--- /dev/null
+From dbb236c1ceb697a559e0694ac4c9e7b9131d0b16 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Thu, 8 Jun 2017 16:44:22 -0700
+Subject: arm64/vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit dbb236c1ceb697a559e0694ac4c9e7b9131d0b16 upstream.
+
+Recently vDSO support for CLOCK_MONOTONIC_RAW was added in
+49eea433b326 ("arm64: Add support for CLOCK_MONOTONIC_RAW in
+clock_gettime() vDSO"). Noticing that the core timekeeping code
+never set tkr_raw.xtime_nsec, the vDSO implementation didn't
+bother exposing it via the data page and instead took the
+unshifted tk->raw_time.tv_nsec value which was then immediately
+shifted left in the vDSO code.
+
+Unfortunately, by accellerating the MONOTONIC_RAW clockid, it
+uncovered potential 1ns time inconsistencies caused by the
+timekeeping core not handing sub-ns resolution.
+
+Now that the core code has been fixed and is actually setting
+tkr_raw.xtime_nsec, we need to take that into account in the
+vDSO by adding it to the shifted raw_time value, in order to
+fix the user-visible inconsistency. Rather than do that at each
+use (and expand the data page in the process), instead perform
+the shift/addition operation when populating the data page and
+remove the shift from the vDSO code entirely.
+
+[jstultz: minor whitespace tweak, tried to improve commit
+ message to make it more clear this fixes a regression]
+Reported-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Tested-by: Daniel Mentz <danielmentz@google.com>
+Acked-by: Kevin Brodsky <kevin.brodsky@arm.com>
+Cc: Prarit Bhargava <prarit@redhat.com>
+Cc: Richard Cochran <richardcochran@gmail.com>
+Cc: Stephen Boyd <stephen.boyd@linaro.org>
+Cc: Miroslav Lichvar <mlichvar@redhat.com>
+Link: http://lkml.kernel.org/r/1496965462-20003-4-git-send-email-john.stultz@linaro.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/vdso.c | 5 +++--
+ arch/arm64/kernel/vdso/gettimeofday.S | 1 -
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/arm64/kernel/vdso.c
++++ b/arch/arm64/kernel/vdso.c
+@@ -221,10 +221,11 @@ void update_vsyscall(struct timekeeper *
+ /* tkr_mono.cycle_last == tkr_raw.cycle_last */
+ vdso_data->cs_cycle_last = tk->tkr_mono.cycle_last;
+ vdso_data->raw_time_sec = tk->raw_time.tv_sec;
+- vdso_data->raw_time_nsec = tk->raw_time.tv_nsec;
++ vdso_data->raw_time_nsec = (tk->raw_time.tv_nsec <<
++ tk->tkr_raw.shift) +
++ tk->tkr_raw.xtime_nsec;
+ vdso_data->xtime_clock_sec = tk->xtime_sec;
+ vdso_data->xtime_clock_nsec = tk->tkr_mono.xtime_nsec;
+- /* tkr_raw.xtime_nsec == 0 */
+ vdso_data->cs_mono_mult = tk->tkr_mono.mult;
+ vdso_data->cs_raw_mult = tk->tkr_raw.mult;
+ /* tkr_mono.shift == tkr_raw.shift */
+--- a/arch/arm64/kernel/vdso/gettimeofday.S
++++ b/arch/arm64/kernel/vdso/gettimeofday.S
+@@ -256,7 +256,6 @@ monotonic_raw:
+ seqcnt_check fail=monotonic_raw
+
+ /* All computations are done with left-shifted nsecs. */
+- lsl x14, x14, x12
+ get_nsec_per_sec res=x9
+ lsl x9, x9, x12
+
--- /dev/null
+From 6e88491cf2a3b17199c78bd53348b39dc6a88275 Mon Sep 17 00:00:00 2001
+From: Junshan Fang <Junshan.Fang@amd.com>
+Date: Thu, 15 Jun 2017 14:02:20 +0800
+Subject: drm/amdgpu: add Polaris12 DID
+
+From: Junshan Fang <Junshan.Fang@amd.com>
+
+commit 6e88491cf2a3b17199c78bd53348b39dc6a88275 upstream.
+
+Signed-off-by: Junshan Fang <Junshan.Fang@amd.com>
+Reviewed-by: Roger.He <Hongbo.He@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+@@ -422,6 +422,7 @@ static const struct pci_device_id pciidl
+ {0x1002, 0x6986, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12},
+ {0x1002, 0x6987, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12},
+ {0x1002, 0x6995, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12},
++ {0x1002, 0x6997, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12},
+ {0x1002, 0x699F, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12},
+
+ {0, 0, 0}
--- /dev/null
+From 52b482b0f4fd6d5267faf29fe91398e203f3c230 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Thu, 15 Jun 2017 11:12:28 -0400
+Subject: drm/amdgpu: adjust default display clock
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit 52b482b0f4fd6d5267faf29fe91398e203f3c230 upstream.
+
+Increase the default display clock on newer asics to
+accomodate some high res modes with really high refresh
+rates.
+
+bug: https://bugs.freedesktop.org/show_bug.cgi?id=93826
+Acked-by: Chunming Zhou <david1.zhou@amd.com>
+Acked-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
+@@ -693,6 +693,10 @@ int amdgpu_atombios_get_clock_info(struc
+ DRM_INFO("Changing default dispclk from %dMhz to 600Mhz\n",
+ adev->clock.default_dispclk / 100);
+ adev->clock.default_dispclk = 60000;
++ } else if (adev->clock.default_dispclk <= 60000) {
++ DRM_INFO("Changing default dispclk from %dMhz to 625Mhz\n",
++ adev->clock.default_dispclk / 100);
++ adev->clock.default_dispclk = 62500;
+ }
+ adev->clock.dp_extclk =
+ le16_to_cpu(firmware_info->info_21.usUniphyDPModeExtClkFreq);
--- /dev/null
+From 05b4017b37f1fce4b7185f138126dd8decdb381f Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Thu, 15 Jun 2017 10:55:11 -0400
+Subject: drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit 05b4017b37f1fce4b7185f138126dd8decdb381f upstream.
+
+We were using the wrong structure which lead to an overflow
+on some boards.
+
+bug: https://bugs.freedesktop.org/show_bug.cgi?id=101387
+Acked-by: Chunming Zhou <david1.zhou@amd.com>
+Acked-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/atombios_crtc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/atombios_crtc.c
++++ b/drivers/gpu/drm/amd/amdgpu/atombios_crtc.c
+@@ -165,7 +165,7 @@ void amdgpu_atombios_crtc_powergate(stru
+ struct drm_device *dev = crtc->dev;
+ struct amdgpu_device *adev = dev->dev_private;
+ int index = GetIndexIntoMasterTable(COMMAND, EnableDispPowerGating);
+- ENABLE_DISP_POWER_GATING_PARAMETERS_V2_1 args;
++ ENABLE_DISP_POWER_GATING_PS_ALLOCATION args;
+
+ memset(&args, 0, sizeof(args));
+
+@@ -178,7 +178,7 @@ void amdgpu_atombios_crtc_powergate(stru
+ void amdgpu_atombios_crtc_powergate_init(struct amdgpu_device *adev)
+ {
+ int index = GetIndexIntoMasterTable(COMMAND, EnableDispPowerGating);
+- ENABLE_DISP_POWER_GATING_PARAMETERS_V2_1 args;
++ ENABLE_DISP_POWER_GATING_PS_ALLOCATION args;
+
+ memset(&args, 0, sizeof(args));
+
--- /dev/null
+From 4eb59793cca00b0e629b6d55b5abb5acb82c5868 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Mon, 19 Jun 2017 12:52:47 -0400
+Subject: drm/radeon: add a PX quirk for another K53TK variant
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit 4eb59793cca00b0e629b6d55b5abb5acb82c5868 upstream.
+
+Disable PX on these systems.
+
+bug: https://bugs.freedesktop.org/show_bug.cgi?id=101491
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/radeon/radeon_device.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/gpu/drm/radeon/radeon_device.c
++++ b/drivers/gpu/drm/radeon/radeon_device.c
+@@ -136,6 +136,10 @@ static struct radeon_px_quirk radeon_px_
+ * https://bugzilla.kernel.org/show_bug.cgi?id=51381
+ */
+ { PCI_VENDOR_ID_ATI, 0x6840, 0x1043, 0x2122, RADEON_PX_QUIRK_DISABLE_PX },
++ /* Asus K53TK laptop with AMD A6-3420M APU and Radeon 7670m GPU
++ * https://bugs.freedesktop.org/show_bug.cgi?id=101491
++ */
++ { PCI_VENDOR_ID_ATI, 0x6741, 0x1043, 0x2122, RADEON_PX_QUIRK_DISABLE_PX },
+ /* macbook pro 8.2 */
+ { PCI_VENDOR_ID_ATI, 0x6741, PCI_VENDOR_ID_APPLE, 0x00e2, RADEON_PX_QUIRK_LONG_WAKEUP },
+ { 0, 0, 0, 0, 0 },
--- /dev/null
+From acfd6ee4fa7ebeee75511825fe02be3f7ac1d668 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Mon, 19 Jun 2017 15:59:58 -0400
+Subject: drm/radeon: add a quirk for Toshiba Satellite L20-183
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit acfd6ee4fa7ebeee75511825fe02be3f7ac1d668 upstream.
+
+Fixes resume from suspend.
+
+bug: https://bugzilla.kernel.org/show_bug.cgi?id=196121
+Reported-by: Przemek <soprwa@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/radeon/radeon_combios.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/gpu/drm/radeon/radeon_combios.c
++++ b/drivers/gpu/drm/radeon/radeon_combios.c
+@@ -3393,6 +3393,13 @@ void radeon_combios_asic_init(struct drm
+ rdev->pdev->subsystem_vendor == 0x103c &&
+ rdev->pdev->subsystem_device == 0x280a)
+ return;
++ /* quirk for rs4xx Toshiba Sattellite L20-183 latop to make it resume
++ * - it hangs on resume inside the dynclk 1 table.
++ */
++ if (rdev->family == CHIP_RS400 &&
++ rdev->pdev->subsystem_vendor == 0x1179 &&
++ rdev->pdev->subsystem_device == 0xff31)
++ return;
+
+ /* DYN CLK 1 */
+ table = combios_get_table_offset(dev, COMBIOS_DYN_CLK_1_TABLE);
--- /dev/null
+From 105fa2f44e504c830697b0c794822112d79808dc Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Sat, 3 Jun 2017 05:35:47 -0700
+Subject: iscsi-target: Fix delayed logout processing greater than SECONDS_FOR_LOGOUT_COMP
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit 105fa2f44e504c830697b0c794822112d79808dc upstream.
+
+This patch fixes a BUG() in iscsit_close_session() that could be
+triggered when iscsit_logout_post_handler() execution from within
+tx thread context was not run for more than SECONDS_FOR_LOGOUT_COMP
+(15 seconds), and the TCP connection didn't already close before
+then forcing tx thread context to automatically exit.
+
+This would manifest itself during explicit logout as:
+
+[33206.974254] 1 connection(s) still exist for iSCSI session to iqn.1993-08.org.debian:01:3f5523242179
+[33206.980184] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 2100.772 msecs
+[33209.078643] ------------[ cut here ]------------
+[33209.078646] kernel BUG at drivers/target/iscsi/iscsi_target.c:4346!
+
+Normally when explicit logout attempt fails, the tx thread context
+exits and iscsit_close_connection() from rx thread context does the
+extra cleanup once it detects conn->conn_logout_remove has not been
+cleared by the logout type specific post handlers.
+
+To address this special case, if the logout post handler in tx thread
+context detects conn->tx_thread_active has already been cleared, simply
+return and exit in order for existing iscsit_close_connection()
+logic from rx thread context do failed logout cleanup.
+
+Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Tested-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Cc: Mike Christie <mchristi@redhat.com>
+Cc: Hannes Reinecke <hare@suse.de>
+Cc: Sagi Grimberg <sagig@mellanox.com>
+Tested-by: Gary Guo <ghg@datera.io>
+Tested-by: Chu Yuan Lin <cyl@datera.io>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/iscsi_target.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/drivers/target/iscsi/iscsi_target.c
++++ b/drivers/target/iscsi/iscsi_target.c
+@@ -4443,8 +4443,11 @@ static void iscsit_logout_post_handler_c
+ * always sleep waiting for RX/TX thread shutdown to complete
+ * within iscsit_close_connection().
+ */
+- if (!conn->conn_transport->rdma_shutdown)
++ if (!conn->conn_transport->rdma_shutdown) {
+ sleep = cmpxchg(&conn->tx_thread_active, true, false);
++ if (!sleep)
++ return;
++ }
+
+ atomic_set(&conn->conn_logout_remove, 0);
+ complete(&conn->conn_logout_comp);
+@@ -4460,8 +4463,11 @@ static void iscsit_logout_post_handler_s
+ {
+ int sleep = 1;
+
+- if (!conn->conn_transport->rdma_shutdown)
++ if (!conn->conn_transport->rdma_shutdown) {
+ sleep = cmpxchg(&conn->tx_thread_active, true, false);
++ if (!sleep)
++ return;
++ }
+
+ atomic_set(&conn->conn_logout_remove, 0);
+ complete(&conn->conn_logout_comp);
--- /dev/null
+From abb85a9b512e8ca7ad04a5a8a6db9664fe644974 Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Wed, 7 Jun 2017 20:29:50 -0700
+Subject: iscsi-target: Reject immediate data underflow larger than SCSI transfer length
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit abb85a9b512e8ca7ad04a5a8a6db9664fe644974 upstream.
+
+When iscsi WRITE underflow occurs there are two different scenarios
+that can happen.
+
+Normally in practice, when an EDTL vs. SCSI CDB TRANSFER LENGTH
+underflow is detected, the iscsi immediate data payload is the
+smaller SCSI CDB TRANSFER LENGTH.
+
+That is, when a host fabric LLD is using a fixed size EDTL for
+a specific control CDB, the SCSI CDB TRANSFER LENGTH and actual
+SCSI payload ends up being smaller than EDTL. In iscsi, this
+means the received iscsi immediate data payload matches the
+smaller SCSI CDB TRANSFER LENGTH, because there is no more
+SCSI payload to accept beyond SCSI CDB TRANSFER LENGTH.
+
+However, it's possible for a malicous host to send a WRITE
+underflow where EDTL is larger than SCSI CDB TRANSFER LENGTH,
+but incoming iscsi immediate data actually matches EDTL.
+
+In the wild, we've never had a iscsi host environment actually
+try to do this.
+
+For this special case, it's wrong to truncate part of the
+control CDB payload and continue to process the command during
+underflow when immediate data payload received was larger than
+SCSI CDB TRANSFER LENGTH, so go ahead and reject and drop the
+bogus payload as a defensive action.
+
+Note this potential bug was originally relaxed by the following
+for allowing WRITE underflow in MSFT FCP host environments:
+
+ commit c72c5250224d475614a00c1d7e54a67f77cd3410
+ Author: Roland Dreier <roland@purestorage.com>
+ Date: Wed Jul 22 15:08:18 2015 -0700
+
+ target: allow underflow/overflow for PR OUT etc. commands
+
+Cc: Roland Dreier <roland@purestorage.com>
+Cc: Mike Christie <mchristi@redhat.com>
+Cc: Hannes Reinecke <hare@suse.de>
+Cc: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/iscsi_target.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/drivers/target/iscsi/iscsi_target.c
++++ b/drivers/target/iscsi/iscsi_target.c
+@@ -1289,6 +1289,18 @@ iscsit_get_immediate_data(struct iscsi_c
+ */
+ if (dump_payload)
+ goto after_immediate_data;
++ /*
++ * Check for underflow case where both EDTL and immediate data payload
++ * exceeds what is presented by CDB's TRANSFER LENGTH, and what has
++ * already been set in target_cmd_size_check() as se_cmd->data_length.
++ *
++ * For this special case, fail the command and dump the immediate data
++ * payload.
++ */
++ if (cmd->first_burst_len > cmd->se_cmd.data_length) {
++ cmd->sense_reason = TCM_INVALID_CDB_FIELD;
++ goto after_immediate_data;
++ }
+
+ immed_ret = iscsit_handle_immediate_data(cmd, hdr,
+ cmd->first_burst_len);
brcmfmac-unbind-all-devices-upon-failure-in-firmware-callback.patch
time-fix-clock-read-clock-race-around-clocksource-changes.patch
time-fix-clock_monotonic_raw-sub-nanosecond-accounting.patch
+arm64-vdso-fix-nsec-handling-for-clock_monotonic_raw.patch
+target-fix-kref-refcount-underflow-in-transport_cmd_finish_abort.patch
+iscsi-target-fix-delayed-logout-processing-greater-than-seconds_for_logout_comp.patch
+iscsi-target-reject-immediate-data-underflow-larger-than-scsi-transfer-length.patch
+drm-radeon-add-a-px-quirk-for-another-k53tk-variant.patch
+drm-radeon-add-a-quirk-for-toshiba-satellite-l20-183.patch
+drm-amdgpu-atom-fix-ps-allocation-size-for-enabledisppowergating.patch
+drm-amdgpu-adjust-default-display-clock.patch
+drm-amdgpu-add-polaris12-did.patch
--- /dev/null
+From 73d4e580ccc5c3e05cea002f18111f66c9c07034 Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Fri, 2 Jun 2017 20:00:17 -0700
+Subject: target: Fix kref->refcount underflow in transport_cmd_finish_abort
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit 73d4e580ccc5c3e05cea002f18111f66c9c07034 upstream.
+
+This patch fixes a se_cmd->cmd_kref underflow during CMD_T_ABORTED
+when a fabric driver drops it's second reference from below the
+target_core_tmr.c based callers of transport_cmd_finish_abort().
+
+Recently with the conversion of kref to refcount_t, this bug was
+manifesting itself as:
+
+[705519.601034] refcount_t: underflow; use-after-free.
+[705519.604034] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 20116.512 msecs
+[705539.719111] ------------[ cut here ]------------
+[705539.719117] WARNING: CPU: 3 PID: 26510 at lib/refcount.c:184 refcount_sub_and_test+0x33/0x51
+
+Since the original kref atomic_t based kref_put() didn't check for
+underflow and only invoked the final callback when zero was reached,
+this bug did not manifest in practice since all se_cmd memory is
+using preallocated tags.
+
+To address this, go ahead and propigate the existing return from
+transport_put_cmd() up via transport_cmd_finish_abort(), and
+change transport_cmd_finish_abort() + core_tmr_handle_tas_abort()
+callers to only do their local target_put_sess_cmd() if necessary.
+
+Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Tested-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Cc: Mike Christie <mchristi@redhat.com>
+Cc: Hannes Reinecke <hare@suse.de>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Himanshu Madhani <himanshu.madhani@qlogic.com>
+Cc: Sagi Grimberg <sagig@mellanox.com>
+Tested-by: Gary Guo <ghg@datera.io>
+Tested-by: Chu Yuan Lin <cyl@datera.io>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_internal.h | 2 +-
+ drivers/target/target_core_tmr.c | 16 ++++++++--------
+ drivers/target/target_core_transport.c | 9 ++++++---
+ 3 files changed, 15 insertions(+), 12 deletions(-)
+
+--- a/drivers/target/target_core_internal.h
++++ b/drivers/target/target_core_internal.h
+@@ -136,7 +136,7 @@ int init_se_kmem_caches(void);
+ void release_se_kmem_caches(void);
+ u32 scsi_get_new_index(scsi_index_t);
+ void transport_subsystem_check_init(void);
+-void transport_cmd_finish_abort(struct se_cmd *, int);
++int transport_cmd_finish_abort(struct se_cmd *, int);
+ unsigned char *transport_dump_cmd_direction(struct se_cmd *);
+ void transport_dump_dev_state(struct se_device *, char *, int *);
+ void transport_dump_dev_info(struct se_device *, struct se_lun *,
+--- a/drivers/target/target_core_tmr.c
++++ b/drivers/target/target_core_tmr.c
+@@ -75,7 +75,7 @@ void core_tmr_release_req(struct se_tmr_
+ kfree(tmr);
+ }
+
+-static void core_tmr_handle_tas_abort(struct se_cmd *cmd, int tas)
++static int core_tmr_handle_tas_abort(struct se_cmd *cmd, int tas)
+ {
+ unsigned long flags;
+ bool remove = true, send_tas;
+@@ -91,7 +91,7 @@ static void core_tmr_handle_tas_abort(st
+ transport_send_task_abort(cmd);
+ }
+
+- transport_cmd_finish_abort(cmd, remove);
++ return transport_cmd_finish_abort(cmd, remove);
+ }
+
+ static int target_check_cdb_and_preempt(struct list_head *list,
+@@ -184,8 +184,8 @@ void core_tmr_abort_task(
+ cancel_work_sync(&se_cmd->work);
+ transport_wait_for_tasks(se_cmd);
+
+- transport_cmd_finish_abort(se_cmd, true);
+- target_put_sess_cmd(se_cmd);
++ if (!transport_cmd_finish_abort(se_cmd, true))
++ target_put_sess_cmd(se_cmd);
+
+ printk("ABORT_TASK: Sending TMR_FUNCTION_COMPLETE for"
+ " ref_tag: %llu\n", ref_tag);
+@@ -281,8 +281,8 @@ static void core_tmr_drain_tmr_list(
+ cancel_work_sync(&cmd->work);
+ transport_wait_for_tasks(cmd);
+
+- transport_cmd_finish_abort(cmd, 1);
+- target_put_sess_cmd(cmd);
++ if (!transport_cmd_finish_abort(cmd, 1))
++ target_put_sess_cmd(cmd);
+ }
+ }
+
+@@ -380,8 +380,8 @@ static void core_tmr_drain_state_list(
+ cancel_work_sync(&cmd->work);
+ transport_wait_for_tasks(cmd);
+
+- core_tmr_handle_tas_abort(cmd, tas);
+- target_put_sess_cmd(cmd);
++ if (!core_tmr_handle_tas_abort(cmd, tas))
++ target_put_sess_cmd(cmd);
+ }
+ }
+
+--- a/drivers/target/target_core_transport.c
++++ b/drivers/target/target_core_transport.c
+@@ -651,9 +651,10 @@ static void transport_lun_remove_cmd(str
+ percpu_ref_put(&lun->lun_ref);
+ }
+
+-void transport_cmd_finish_abort(struct se_cmd *cmd, int remove)
++int transport_cmd_finish_abort(struct se_cmd *cmd, int remove)
+ {
+ bool ack_kref = (cmd->se_cmd_flags & SCF_ACK_KREF);
++ int ret = 0;
+
+ if (cmd->se_cmd_flags & SCF_SE_LUN_CMD)
+ transport_lun_remove_cmd(cmd);
+@@ -665,9 +666,11 @@ void transport_cmd_finish_abort(struct s
+ cmd->se_tfo->aborted_task(cmd);
+
+ if (transport_cmd_check_stop_to_fabric(cmd))
+- return;
++ return 1;
+ if (remove && ack_kref)
+- transport_put_cmd(cmd);
++ ret = transport_put_cmd(cmd);
++
++ return ret;
+ }
+
+ static void target_complete_failure_work(struct work_struct *work)
projects / thirdparty / kernel / stable-queue.git / commitdiff
