--- /dev/null
+From 24d5373dda7c00a438d26016bce140299fae675e Mon Sep 17 00:00:00 2001
+From: Julien Grall <julien.grall@arm.com>
+Date: Wed, 7 Dec 2016 12:24:40 +0000
+Subject: arm/xen: Use alloc_percpu rather than __alloc_percpu
+
+From: Julien Grall <julien.grall@arm.com>
+
+commit 24d5373dda7c00a438d26016bce140299fae675e upstream.
+
+The function xen_guest_init is using __alloc_percpu with an alignment
+which are not power of two.
+
+However, the percpu allocator never supported alignments which are not power
+of two and has always behaved incorectly in thise case.
+
+Commit 3ca45a4 "percpu: ensure requested alignment is power of two"
+introduced a check which trigger a warning [1] when booting linux-next
+on Xen. But in reality this bug was always present.
+
+This can be fixed by replacing the call to __alloc_percpu with
+alloc_percpu. The latter will use an alignment which are a power of two.
+
+[1]
+
+[ 0.023921] illegal size (48) or align (48) for percpu allocation
+[ 0.024167] ------------[ cut here ]------------
+[ 0.024344] WARNING: CPU: 0 PID: 1 at linux/mm/percpu.c:892 pcpu_alloc+0x88/0x6c0
+[ 0.024584] Modules linked in:
+[ 0.024708]
+[ 0.024804] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
+4.9.0-rc7-next-20161128 #473
+[ 0.025012] Hardware name: Foundation-v8A (DT)
+[ 0.025162] task: ffff80003d870000 task.stack: ffff80003d844000
+[ 0.025351] PC is at pcpu_alloc+0x88/0x6c0
+[ 0.025490] LR is at pcpu_alloc+0x88/0x6c0
+[ 0.025624] pc : [<ffff00000818e678>] lr : [<ffff00000818e678>]
+pstate: 60000045
+[ 0.025830] sp : ffff80003d847cd0
+[ 0.025946] x29: ffff80003d847cd0 x28: 0000000000000000
+[ 0.026147] x27: 0000000000000000 x26: 0000000000000000
+[ 0.026348] x25: 0000000000000000 x24: 0000000000000000
+[ 0.026549] x23: 0000000000000000 x22: 00000000024000c0
+[ 0.026752] x21: ffff000008e97000 x20: 0000000000000000
+[ 0.026953] x19: 0000000000000030 x18: 0000000000000010
+[ 0.027155] x17: 0000000000000a3f x16: 00000000deadbeef
+[ 0.027357] x15: 0000000000000006 x14: ffff000088f79c3f
+[ 0.027573] x13: ffff000008f79c4d x12: 0000000000000041
+[ 0.027782] x11: 0000000000000006 x10: 0000000000000042
+[ 0.027995] x9 : ffff80003d847a40 x8 : 6f697461636f6c6c
+[ 0.028208] x7 : 6120757063726570 x6 : ffff000008f79c84
+[ 0.028419] x5 : 0000000000000005 x4 : 0000000000000000
+[ 0.028628] x3 : 0000000000000000 x2 : 000000000000017f
+[ 0.028840] x1 : ffff80003d870000 x0 : 0000000000000035
+[ 0.029056]
+[ 0.029152] ---[ end trace 0000000000000000 ]---
+[ 0.029297] Call trace:
+[ 0.029403] Exception stack(0xffff80003d847b00 to
+ 0xffff80003d847c30)
+[ 0.029621] 7b00: 0000000000000030 0001000000000000
+ffff80003d847cd0 ffff00000818e678
+[ 0.029901] 7b20: 0000000000000002 0000000000000004
+ffff000008f7c060 0000000000000035
+[ 0.030153] 7b40: ffff000008f79000 ffff000008c4cd88
+ffff80003d847bf0 ffff000008101778
+[ 0.030402] 7b60: 0000000000000030 0000000000000000
+ffff000008e97000 00000000024000c0
+[ 0.030647] 7b80: 0000000000000000 0000000000000000
+0000000000000000 0000000000000000
+[ 0.030895] 7ba0: 0000000000000035 ffff80003d870000
+000000000000017f 0000000000000000
+[ 0.031144] 7bc0: 0000000000000000 0000000000000005
+ffff000008f79c84 6120757063726570
+[ 0.031394] 7be0: 6f697461636f6c6c ffff80003d847a40
+0000000000000042 0000000000000006
+[ 0.031643] 7c00: 0000000000000041 ffff000008f79c4d
+ffff000088f79c3f 0000000000000006
+[ 0.031877] 7c20: 00000000deadbeef 0000000000000a3f
+[ 0.032051] [<ffff00000818e678>] pcpu_alloc+0x88/0x6c0
+[ 0.032229] [<ffff00000818ece8>] __alloc_percpu+0x18/0x20
+[ 0.032409] [<ffff000008d9606c>] xen_guest_init+0x174/0x2f4
+[ 0.032591] [<ffff0000080830f8>] do_one_initcall+0x38/0x130
+[ 0.032783] [<ffff000008d90c34>] kernel_init_freeable+0xe0/0x248
+[ 0.032995] [<ffff00000899a890>] kernel_init+0x10/0x100
+[ 0.033172] [<ffff000008082ec0>] ret_from_fork+0x10/0x50
+
+Reported-by: Wei Chen <wei.chen@arm.com>
+Link: https://lkml.org/lkml/2016/11/28/669
+Signed-off-by: Julien Grall <julien.grall@arm.com>
+Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
+Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/xen/enlighten.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/arm/xen/enlighten.c
++++ b/arch/arm/xen/enlighten.c
+@@ -239,8 +239,7 @@ static int __init xen_guest_init(void)
+ * for secondary CPUs as they are brought up.
+ * For uniformity we use VCPUOP_register_vcpu_info even on cpu0.
+ */
+- xen_vcpu_info = __alloc_percpu(sizeof(struct vcpu_info),
+- sizeof(struct vcpu_info));
++ xen_vcpu_info = alloc_percpu(struct vcpu_info);
+ if (xen_vcpu_info == NULL)
+ return -ENOMEM;
+
--- /dev/null
+From 53e0e11efe9289535b060a51d4cf37c25e0d0f2b Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <pshilov@microsoft.com>
+Date: Fri, 4 Nov 2016 11:50:31 -0700
+Subject: CIFS: Fix a possible memory corruption during reconnect
+
+From: Pavel Shilovsky <pshilov@microsoft.com>
+
+commit 53e0e11efe9289535b060a51d4cf37c25e0d0f2b upstream.
+
+We can not unlock/lock cifs_tcp_ses_lock while walking through ses
+and tcon lists because it can corrupt list iterator pointers and
+a tcon structure can be released if we don't hold an extra reference.
+Fix it by moving a reconnect process to a separate delayed work
+and acquiring a reference to every tcon that needs to be reconnected.
+Also do not send an echo request on newly established connections.
+
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifsglob.h | 3 ++
+ fs/cifs/cifsproto.h | 3 ++
+ fs/cifs/connect.c | 34 ++++++++++++++++++-----
+ fs/cifs/smb2pdu.c | 75 +++++++++++++++++++++++++++++++++++-----------------
+ fs/cifs/smb2proto.h | 1
+ 5 files changed, 85 insertions(+), 31 deletions(-)
+
+--- a/fs/cifs/cifsglob.h
++++ b/fs/cifs/cifsglob.h
+@@ -627,6 +627,8 @@ struct TCP_Server_Info {
+ #ifdef CONFIG_CIFS_SMB2
+ unsigned int max_read;
+ unsigned int max_write;
++ struct delayed_work reconnect; /* reconnect workqueue job */
++ struct mutex reconnect_mutex; /* prevent simultaneous reconnects */
+ #endif /* CONFIG_CIFS_SMB2 */
+ };
+
+@@ -826,6 +828,7 @@ cap_unix(struct cifs_ses *ses)
+ struct cifs_tcon {
+ struct list_head tcon_list;
+ int tc_count;
++ struct list_head rlist; /* reconnect list */
+ struct list_head openFileList;
+ spinlock_t open_file_lock; /* protects list above */
+ struct cifs_ses *ses; /* pointer to session associated with */
+--- a/fs/cifs/cifsproto.h
++++ b/fs/cifs/cifsproto.h
+@@ -205,6 +205,9 @@ extern void cifs_add_pending_open_locked
+ struct tcon_link *tlink,
+ struct cifs_pending_open *open);
+ extern void cifs_del_pending_open(struct cifs_pending_open *open);
++extern void cifs_put_tcp_session(struct TCP_Server_Info *server,
++ int from_reconnect);
++extern void cifs_put_tcon(struct cifs_tcon *tcon);
+
+ #if IS_ENABLED(CONFIG_CIFS_DFS_UPCALL)
+ extern void cifs_dfs_release_automount_timer(void);
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -52,6 +52,9 @@
+ #include "nterr.h"
+ #include "rfc1002pdu.h"
+ #include "fscache.h"
++#ifdef CONFIG_CIFS_SMB2
++#include "smb2proto.h"
++#endif
+
+ #define CIFS_PORT 445
+ #define RFC1001_PORT 139
+@@ -2113,8 +2116,8 @@ cifs_find_tcp_session(struct smb_vol *vo
+ return NULL;
+ }
+
+-static void
+-cifs_put_tcp_session(struct TCP_Server_Info *server)
++void
++cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect)
+ {
+ struct task_struct *task;
+
+@@ -2131,6 +2134,19 @@ cifs_put_tcp_session(struct TCP_Server_I
+
+ cancel_delayed_work_sync(&server->echo);
+
++#ifdef CONFIG_CIFS_SMB2
++ if (from_reconnect)
++ /*
++ * Avoid deadlock here: reconnect work calls
++ * cifs_put_tcp_session() at its end. Need to be sure
++ * that reconnect work does nothing with server pointer after
++ * that step.
++ */
++ cancel_delayed_work(&server->reconnect);
++ else
++ cancel_delayed_work_sync(&server->reconnect);
++#endif
++
+ spin_lock(&GlobalMid_Lock);
+ server->tcpStatus = CifsExiting;
+ spin_unlock(&GlobalMid_Lock);
+@@ -2195,6 +2211,10 @@ cifs_get_tcp_session(struct smb_vol *vol
+ INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
+ INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
+ INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
++#ifdef CONFIG_CIFS_SMB2
++ INIT_DELAYED_WORK(&tcp_ses->reconnect, smb2_reconnect_server);
++ mutex_init(&tcp_ses->reconnect_mutex);
++#endif
+ memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
+ sizeof(tcp_ses->srcaddr));
+ memcpy(&tcp_ses->dstaddr, &volume_info->dstaddr,
+@@ -2347,7 +2367,7 @@ cifs_put_smb_ses(struct cifs_ses *ses)
+ spin_unlock(&cifs_tcp_ses_lock);
+
+ sesInfoFree(ses);
+- cifs_put_tcp_session(server);
++ cifs_put_tcp_session(server, 0);
+ }
+
+ #ifdef CONFIG_KEYS
+@@ -2521,7 +2541,7 @@ cifs_get_smb_ses(struct TCP_Server_Info
+ mutex_unlock(&ses->session_mutex);
+
+ /* existing SMB ses has a server reference already */
+- cifs_put_tcp_session(server);
++ cifs_put_tcp_session(server, 0);
+ free_xid(xid);
+ return ses;
+ }
+@@ -2611,7 +2631,7 @@ cifs_find_tcon(struct cifs_ses *ses, con
+ return NULL;
+ }
+
+-static void
++void
+ cifs_put_tcon(struct cifs_tcon *tcon)
+ {
+ unsigned int xid;
+@@ -3767,7 +3787,7 @@ mount_fail_check:
+ else if (ses)
+ cifs_put_smb_ses(ses);
+ else
+- cifs_put_tcp_session(server);
++ cifs_put_tcp_session(server, 0);
+ bdi_destroy(&cifs_sb->bdi);
+ }
+
+@@ -4078,7 +4098,7 @@ cifs_construct_tcon(struct cifs_sb_info
+ ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
+ if (IS_ERR(ses)) {
+ tcon = (struct cifs_tcon *)ses;
+- cifs_put_tcp_session(master_tcon->ses->server);
++ cifs_put_tcp_session(master_tcon->ses->server, 0);
+ goto out;
+ }
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1822,6 +1822,54 @@ smb2_echo_callback(struct mid_q_entry *m
+ add_credits(server, credits_received, CIFS_ECHO_OP);
+ }
+
++void smb2_reconnect_server(struct work_struct *work)
++{
++ struct TCP_Server_Info *server = container_of(work,
++ struct TCP_Server_Info, reconnect.work);
++ struct cifs_ses *ses;
++ struct cifs_tcon *tcon, *tcon2;
++ struct list_head tmp_list;
++ int tcon_exist = false;
++
++ /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
++ mutex_lock(&server->reconnect_mutex);
++
++ INIT_LIST_HEAD(&tmp_list);
++ cifs_dbg(FYI, "Need negotiate, reconnecting tcons\n");
++
++ spin_lock(&cifs_tcp_ses_lock);
++ list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
++ list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
++ if (tcon->need_reconnect) {
++ tcon->tc_count++;
++ list_add_tail(&tcon->rlist, &tmp_list);
++ tcon_exist = true;
++ }
++ }
++ }
++ /*
++ * Get the reference to server struct to be sure that the last call of
++ * cifs_put_tcon() in the loop below won't release the server pointer.
++ */
++ if (tcon_exist)
++ server->srv_count++;
++
++ spin_unlock(&cifs_tcp_ses_lock);
++
++ list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) {
++ smb2_reconnect(SMB2_ECHO, tcon);
++ list_del_init(&tcon->rlist);
++ cifs_put_tcon(tcon);
++ }
++
++ cifs_dbg(FYI, "Reconnecting tcons finished\n");
++ mutex_unlock(&server->reconnect_mutex);
++
++ /* now we can safely release srv struct */
++ if (tcon_exist)
++ cifs_put_tcp_session(server, 1);
++}
++
+ int
+ SMB2_echo(struct TCP_Server_Info *server)
+ {
+@@ -1834,32 +1882,11 @@ SMB2_echo(struct TCP_Server_Info *server
+ cifs_dbg(FYI, "In echo request\n");
+
+ if (server->tcpStatus == CifsNeedNegotiate) {
+- struct list_head *tmp, *tmp2;
+- struct cifs_ses *ses;
+- struct cifs_tcon *tcon;
+-
+- cifs_dbg(FYI, "Need negotiate, reconnecting tcons\n");
+- spin_lock(&cifs_tcp_ses_lock);
+- list_for_each(tmp, &server->smb_ses_list) {
+- ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
+- list_for_each(tmp2, &ses->tcon_list) {
+- tcon = list_entry(tmp2, struct cifs_tcon,
+- tcon_list);
+- /* add check for persistent handle reconnect */
+- if (tcon && tcon->need_reconnect) {
+- spin_unlock(&cifs_tcp_ses_lock);
+- rc = smb2_reconnect(SMB2_ECHO, tcon);
+- spin_lock(&cifs_tcp_ses_lock);
+- }
+- }
+- }
+- spin_unlock(&cifs_tcp_ses_lock);
++ /* No need to send echo on newly established connections */
++ queue_delayed_work(cifsiod_wq, &server->reconnect, 0);
++ return rc;
+ }
+
+- /* if no session, renegotiate failed above */
+- if (server->tcpStatus == CifsNeedNegotiate)
+- return -EIO;
+-
+ rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req);
+ if (rc)
+ return rc;
+--- a/fs/cifs/smb2proto.h
++++ b/fs/cifs/smb2proto.h
+@@ -95,6 +95,7 @@ extern int smb2_open_file(const unsigned
+ extern int smb2_unlock_range(struct cifsFileInfo *cfile,
+ struct file_lock *flock, const unsigned int xid);
+ extern int smb2_push_mandatory_locks(struct cifsFileInfo *cfile);
++extern void smb2_reconnect_server(struct work_struct *work);
+
+ /*
+ * SMB2 Worker functions - most of protocol specific implementation details
--- /dev/null
+From e3d240e9d505fc67f8f8735836df97a794bbd946 Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <pshilov@microsoft.com>
+Date: Tue, 29 Nov 2016 16:14:43 -0800
+Subject: CIFS: Fix a possible memory corruption in push locks
+
+From: Pavel Shilovsky <pshilov@microsoft.com>
+
+commit e3d240e9d505fc67f8f8735836df97a794bbd946 upstream.
+
+If maxBuf is not 0 but less than a size of SMB2 lock structure
+we can end up with a memory corruption.
+
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2file.c
++++ b/fs/cifs/smb2file.c
+@@ -260,7 +260,7 @@ smb2_push_mandatory_locks(struct cifsFil
+ * and check it for zero before using.
+ */
+ max_buf = tlink_tcon(cfile->tlink)->ses->server->maxBuf;
+- if (!max_buf) {
++ if (max_buf < sizeof(struct smb2_lock_element)) {
+ free_xid(xid);
+ return -EINVAL;
+ }
--- /dev/null
+From 4772c79599564bd08ee6682715a7d3516f67433f Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <pshilov@microsoft.com>
+Date: Tue, 29 Nov 2016 11:30:58 -0800
+Subject: CIFS: Fix missing nls unload in smb2_reconnect()
+
+From: Pavel Shilovsky <pshilov@microsoft.com>
+
+commit 4772c79599564bd08ee6682715a7d3516f67433f upstream.
+
+Acked-by: Sachin Prabhu <sprabhu@redhat.com>
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2pdu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -278,7 +278,7 @@ out:
+ case SMB2_CHANGE_NOTIFY:
+ case SMB2_QUERY_INFO:
+ case SMB2_SET_INFO:
+- return -EAGAIN;
++ rc = -EAGAIN;
+ }
+ unload_nls(nls_codepage);
+ return rc;
--- /dev/null
+From 2d13bb6494c807bcf3f78af0e96c0b8615a94385 Mon Sep 17 00:00:00 2001
+From: Douglas Anderson <dianders@chromium.org>
+Date: Wed, 14 Dec 2016 15:05:49 -0800
+Subject: kernel/debug/debug_core.c: more properly delay for secondary CPUs
+
+From: Douglas Anderson <dianders@chromium.org>
+
+commit 2d13bb6494c807bcf3f78af0e96c0b8615a94385 upstream.
+
+We've got a delay loop waiting for secondary CPUs. That loop uses
+loops_per_jiffy. However, loops_per_jiffy doesn't actually mean how
+many tight loops make up a jiffy on all architectures. It is quite
+common to see things like this in the boot log:
+
+ Calibrating delay loop (skipped), value calculated using timer
+ frequency.. 48.00 BogoMIPS (lpj=24000)
+
+In my case I was seeing lots of cases where other CPUs timed out
+entering the debugger only to print their stack crawls shortly after the
+kdb> prompt was written.
+
+Elsewhere in kgdb we already use udelay(), so that should be safe enough
+to use to implement our timeout. We'll delay 1 ms for 1000 times, which
+should give us a full second of delay (just like the old code wanted)
+but allow us to notice that we're done every 1 ms.
+
+[akpm@linux-foundation.org: simplifications, per Daniel]
+Link: http://lkml.kernel.org/r/1477091361-2039-1-git-send-email-dianders@chromium.org
+Signed-off-by: Douglas Anderson <dianders@chromium.org>
+Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
+Cc: Jason Wessel <jason.wessel@windriver.com>
+Cc: Brian Norris <briannorris@chromium.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/debug/debug_core.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/debug/debug_core.c
++++ b/kernel/debug/debug_core.c
+@@ -598,11 +598,11 @@ return_normal:
+ /*
+ * Wait for the other CPUs to be notified and be waiting for us:
+ */
+- time_left = loops_per_jiffy * HZ;
++ time_left = MSEC_PER_SEC;
+ while (kgdb_do_roundup && --time_left &&
+ (atomic_read(&masters_in_kgdb) + atomic_read(&slaves_in_kgdb)) !=
+ online_cpus)
+- cpu_relax();
++ udelay(1000);
+ if (!time_left)
+ pr_crit("Timed out waiting for secondary CPUs.\n");
+
--- /dev/null
+From 4d1f0fb096aedea7bb5489af93498a82e467c480 Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Date: Wed, 14 Dec 2016 15:04:04 -0800
+Subject: kernel/watchdog: use nmi registers snapshot in hardlockup handler
+
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+
+commit 4d1f0fb096aedea7bb5489af93498a82e467c480 upstream.
+
+NMI handler doesn't call set_irq_regs(), it's set only by normal IRQ.
+Thus get_irq_regs() returns NULL or stale registers snapshot with IP/SP
+pointing to the code interrupted by IRQ which was interrupted by NMI.
+NULL isn't a problem: in this case watchdog calls dump_stack() and
+prints full stack trace including NMI. But if we're stuck in IRQ
+handler then NMI watchlog will print stack trace without IRQ part at
+all.
+
+This patch uses registers snapshot passed into NMI handler as arguments:
+these registers point exactly to the instruction interrupted by NMI.
+
+Fixes: 55537871ef66 ("kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup")
+Link: http://lkml.kernel.org/r/146771764784.86724.6006627197118544150.stgit@buzz
+Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Cc: Jiri Kosina <jkosina@suse.cz>
+Cc: Ulrich Obergfell <uobergfe@redhat.com>
+Cc: Aaron Tomlin <atomlin@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/watchdog.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/kernel/watchdog.c
++++ b/kernel/watchdog.c
+@@ -328,7 +328,6 @@ static void watchdog_overflow_callback(s
+ */
+ if (is_hardlockup()) {
+ int this_cpu = smp_processor_id();
+- struct pt_regs *regs = get_irq_regs();
+
+ /* only print hardlockups once */
+ if (__this_cpu_read(hard_watchdog_warn) == true)
dm-crypt-mark-key-as-invalid-until-properly-loaded.patch
dm-space-map-metadata-fix-struct-sm_metadata-leak-on-failed-create.patch
asoc-intel-fix-crash-at-suspend-resume-without-card-registration.patch
+cifs-fix-a-possible-memory-corruption-during-reconnect.patch
+cifs-fix-missing-nls-unload-in-smb2_reconnect.patch
+cifs-fix-a-possible-memory-corruption-in-push-locks.patch
+kernel-watchdog-use-nmi-registers-snapshot-in-hardlockup-handler.patch
+kernel-debug-debug_core.c-more-properly-delay-for-secondary-cpus.patch
+tpm-xen-remove-bogus-tpm_chip_unregister.patch
+xen-gntdev-use-vm_mixedmap-instead-of-vm_io-to-avoid-numa-balancing.patch
+arm-xen-use-alloc_percpu-rather-than-__alloc_percpu.patch
+xfs-set-agi-buffer-type-in-xlog_recover_clear_agi_bucket.patch
--- /dev/null
+From 1f0f30e404b3d8f4597a2d9b77fba55452f8fd0e Mon Sep 17 00:00:00 2001
+From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Date: Wed, 26 Oct 2016 16:28:45 -0600
+Subject: tpm xen: Remove bogus tpm_chip_unregister
+
+From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+
+commit 1f0f30e404b3d8f4597a2d9b77fba55452f8fd0e upstream.
+
+tpm_chip_unregister can only be called after tpm_chip_register.
+devm manages the allocation so no unwind is needed here.
+
+Fixes: afb5abc262e96 ("tpm: two-phase chip management functions")
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/xen-tpmfront.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/char/tpm/xen-tpmfront.c
++++ b/drivers/char/tpm/xen-tpmfront.c
+@@ -305,7 +305,6 @@ static int tpmfront_probe(struct xenbus_
+ rv = setup_ring(dev, priv);
+ if (rv) {
+ chip = dev_get_drvdata(&dev->dev);
+- tpm_chip_unregister(chip);
+ ring_free(priv);
+ return rv;
+ }
--- /dev/null
+From 30faaafdfa0c754c91bac60f216c9f34a2bfdf7e Mon Sep 17 00:00:00 2001
+From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Date: Mon, 21 Nov 2016 09:56:06 -0500
+Subject: xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing
+
+From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+
+commit 30faaafdfa0c754c91bac60f216c9f34a2bfdf7e upstream.
+
+Commit 9c17d96500f7 ("xen/gntdev: Grant maps should not be subject to
+NUMA balancing") set VM_IO flag to prevent grant maps from being
+subjected to NUMA balancing.
+
+It was discovered recently that this flag causes get_user_pages() to
+always fail with -EFAULT.
+
+check_vma_flags
+__get_user_pages
+__get_user_pages_locked
+__get_user_pages_unlocked
+get_user_pages_fast
+iov_iter_get_pages
+dio_refill_pages
+do_direct_IO
+do_blockdev_direct_IO
+do_blockdev_direct_IO
+ext4_direct_IO_read
+generic_file_read_iter
+aio_run_iocb
+
+(which can happen if guest's vdisk has direct-io-safe option).
+
+To avoid this let's use VM_MIXEDMAP flag instead --- it prevents
+NUMA balancing just as VM_IO does and has no effect on
+check_vma_flags().
+
+
+Reported-by: Olaf Hering <olaf@aepfle.de>
+Suggested-by: Hugh Dickins <hughd@google.com>
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Acked-by: Hugh Dickins <hughd@google.com>
+Tested-by: Olaf Hering <olaf@aepfle.de>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/gntdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/xen/gntdev.c
++++ b/drivers/xen/gntdev.c
+@@ -804,7 +804,7 @@ static int gntdev_mmap(struct file *flip
+
+ vma->vm_ops = &gntdev_vmops;
+
+- vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
++ vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP | VM_MIXEDMAP;
+
+ if (use_ptemod)
+ vma->vm_flags |= VM_DONTCOPY;
--- /dev/null
+From 6b10b23ca94451fae153a5cc8d62fd721bec2019 Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@sandeen.net>
+Date: Mon, 5 Dec 2016 12:31:06 +1100
+Subject: xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
+
+From: Eric Sandeen <sandeen@sandeen.net>
+
+commit 6b10b23ca94451fae153a5cc8d62fd721bec2019 upstream.
+
+xlog_recover_clear_agi_bucket didn't set the
+type to XFS_BLFT_AGI_BUF, so we got a warning during log
+replay (or an ASSERT on a debug build).
+
+ XFS (md0): Unknown buffer type 0!
+ XFS (md0): _xfs_buf_ioapply: no ops on block 0xaea8802/0x1
+
+Fix this, as was done in f19b872b for 2 other locations
+with the same problem.
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Brian Foster <bfoster@redhat.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Dave Chinner <david@fromorbit.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/xfs/xfs_log_recover.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/xfs/xfs_log_recover.c
++++ b/fs/xfs/xfs_log_recover.c
+@@ -3980,6 +3980,7 @@ xlog_recover_clear_agi_bucket(
+ agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
+ offset = offsetof(xfs_agi_t, agi_unlinked) +
+ (sizeof(xfs_agino_t) * bucket);
++ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
+ xfs_trans_log_buf(tp, agibp, offset,
+ (offset + sizeof(xfs_agino_t) - 1));
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
