsi_Host *sh = virtio_scsi_host(vdev);
+ struct virtio_scsi *vscsi = shost_priv(sh);
++ int err;
++
++ err = virtscsi_init(vdev, vscsi);
++ if (err)
++ return err;
++
++ err = register_hotcpu_notifier(&vscsi->nb);
++ if (err)
++ vdev->config->del_vqs(vdev);
+
+- return virtscsi_init(vdev, vscsi);
++ return err;
+ }
+ #endif
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
