--- /dev/null
+From 0a73d0a204a4a04a1e110539c5a524ae51f91d6d Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sun, 12 Jul 2015 10:34:29 -0400
+Subject: 9p: don't leave a half-initialized inode sitting around
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 0a73d0a204a4a04a1e110539c5a524ae51f91d6d upstream.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/9p/vfs_inode.c | 3 +--
+ fs/9p/vfs_inode_dotl.c | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+--- a/fs/9p/vfs_inode.c
++++ b/fs/9p/vfs_inode.c
+@@ -540,8 +540,7 @@ static struct inode *v9fs_qid_iget(struc
+ unlock_new_inode(inode);
+ return inode;
+ error:
+- unlock_new_inode(inode);
+- iput(inode);
++ iget_failed(inode);
+ return ERR_PTR(retval);
+
+ }
+--- a/fs/9p/vfs_inode_dotl.c
++++ b/fs/9p/vfs_inode_dotl.c
+@@ -149,8 +149,7 @@ static struct inode *v9fs_qid_iget_dotl(
+ unlock_new_inode(inode);
+ return inode;
+ error:
+- unlock_new_inode(inode);
+- iput(inode);
++ iget_failed(inode);
+ return ERR_PTR(retval);
+
+ }
--- /dev/null
+From a84b69cb6e0a41e86bc593904faa6def3b957343 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sat, 4 Jul 2015 16:04:19 -0400
+Subject: 9p: forgetting to cancel request on interrupted zero-copy RPC
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit a84b69cb6e0a41e86bc593904faa6def3b957343 upstream.
+
+If we'd already sent a request and decide to abort it, we *must*
+issue TFLUSH properly and not just blindly reuse the tag, or
+we'll get seriously screwed when response eventually arrives
+and we confuse it for response to later request that had reused
+the same tag.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/9p/client.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -839,7 +839,8 @@ static struct p9_req_t *p9_client_zc_rpc
+ if (err < 0) {
+ if (err == -EIO)
+ c->status = Disconnected;
+- goto reterr;
++ if (err != -ERESTARTSYS)
++ goto reterr;
+ }
+ if (req->status == REQ_STATUS_ERROR) {
+ p9_debug(P9_DEBUG_ERROR, "req_status error %d\n", req->t_err);
--- /dev/null
+From 8b572a4200828b4e75cc22ed2f494b58d5372d65 Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Sun, 28 Jun 2015 14:18:16 +0100
+Subject: agp/intel: Fix typo in needs_ilk_vtd_wa()
+
+From: Chris Wilson <chris@chris-wilson.co.uk>
+
+commit 8b572a4200828b4e75cc22ed2f494b58d5372d65 upstream.
+
+In needs_ilk_vtd_wa(), we pass in the GPU device but compared it against
+the ids for the mobile GPU and the mobile host bridge. That latter is
+impossible and so likely was just a typo for the desktop GPU device id
+(which is also buggy).
+
+Fixes commit da88a5f7f7d434e2cde1b3e19d952e6d84533662
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Wed Feb 13 09:31:53 2013 +0000
+
+ drm/i915: Disable WC PTE updates to w/a buggy IOMMU on ILK
+
+Reported-by: Ting-Wei Lan <lantw44@gmail.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91127
+References: https://bugzilla.freedesktop.org/show_bug.cgi?id=60391
+Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/agp/intel-gtt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/agp/intel-gtt.c
++++ b/drivers/char/agp/intel-gtt.c
+@@ -586,7 +586,7 @@ static inline int needs_ilk_vtd_wa(void)
+ /* Query intel_iommu to see if we need the workaround. Presumably that
+ * was loaded first.
+ */
+- if ((gpu_devid == PCI_DEVICE_ID_INTEL_IRONLAKE_M_HB ||
++ if ((gpu_devid == PCI_DEVICE_ID_INTEL_IRONLAKE_D_IG ||
+ gpu_devid == PCI_DEVICE_ID_INTEL_IRONLAKE_M_IG) &&
+ intel_iommu_gfx_mapped)
+ return 1;
--- /dev/null
+From fd28f5d439fca77348c129d5b73043a56f8a0296 Mon Sep 17 00:00:00 2001
+From: Christoffer Dall <christoffer.dall@linaro.org>
+Date: Wed, 1 Jul 2015 14:08:31 +0200
+Subject: arm64: Don't report clear pmds and puds as huge
+
+From: Christoffer Dall <christoffer.dall@linaro.org>
+
+commit fd28f5d439fca77348c129d5b73043a56f8a0296 upstream.
+
+The current pmd_huge() and pud_huge() functions simply check if the table
+bit is not set and reports the entries as huge in that case. This is
+counter-intuitive as a clear pmd/pud cannot also be a huge pmd/pud, and
+it is inconsistent with at least arm and x86.
+
+To prevent others from making the same mistake as me in looking at code
+that calls these functions and to fix an issue with KVM on arm64 that
+causes memory corruption due to incorrect page reference counting
+resulting from this mistake, let's change the behavior.
+
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Reviewed-by: Steve Capper <steve.capper@linaro.org>
+Acked-by: Marc Zyngier <marc.zyngier@arm.com>
+Fixes: 084bd29810a5 ("ARM64: mm: HugeTLB support.")
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/mm/hugetlbpage.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/mm/hugetlbpage.c
++++ b/arch/arm64/mm/hugetlbpage.c
+@@ -46,13 +46,13 @@ struct page *follow_huge_addr(struct mm_
+
+ int pmd_huge(pmd_t pmd)
+ {
+- return !(pmd_val(pmd) & PMD_TABLE_BIT);
++ return pmd_val(pmd) && !(pmd_val(pmd) & PMD_TABLE_BIT);
+ }
+
+ int pud_huge(pud_t pud)
+ {
+ #ifndef __PAGETABLE_PMD_FOLDED
+- return !(pud_val(pud) & PUD_TABLE_BIT);
++ return pud_val(pud) && !(pud_val(pud) & PUD_TABLE_BIT);
+ #else
+ return 0;
+ #endif
--- /dev/null
+From 6f957724b94cb19f5c1c97efd01dd4df8ced323c Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu, 9 Jul 2015 11:20:01 -0700
+Subject: Fix firmware loader uevent buffer NULL pointer dereference
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 6f957724b94cb19f5c1c97efd01dd4df8ced323c upstream.
+
+The firmware class uevent function accessed the "fw_priv->buf" buffer
+without the proper locking and testing for NULL. This is an old bug
+(looks like it goes back to 2012 and commit 1244691c73b2: "firmware
+loader: introduce firmware_buf"), but for some reason it's triggering
+only now in 4.2-rc1.
+
+Shuah Khan is trying to bisect what it is that causes this to trigger
+more easily, but in the meantime let's just fix the bug since others are
+hitting it too (at least Ingo reports having seen it as well).
+
+Reported-and-tested-by: Shuah Khan <shuahkh@osg.samsung.com>
+Acked-by: Ming Lei <ming.lei@canonical.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/firmware_class.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/drivers/base/firmware_class.c
++++ b/drivers/base/firmware_class.c
+@@ -544,10 +544,8 @@ static void fw_dev_release(struct device
+ kfree(fw_priv);
+ }
+
+-static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
++static int do_firmware_uevent(struct firmware_priv *fw_priv, struct kobj_uevent_env *env)
+ {
+- struct firmware_priv *fw_priv = to_firmware_priv(dev);
+-
+ if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
+ return -ENOMEM;
+ if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
+@@ -558,6 +556,18 @@ static int firmware_uevent(struct device
+ return 0;
+ }
+
++static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
++{
++ struct firmware_priv *fw_priv = to_firmware_priv(dev);
++ int err = 0;
++
++ mutex_lock(&fw_lock);
++ if (fw_priv->buf)
++ err = do_firmware_uevent(fw_priv, env);
++ mutex_unlock(&fw_lock);
++ return err;
++}
++
+ static struct class firmware_class = {
+ .name = "firmware",
+ .class_attrs = firmware_class_attrs,
--- /dev/null
+From e8d975e73e5fa05f983fbf2723120edcf68e0b38 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Fri, 15 May 2015 11:45:31 -0400
+Subject: fixing infinite OPEN loop in 4.0 stateid recovery
+
+From: Olga Kornievskaia <kolga@netapp.com>
+
+commit e8d975e73e5fa05f983fbf2723120edcf68e0b38 upstream.
+
+Problem: When an operation like WRITE receives a BAD_STATEID, even though
+recovery code clears the RECLAIM_NOGRACE recovery flag before recovering
+the open state, because of clearing delegation state for the associated
+inode, nfs_inode_find_state_and_recover() gets called and it makes the
+same state with RECLAIM_NOGRACE flag again. As a results, when we restart
+looking over the open states, we end up in the infinite loop instead of
+breaking out in the next test of state flags.
+
+Solution: unset the RECLAIM_NOGRACE set because of
+calling of nfs_inode_find_state_and_recover() after returning from calling
+recover_open() function.
+
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4state.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/nfs/nfs4state.c
++++ b/fs/nfs/nfs4state.c
+@@ -1482,6 +1482,8 @@ restart:
+ spin_unlock(&state->state_lock);
+ }
+ nfs4_put_open_state(state);
++ clear_bit(NFS4CLNT_RECLAIM_NOGRACE,
++ &state->flags);
+ spin_lock(&sp->so_lock);
+ goto restart;
+ }
--- /dev/null
+From a28e4b2b18ccb90df402da3f21e1a83c9d4f8ec1 Mon Sep 17 00:00:00 2001
+From: Joe Perches <joe@perches.com>
+Date: Thu, 26 Mar 2015 20:47:10 -0700
+Subject: hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead
+
+From: Joe Perches <joe@perches.com>
+
+commit a28e4b2b18ccb90df402da3f21e1a83c9d4f8ec1 upstream.
+
+Removing unnecessary static buffers is good.
+Use the vsprintf %pV extension instead.
+
+Signed-off-by: Joe Perches <joe@perches.com>
+Signed-off-by: Mikulas Patocka <mikulas@twibright.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/hpfs/super.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/fs/hpfs/super.c
++++ b/fs/hpfs/super.c
+@@ -52,17 +52,20 @@ static void unmark_dirty(struct super_bl
+ }
+
+ /* Filesystem error... */
+-static char err_buf[1024];
+-
+ void hpfs_error(struct super_block *s, const char *fmt, ...)
+ {
++ struct va_format vaf;
+ va_list args;
+
+ va_start(args, fmt);
+- vsnprintf(err_buf, sizeof(err_buf), fmt, args);
++
++ vaf.fmt = fmt;
++ vaf.va = &args;
++
++ pr_err("filesystem error: %pV", &vaf);
++
+ va_end(args);
+
+- printk("HPFS: filesystem error: %s", err_buf);
+ if (!hpfs_sb(s)->sb_was_error) {
+ if (hpfs_sb(s)->sb_err == 2) {
+ printk("; crashing the system because you wanted it\n");
--- /dev/null
+From ed9244e6c534612d2b5ae47feab2f55a0d4b4ced Mon Sep 17 00:00:00 2001
+From: Nicholas Mc Guire <hofrat@osadl.org>
+Date: Thu, 7 May 2015 14:47:50 +0200
+Subject: MIPS: KVM: Do not sign extend on unsigned MMIO load
+
+From: Nicholas Mc Guire <hofrat@osadl.org>
+
+commit ed9244e6c534612d2b5ae47feab2f55a0d4b4ced upstream.
+
+Fix possible unintended sign extension in unsigned MMIO loads by casting
+to uint16_t in the case of mmio_needed != 2.
+
+Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
+Reviewed-by: James Hogan <james.hogan@imgtec.com>
+Tested-by: James Hogan <james.hogan@imgtec.com>
+Cc: Gleb Natapov <gleb@kernel.org>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: kvm@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/9985/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kvm/kvm_mips_emul.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/kvm/kvm_mips_emul.c
++++ b/arch/mips/kvm/kvm_mips_emul.c
+@@ -1626,7 +1626,7 @@ kvm_mips_complete_mmio_load(struct kvm_v
+ if (vcpu->mmio_needed == 2)
+ *gpr = *(int16_t *) run->mmio.data;
+ else
+- *gpr = *(int16_t *) run->mmio.data;
++ *gpr = *(uint16_t *)run->mmio.data;
+
+ break;
+ case 1:
--- /dev/null
+From 764ad8ba8cd4c6f836fca9378f8c5121aece0842 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@poochiereds.net>
+Date: Tue, 9 Jun 2015 19:43:56 -0400
+Subject: nfs: increase size of EXCHANGE_ID name string buffer
+
+From: Jeff Layton <jlayton@poochiereds.net>
+
+commit 764ad8ba8cd4c6f836fca9378f8c5121aece0842 upstream.
+
+The current buffer is much too small if you have a relatively long
+hostname. Bring it up to the size of the one that SETCLIENTID has.
+
+Reported-by: Michael Skralivetsky <michael.skralivetsky@primarydata.com>
+Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/nfs_xdr.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/nfs_xdr.h
++++ b/include/linux/nfs_xdr.h
+@@ -1155,7 +1155,7 @@ struct nfs41_state_protection {
+ struct nfs4_op_map allow;
+ };
+
+-#define NFS4_EXCHANGE_ID_LEN (48)
++#define NFS4_EXCHANGE_ID_LEN (127)
+ struct nfs41_exchange_id_args {
+ struct nfs_client *client;
+ nfs4_verifier *verifier;
--- /dev/null
+From ef86cb2059a14b4024c7320999ee58e938873032 Mon Sep 17 00:00:00 2001
+From: Chad Dupuis <chad.dupuis@qlogic.com>
+Date: Thu, 25 Sep 2014 05:17:01 -0400
+Subject: qla2xxx: Mark port lost when we receive an RSCN for it.
+
+From: Chad Dupuis <chad.dupuis@qlogic.com>
+
+commit ef86cb2059a14b4024c7320999ee58e938873032 upstream.
+
+Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com>
+Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Cc: Himanshu Madhani <himanshu.madhani@qlogic.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_isr.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/qla2xxx/qla_isr.c
++++ b/drivers/scsi/qla2xxx/qla_isr.c
+@@ -572,8 +572,9 @@ qla2x00_async_event(scsi_qla_host_t *vha
+ struct device_reg_2xxx __iomem *reg = &ha->iobase->isp;
+ struct device_reg_24xx __iomem *reg24 = &ha->iobase->isp24;
+ struct device_reg_82xx __iomem *reg82 = &ha->iobase->isp82;
+- uint32_t rscn_entry, host_pid;
++ uint32_t rscn_entry, host_pid, tmp_pid;
+ unsigned long flags;
++ fc_port_t *fcport = NULL;
+
+ /* Setup to process RIO completion. */
+ handle_cnt = 0;
+@@ -968,6 +969,20 @@ skip_rio:
+ if (qla2x00_is_a_vp_did(vha, rscn_entry))
+ break;
+
++ /*
++ * Search for the rport related to this RSCN entry and mark it
++ * as lost.
++ */
++ list_for_each_entry(fcport, &vha->vp_fcports, list) {
++ if (atomic_read(&fcport->state) != FCS_ONLINE)
++ continue;
++ tmp_pid = fcport->d_id.b24;
++ if (fcport->d_id.b24 == rscn_entry) {
++ qla2x00_mark_device_lost(vha, fcport, 0, 0);
++ break;
++ }
++ }
++
+ atomic_set(&vha->loop_down_timer, 0);
+ vha->flags.management_server_logged_in = 0;
+
--- /dev/null
+From 5a60e87603c4c533492c515b7f62578189b03c9c Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Wed, 24 Jun 2015 17:24:33 +0300
+Subject: rbd: use GFP_NOIO in rbd_obj_request_create()
+
+From: Ilya Dryomov <idryomov@gmail.com>
+
+commit 5a60e87603c4c533492c515b7f62578189b03c9c upstream.
+
+rbd_obj_request_create() is called on the main I/O path, so we need to
+use GFP_NOIO to make sure allocation doesn't blow back on us. Not all
+callers need this, but I'm still hardcoding the flag inside rather than
+making it a parameter because a) this is going to stable, and b) those
+callers shouldn't really use rbd_obj_request_create() and will be fixed
+in the future.
+
+More memory allocation fixes will follow.
+
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Reviewed-by: Alex Elder <elder@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/rbd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/block/rbd.c
++++ b/drivers/block/rbd.c
+@@ -1826,11 +1826,11 @@ static struct rbd_obj_request *rbd_obj_r
+ rbd_assert(obj_request_type_valid(type));
+
+ size = strlen(object_name) + 1;
+- name = kmalloc(size, GFP_KERNEL);
++ name = kmalloc(size, GFP_NOIO);
+ if (!name)
+ return NULL;
+
+- obj_request = kmem_cache_zalloc(rbd_obj_request_cache, GFP_KERNEL);
++ obj_request = kmem_cache_zalloc(rbd_obj_request_cache, GFP_NOIO);
+ if (!obj_request) {
+ kfree(name);
+ return NULL;
of-return-numa_no_node-from-fallback-of_node_to_nid.patch
watchdog-omap-assert-the-counter-being-stopped-before-reprogramming.patch
nfs-fix-size-of-nfsacl-setacl-operations.patch
+fixing-infinite-open-loop-in-4.0-stateid-recovery.patch
+nfs-increase-size-of-exchange_id-name-string-buffer.patch
+sunrpc-fix-a-memory-leak-in-the-backchannel-code.patch
+9p-forgetting-to-cancel-request-on-interrupted-zero-copy-rpc.patch
+9p-don-t-leave-a-half-initialized-inode-sitting-around.patch
+rbd-use-gfp_noio-in-rbd_obj_request_create.patch
+agp-intel-fix-typo-in-needs_ilk_vtd_wa.patch
+arm64-don-t-report-clear-pmds-and-puds-as-huge.patch
+hpfs-hpfs_error-remove-static-buffer-use-vsprintf-extension-pv-instead.patch
+fix-firmware-loader-uevent-buffer-null-pointer-dereference.patch
+qla2xxx-mark-port-lost-when-we-receive-an-rscn-for-it.patch
+mips-kvm-do-not-sign-extend-on-unsigned-mmio-load.patch
--- /dev/null
+From 88de6af24f2b48b06c514d3c3d0a8f22fafe30bd Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+Date: Mon, 1 Jun 2015 15:10:25 -0400
+Subject: SUNRPC: Fix a memory leak in the backchannel code
+
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+
+commit 88de6af24f2b48b06c514d3c3d0a8f22fafe30bd upstream.
+
+req->rq_private_buf isn't initialised when xprt_setup_backchannel calls
+xprt_free_allocation.
+
+Fixes: fb7a0b9addbdb ("nfs41: New backchannel helper routines")
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/backchannel_rqst.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sunrpc/backchannel_rqst.c
++++ b/net/sunrpc/backchannel_rqst.c
+@@ -60,7 +60,7 @@ static void xprt_free_allocation(struct
+
+ dprintk("RPC: free allocations for req= %p\n", req);
+ WARN_ON_ONCE(test_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state));
+- xbufp = &req->rq_private_buf;
++ xbufp = &req->rq_rcv_buf;
+ free_page((unsigned long)xbufp->head[0].iov_base);
+ xbufp = &req->rq_snd_buf;
+ free_page((unsigned long)xbufp->head[0].iov_base);
projects / thirdparty / kernel / stable-queue.git / commitdiff
