--- /dev/null
+From a81157768a00e8cf8a7b43b5ea5cac931262374f Mon Sep 17 00:00:00 2001
+From: Eric Work <work.eric@gmail.com>
+Date: Mon, 18 May 2015 23:26:23 -0700
+Subject: md/raid0: fix restore to sector variable in raid0_make_request
+
+From: Eric Work <work.eric@gmail.com>
+
+commit a81157768a00e8cf8a7b43b5ea5cac931262374f upstream.
+
+The variable "sector" in "raid0_make_request()" was improperly updated
+by a call to "sector_div()" which modifies its first argument in place.
+Commit 47d68979cc968535cb87f3e5f2e6a3533ea48fbd restored this variable
+after the call for later re-use. Unfortunetly the restore was done after
+the referenced variable "bio" was advanced. This lead to the original
+value and the restored value being different. Here we move this line to
+the proper place.
+
+One observed side effect of this bug was discarding a file though
+unlinking would cause an unrelated file's contents to be discarded.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Fixes: 47d68979cc96 ("md/raid0: fix bug with chunksize not a power of 2.")
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=98501
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid0.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/md/raid0.c
++++ b/drivers/md/raid0.c
+@@ -531,6 +531,9 @@ static void raid0_make_request(struct md
+ ? (sector & (chunk_sects-1))
+ : sector_div(sector, chunk_sects));
+
++ /* Restore due to sector_div */
++ sector = bio->bi_iter.bi_sector;
++
+ if (sectors < bio_sectors(bio)) {
+ split = bio_split(bio, sectors, GFP_NOIO, fs_bio_set);
+ bio_chain(split, bio);
+@@ -538,7 +541,6 @@ static void raid0_make_request(struct md
+ split = bio;
+ }
+
+- sector = bio->bi_iter.bi_sector;
+ zone = find_zone(mddev->private, §or);
+ tmp_dev = map_sector(mddev, zone, sector, §or);
+ split->bi_bdev = tmp_dev->bdev;
--- /dev/null
+From 6e9eac2dcee5e19f125967dd2be3e36558c42fff Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Fri, 8 May 2015 18:19:34 +1000
+Subject: md/raid5: don't record new size if resize_stripes fails.
+
+From: NeilBrown <neilb@suse.de>
+
+commit 6e9eac2dcee5e19f125967dd2be3e36558c42fff upstream.
+
+If any memory allocation in resize_stripes fails we will return
+-ENOMEM, but in some cases we update conf->pool_size anyway.
+
+This means that if we try again, the allocations will be assumed
+to be larger than they are, and badness results.
+
+So only update pool_size if there is no error.
+
+This bug was introduced in 2.6.17 and the patch is suitable for
+-stable.
+
+Fixes: ad01c9e3752f ("[PATCH] md: Allow stripes to be expanded in preparation for expanding an array")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid5.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -1914,7 +1914,8 @@ static int resize_stripes(struct r5conf
+
+ conf->slab_cache = sc;
+ conf->active_name = 1-conf->active_name;
+- conf->pool_size = newsize;
++ if (!err)
++ conf->pool_size = newsize;
+ return err;
+ }
+
arm-fix-missing-syscall-trace-exit.patch
tools-vm-fix-page-flags-build.patch
mm-numa-really-disable-numa-balancing-by-default-on-single-node-machines.patch
+svcrpc-fix-potential-gssx_accept_sec_context-decoding-failures.patch
+thermal-step_wise-revert-optimization.patch
+md-raid5-don-t-record-new-size-if-resize_stripes-fails.patch
+md-raid0-fix-restore-to-sector-variable-in-raid0_make_request.patch
--- /dev/null
+From 9507271d960a1911a51683888837d75c171cd91f Mon Sep 17 00:00:00 2001
+From: Scott Mayhew <smayhew@redhat.com>
+Date: Tue, 28 Apr 2015 16:29:53 -0400
+Subject: svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures
+
+From: Scott Mayhew <smayhew@redhat.com>
+
+commit 9507271d960a1911a51683888837d75c171cd91f upstream.
+
+In an environment where the KDC is running Active Directory, the
+exported composite name field returned in the context could be large
+enough to span a page boundary. Attaching a scratch buffer to the
+decoding xdr_stream helps deal with those cases.
+
+The case where we saw this was actually due to behavior that's been
+fixed in newer gss-proxy versions, but we're fixing it here too.
+
+Signed-off-by: Scott Mayhew <smayhew@redhat.com>
+Reviewed-by: Simo Sorce <simo@redhat.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/auth_gss/gss_rpc_xdr.c | 23 ++++++++++++++++-------
+ 1 file changed, 16 insertions(+), 7 deletions(-)
+
+--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
++++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
+@@ -793,20 +793,26 @@ int gssx_dec_accept_sec_context(struct r
+ {
+ u32 value_follows;
+ int err;
++ struct page *scratch;
++
++ scratch = alloc_page(GFP_KERNEL);
++ if (!scratch)
++ return -ENOMEM;
++ xdr_set_scratch_buffer(xdr, page_address(scratch), PAGE_SIZE);
+
+ /* res->status */
+ err = gssx_dec_status(xdr, &res->status);
+ if (err)
+- return err;
++ goto out_free;
+
+ /* res->context_handle */
+ err = gssx_dec_bool(xdr, &value_follows);
+ if (err)
+- return err;
++ goto out_free;
+ if (value_follows) {
+ err = gssx_dec_ctx(xdr, res->context_handle);
+ if (err)
+- return err;
++ goto out_free;
+ } else {
+ res->context_handle = NULL;
+ }
+@@ -814,11 +820,11 @@ int gssx_dec_accept_sec_context(struct r
+ /* res->output_token */
+ err = gssx_dec_bool(xdr, &value_follows);
+ if (err)
+- return err;
++ goto out_free;
+ if (value_follows) {
+ err = gssx_dec_buffer(xdr, res->output_token);
+ if (err)
+- return err;
++ goto out_free;
+ } else {
+ res->output_token = NULL;
+ }
+@@ -826,14 +832,17 @@ int gssx_dec_accept_sec_context(struct r
+ /* res->delegated_cred_handle */
+ err = gssx_dec_bool(xdr, &value_follows);
+ if (err)
+- return err;
++ goto out_free;
+ if (value_follows) {
+ /* we do not support upcall servers sending this data. */
+- return -EINVAL;
++ err = -EINVAL;
++ goto out_free;
+ }
+
+ /* res->options */
+ err = gssx_dec_option_array(xdr, &res->options);
+
++out_free:
++ __free_page(scratch);
+ return err;
+ }
--- /dev/null
+From jdelvare@suse.de Wed Jun 3 14:21:51 2015
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Apr 2015 11:21:13 +0200
+Subject: thermal: step_wise: Revert optimization
+To: stable <stable@vger.kernel.org>
+Cc: Shawn Guo <shawn.guo@linaro.org>, Eduardo Valentin <eduardo.valentin@ti.com>, Zhang Rui <rui.zhang@intel.com>, Borislav Petkov <bpetkov@suse.de>
+Message-ID: <1429521673.4305.12.camel@chaos.site>
+
+From: Jean Delvare <jdelvare@suse.de>
+
+Commit 178c2490b99f898efc06d1ad75cadc84f13021a6 ("thermal: step_wise:
+cdev only needs update on a new target state") broke driver acerhdf.
+That driver abused the step_wise thermal governor until the bang_bang
+governor was available, and the optimization broke this usage model.
+
+Kernels v3.12 to v3.18 are affected. In v3.19 the acerhdf driver was
+switched to the bang_bang governor and that solved the problem.
+
+For kernels v3.12 to v3.17, the bang_bang governor isn't available
+yet so the easiest fix is to revert the optimization.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reported-by: Dieter Jurzitza (https://bugzilla.opensuse.org/show_bug.cgi?id=925961)
+Tested-by: Peter Feuerer <peter@piie.net>
+Tested-by: Dieter Jurzitza
+---
+Please consider this patch for stable kernel branches from v3.12 to v3.17.
+
+If anyone cares about v3.18, I think a better fix would be to backport
+commit 48c8dd64345ba2a8c41556095c7adacb1c8af7c1 ("acerhdf: Use bang-bang
+thermal governor") but it's too big for stable, so it's left to
+distributions. So maybe this fix should make it into v3.18 stable as
+well - I'll let whoever maintains that branch decide.
+
+ drivers/thermal/step_wise.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/thermal/step_wise.c
++++ b/drivers/thermal/step_wise.c
+@@ -146,9 +146,6 @@ static void thermal_zone_trip_update(str
+ dev_dbg(&instance->cdev->device, "old_target=%d, target=%d\n",
+ old_target, (int)instance->target);
+
+- if (old_target == instance->target)
+- continue;
+-
+ /* Activate a passive thermal instance */
+ if (old_target == THERMAL_NO_TARGET &&
+ instance->target != THERMAL_NO_TARGET)
projects / thirdparty / kernel / stable-queue.git / commitdiff
