From: Greg Kroah-Hartman Date: Sun, 24 Mar 2019 20:15:39 +0000 (+0100) Subject: 5.0-stable patches X-Git-Tag: v4.9.166~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3824f72d56a4ced0be60b81990d5e27f429670cd;p=thirdparty%2Fkernel%2Fstable-queue.git 5.0-stable patches added patches: cifs-allow-guest-mounts-to-work-for-smb3.11.patch clocksource-drivers-riscv-fix-clocksource-mask.patch futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch irqchip-gic-v3-its-fix-comparison-logic-in-lpi_range_cmp.patch objtool-move-objtool_file-struct-off-the-stack.patch perf-probe-fix-getting-the-kernel-map.patch scsi-core-avoid-that-a-kernel-warning-appears-during-system-resume.patch scsi-ibmvscsi-fix-empty-event-pool-access-during-host-removal.patch scsi-ibmvscsi-protect-ibmvscsi_head-from-concurrent-modificaiton.patch scsi-qla2xxx-fix-fc-al-connection-target-discovery.patch smb3-fix-smb3.1.1-guest-mounts-to-samba.patch --- diff --git a/queue-5.0/cifs-allow-guest-mounts-to-work-for-smb3.11.patch b/queue-5.0/cifs-allow-guest-mounts-to-work-for-smb3.11.patch new file mode 100644 index 00000000000..e023d893814 --- /dev/null +++ b/queue-5.0/cifs-allow-guest-mounts-to-work-for-smb3.11.patch @@ -0,0 +1,45 @@ +From e71ab2aa06f731a944993120b0eef1556c63b81c Mon Sep 17 00:00:00 2001 +From: Ronnie Sahlberg +Date: Thu, 21 Mar 2019 14:59:02 +1000 +Subject: cifs: allow guest mounts to work for smb3.11 + +From: Ronnie Sahlberg + +commit e71ab2aa06f731a944993120b0eef1556c63b81c upstream. + +Fix Guest/Anonymous sessions so that they work with SMB 3.11. + +The commit noted below tightened the conditions and forced signing for +the SMB2-TreeConnect commands as per MS-SMB2. +However, this should only apply to normal user sessions and not for +Guest/Anonumous sessions. + +Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares") + +Signed-off-by: Ronnie Sahlberg +CC: Stable +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1605,9 +1605,13 @@ SMB2_tcon(const unsigned int xid, struct + iov[1].iov_base = unc_path; + iov[1].iov_len = unc_path_len; + +- /* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 */ ++ /* ++ * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 ++ * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1 ++ */ + if ((ses->server->dialect == SMB311_PROT_ID) && +- !smb3_encryption_required(tcon)) ++ !smb3_encryption_required(tcon) && ++ !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL))) + req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED; + + memset(&rqst, 0, sizeof(struct smb_rqst)); diff --git a/queue-5.0/clocksource-drivers-riscv-fix-clocksource-mask.patch b/queue-5.0/clocksource-drivers-riscv-fix-clocksource-mask.patch new file mode 100644 index 00000000000..963a7564f77 --- /dev/null +++ b/queue-5.0/clocksource-drivers-riscv-fix-clocksource-mask.patch @@ -0,0 +1,55 @@ +From 32d0be018f6f5ee2d5d19c4795304613560814cf Mon Sep 17 00:00:00 2001 +From: Atish Patra +Date: Fri, 22 Mar 2019 14:54:11 -0700 +Subject: clocksource/drivers/riscv: Fix clocksource mask + +From: Atish Patra + +commit 32d0be018f6f5ee2d5d19c4795304613560814cf upstream. + +For all riscv architectures (RV32, RV64 and RV128), the clocksource +is a 64 bit incrementing counter. + +Fix the clock source mask accordingly. + +Tested on both 64bit and 32 bit virt machine in QEMU. + +Fixes: 62b019436814 ("clocksource: new RISC-V SBI timer driver") +Signed-off-by: Atish Patra +Signed-off-by: Thomas Gleixner +Reviewed-by: Anup Patel +Cc: Albert Ou +Cc: Daniel Lezcano +Cc: linux-riscv@lists.infradead.org +Cc: Palmer Dabbelt +Cc: Anup Patel +Cc: Damien Le Moal +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20190322215411.19362-1-atish.patra@wdc.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clocksource/timer-riscv.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/drivers/clocksource/timer-riscv.c ++++ b/drivers/clocksource/timer-riscv.c +@@ -58,7 +58,7 @@ static u64 riscv_sched_clock(void) + static DEFINE_PER_CPU(struct clocksource, riscv_clocksource) = { + .name = "riscv_clocksource", + .rating = 300, +- .mask = CLOCKSOURCE_MASK(BITS_PER_LONG), ++ .mask = CLOCKSOURCE_MASK(64), + .flags = CLOCK_SOURCE_IS_CONTINUOUS, + .read = riscv_clocksource_rdtime, + }; +@@ -103,8 +103,7 @@ static int __init riscv_timer_init_dt(st + cs = per_cpu_ptr(&riscv_clocksource, cpuid); + clocksource_register_hz(cs, riscv_timebase); + +- sched_clock_register(riscv_sched_clock, +- BITS_PER_LONG, riscv_timebase); ++ sched_clock_register(riscv_sched_clock, 64, riscv_timebase); + + error = cpuhp_setup_state(CPUHP_AP_RISCV_TIMER_STARTING, + "clockevents/riscv/timer:starting", diff --git a/queue-5.0/futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch b/queue-5.0/futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch new file mode 100644 index 00000000000..37003c468df --- /dev/null +++ b/queue-5.0/futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch @@ -0,0 +1,47 @@ +From 5a07168d8d89b00fe1760120714378175b3ef992 Mon Sep 17 00:00:00 2001 +From: Chen Jie +Date: Fri, 15 Mar 2019 03:44:38 +0000 +Subject: futex: Ensure that futex address is aligned in handle_futex_death() + +From: Chen Jie + +commit 5a07168d8d89b00fe1760120714378175b3ef992 upstream. + +The futex code requires that the user space addresses of futexes are 32bit +aligned. sys_futex() checks this in futex_get_keys() but the robust list +code has no alignment check in place. + +As a consequence the kernel crashes on architectures with strict alignment +requirements in handle_futex_death() when trying to cmpxchg() on an +unaligned futex address which was retrieved from the robust list. + +[ tglx: Rewrote changelog, proper sizeof() based alignement check and add + comment ] + +Fixes: 0771dfefc9e5 ("[PATCH] lightweight robust futexes: core") +Signed-off-by: Chen Jie +Signed-off-by: Thomas Gleixner +Cc: +Cc: +Cc: +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/1552621478-119787-1-git-send-email-chenjie6@huawei.com +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/futex.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -3440,6 +3440,10 @@ static int handle_futex_death(u32 __user + { + u32 uval, uninitialized_var(nval), mval; + ++ /* Futex address must be 32bit aligned */ ++ if ((((unsigned long)uaddr) % sizeof(*uaddr)) != 0) ++ return -1; ++ + retry: + if (get_user(uval, uaddr)) + return -1; diff --git a/queue-5.0/irqchip-gic-v3-its-fix-comparison-logic-in-lpi_range_cmp.patch b/queue-5.0/irqchip-gic-v3-its-fix-comparison-logic-in-lpi_range_cmp.patch new file mode 100644 index 00000000000..1024349fc1a --- /dev/null +++ b/queue-5.0/irqchip-gic-v3-its-fix-comparison-logic-in-lpi_range_cmp.patch @@ -0,0 +1,36 @@ +From 89dc891792c2e046b030f87600109c22209da32e Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Tue, 12 Mar 2019 18:33:46 +0100 +Subject: irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp + +From: Rasmus Villemoes + +commit 89dc891792c2e046b030f87600109c22209da32e upstream. + +The lpi_range_list is supposed to be sorted in ascending order of +->base_id (at least if the range merging is to work), but the current +comparison function returns a positive value if rb->base_id > +ra->base_id, which means that list_sort() will put A after B in that +case - and vice versa, of course. + +Fixes: 880cb3cddd16 (irqchip/gic-v3-its: Refactor LPI allocator) +Cc: stable@vger.kernel.org (v4.19+) +Signed-off-by: Rasmus Villemoes +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-gic-v3-its.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/irqchip/irq-gic-v3-its.c ++++ b/drivers/irqchip/irq-gic-v3-its.c +@@ -1482,7 +1482,7 @@ static int lpi_range_cmp(void *priv, str + ra = container_of(a, struct lpi_range, entry); + rb = container_of(b, struct lpi_range, entry); + +- return rb->base_id - ra->base_id; ++ return ra->base_id - rb->base_id; + } + + static void merge_lpi_ranges(void) diff --git a/queue-5.0/objtool-move-objtool_file-struct-off-the-stack.patch b/queue-5.0/objtool-move-objtool_file-struct-off-the-stack.patch new file mode 100644 index 00000000000..63ffb0b06c9 --- /dev/null +++ b/queue-5.0/objtool-move-objtool_file-struct-off-the-stack.patch @@ -0,0 +1,42 @@ +From 0c671812f152b628bd87c0af49da032cc2a2c319 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Mon, 18 Mar 2019 19:09:38 -0500 +Subject: objtool: Move objtool_file struct off the stack + +From: Josh Poimboeuf + +commit 0c671812f152b628bd87c0af49da032cc2a2c319 upstream. + +Objtool uses over 512k of stack, thanks to the hash table embedded in +the objtool_file struct. This causes an unnecessarily large stack +allocation and breaks users with low stack limits. + +Move the struct off the stack. + +Fixes: 042ba73fe7eb ("objtool: Add several performance improvements") +Reported-by: Vassili Karpov +Signed-off-by: Josh Poimboeuf +Signed-off-by: Thomas Gleixner +Cc: Peter Zijlstra +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/df92dcbc4b84b02ffa252f46876df125fb56e2d7.1552954176.git.jpoimboe@redhat.com +Signed-off-by: Greg Kroah-Hartman + +--- + tools/objtool/check.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -2184,9 +2184,10 @@ static void cleanup(struct objtool_file + elf_close(file->elf); + } + ++static struct objtool_file file; ++ + int check(const char *_objname, bool orc) + { +- struct objtool_file file; + int ret, warnings = 0; + + objname = _objname; diff --git a/queue-5.0/perf-probe-fix-getting-the-kernel-map.patch b/queue-5.0/perf-probe-fix-getting-the-kernel-map.patch new file mode 100644 index 00000000000..3f1dbafd86e --- /dev/null +++ b/queue-5.0/perf-probe-fix-getting-the-kernel-map.patch @@ -0,0 +1,50 @@ +From eaeffeb9838a7c0dec981d258666bfcc0fa6a947 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Mon, 4 Mar 2019 15:13:21 +0200 +Subject: perf probe: Fix getting the kernel map + +From: Adrian Hunter + +commit eaeffeb9838a7c0dec981d258666bfcc0fa6a947 upstream. + +Since commit 4d99e4136580 ("perf machine: Workaround missing maps for +x86 PTI entry trampolines"), perf tools has been creating more than one +kernel map, however 'perf probe' assumed there could be only one. + +Fix by using machine__kernel_map() to get the main kernel map. + +Signed-off-by: Adrian Hunter +Tested-by: Joseph Qi +Acked-by: Masami Hiramatsu +Cc: Alexander Shishkin +Cc: Andy Lutomirski +Cc: Greg Kroah-Hartman +Cc: Jiufei Xue +Cc: Peter Zijlstra +Cc: stable@vger.kernel.org +Cc: Xu Yu +Fixes: 4d99e4136580 ("perf machine: Workaround missing maps for x86 PTI entry trampolines") +Fixes: d83212d5dd67 ("kallsyms, x86: Export addresses of PTI entry trampolines") +Link: http://lkml.kernel.org/r/2ed432de-e904-85d2-5c36-5897ddc5b23b@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/probe-event.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/tools/perf/util/probe-event.c ++++ b/tools/perf/util/probe-event.c +@@ -157,8 +157,10 @@ static struct map *kernel_get_module_map + if (module && strchr(module, '/')) + return dso__new_map(module); + +- if (!module) +- module = "kernel"; ++ if (!module) { ++ pos = machine__kernel_map(host_machine); ++ return map__get(pos); ++ } + + for (pos = maps__first(maps); pos; pos = map__next(pos)) { + /* short_name is "[module]" */ diff --git a/queue-5.0/scsi-core-avoid-that-a-kernel-warning-appears-during-system-resume.patch b/queue-5.0/scsi-core-avoid-that-a-kernel-warning-appears-during-system-resume.patch new file mode 100644 index 00000000000..53a8e516955 --- /dev/null +++ b/queue-5.0/scsi-core-avoid-that-a-kernel-warning-appears-during-system-resume.patch @@ -0,0 +1,63 @@ +From 17605afaae825b0291f80c62a7f6565879edaa8a Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Fri, 15 Mar 2019 16:27:58 -0700 +Subject: scsi: core: Avoid that a kernel warning appears during system resume + +From: Bart Van Assche + +commit 17605afaae825b0291f80c62a7f6565879edaa8a upstream. + +Since scsi_device_quiesce() skips SCSI devices that have another state than +RUNNING, OFFLINE or TRANSPORT_OFFLINE, scsi_device_resume() should not +complain about SCSI devices that have been skipped. Hence this patch. This +patch avoids that the following warning appears during resume: + +WARNING: CPU: 3 PID: 1039 at blk_clear_pm_only+0x2a/0x30 +CPU: 3 PID: 1039 Comm: kworker/u8:49 Not tainted 5.0.0+ #1 +Hardware name: LENOVO 4180F42/4180F42, BIOS 83ET75WW (1.45 ) 05/10/2013 +Workqueue: events_unbound async_run_entry_fn +RIP: 0010:blk_clear_pm_only+0x2a/0x30 +Call Trace: + ? scsi_device_resume+0x28/0x50 + ? scsi_dev_type_resume+0x2b/0x80 + ? async_run_entry_fn+0x2c/0xd0 + ? process_one_work+0x1f0/0x3f0 + ? worker_thread+0x28/0x3c0 + ? process_one_work+0x3f0/0x3f0 + ? kthread+0x10c/0x130 + ? __kthread_create_on_node+0x150/0x150 + ? ret_from_fork+0x1f/0x30 + +Cc: Christoph Hellwig +Cc: Hannes Reinecke +Cc: Ming Lei +Cc: Johannes Thumshirn +Cc: Oleksandr Natalenko +Cc: Martin Steigerwald +Cc: +Reported-by: Jisheng Zhang +Tested-by: Jisheng Zhang +Fixes: 3a0a529971ec ("block, scsi: Make SCSI quiesce and resume work reliably") # v4.15 +Signed-off-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/scsi_lib.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/scsi_lib.c ++++ b/drivers/scsi/scsi_lib.c +@@ -2598,8 +2598,10 @@ void scsi_device_resume(struct scsi_devi + * device deleted during suspend) + */ + mutex_lock(&sdev->state_mutex); +- sdev->quiesced_by = NULL; +- blk_clear_pm_only(sdev->request_queue); ++ if (sdev->quiesced_by) { ++ sdev->quiesced_by = NULL; ++ blk_clear_pm_only(sdev->request_queue); ++ } + if (sdev->sdev_state == SDEV_QUIESCE) + scsi_device_set_state(sdev, SDEV_RUNNING); + mutex_unlock(&sdev->state_mutex); diff --git a/queue-5.0/scsi-ibmvscsi-fix-empty-event-pool-access-during-host-removal.patch b/queue-5.0/scsi-ibmvscsi-fix-empty-event-pool-access-during-host-removal.patch new file mode 100644 index 00000000000..48a75f5dc9c --- /dev/null +++ b/queue-5.0/scsi-ibmvscsi-fix-empty-event-pool-access-during-host-removal.patch @@ -0,0 +1,93 @@ +From 7f5203c13ba8a7b7f9f6ecfe5a4d5567188d7835 Mon Sep 17 00:00:00 2001 +From: Tyrel Datwyler +Date: Wed, 20 Mar 2019 13:41:51 -0500 +Subject: scsi: ibmvscsi: Fix empty event pool access during host removal + +From: Tyrel Datwyler + +commit 7f5203c13ba8a7b7f9f6ecfe5a4d5567188d7835 upstream. + +The event pool used for queueing commands is destroyed fairly early in the +ibmvscsi_remove() code path. Since, this happens prior to the call so +scsi_remove_host() it is possible for further calls to queuecommand to be +processed which manifest as a panic due to a NULL pointer dereference as +seen here: + +PANIC: "Unable to handle kernel paging request for data at address +0x00000000" + +Context process backtrace: + +DSISR: 0000000042000000 ????Syscall Result: 0000000000000000 +4 [c000000002cb3820] memcpy_power7 at c000000000064204 +[Link Register] [c000000002cb3820] ibmvscsi_send_srp_event at d000000003ed14a4 +5 [c000000002cb3920] ibmvscsi_send_srp_event at d000000003ed14a4 [ibmvscsi] ?(unreliable) +6 [c000000002cb39c0] ibmvscsi_queuecommand at d000000003ed2388 [ibmvscsi] +7 [c000000002cb3a70] scsi_dispatch_cmd at d00000000395c2d8 [scsi_mod] +8 [c000000002cb3af0] scsi_request_fn at d00000000395ef88 [scsi_mod] +9 [c000000002cb3be0] __blk_run_queue at c000000000429860 +10 [c000000002cb3c10] blk_delay_work at c00000000042a0ec +11 [c000000002cb3c40] process_one_work at c0000000000dac30 +12 [c000000002cb3cd0] worker_thread at c0000000000db110 +13 [c000000002cb3d80] kthread at c0000000000e3378 +14 [c000000002cb3e30] ret_from_kernel_thread at c00000000000982c + +The kernel buffer log is overfilled with this log: + +[11261.952732] ibmvscsi: found no event struct in pool! + +This patch reorders the operations during host teardown. Start by calling +the SRP transport and Scsi_Host remove functions to flush any outstanding +work and set the host offline. LLDD teardown follows including destruction +of the event pool, freeing the Command Response Queue (CRQ), and unmapping +any persistent buffers. The event pool destruction is protected by the +scsi_host lock, and the pool is purged prior of any requests for which we +never received a response. Finally, move the removal of the scsi host from +our global list to the end so that the host is easily locatable for +debugging purposes during teardown. + +Cc: # v2.6.12+ +Signed-off-by: Tyrel Datwyler +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/ibmvscsi/ibmvscsi.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/drivers/scsi/ibmvscsi/ibmvscsi.c ++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c +@@ -2295,17 +2295,27 @@ static int ibmvscsi_probe(struct vio_dev + static int ibmvscsi_remove(struct vio_dev *vdev) + { + struct ibmvscsi_host_data *hostdata = dev_get_drvdata(&vdev->dev); +- spin_lock(&ibmvscsi_driver_lock); +- list_del(&hostdata->host_list); +- spin_unlock(&ibmvscsi_driver_lock); +- unmap_persist_bufs(hostdata); ++ unsigned long flags; ++ ++ srp_remove_host(hostdata->host); ++ scsi_remove_host(hostdata->host); ++ ++ purge_requests(hostdata, DID_ERROR); ++ ++ spin_lock_irqsave(hostdata->host->host_lock, flags); + release_event_pool(&hostdata->pool, hostdata); ++ spin_unlock_irqrestore(hostdata->host->host_lock, flags); ++ + ibmvscsi_release_crq_queue(&hostdata->queue, hostdata, + max_events); + + kthread_stop(hostdata->work_thread); +- srp_remove_host(hostdata->host); +- scsi_remove_host(hostdata->host); ++ unmap_persist_bufs(hostdata); ++ ++ spin_lock(&ibmvscsi_driver_lock); ++ list_del(&hostdata->host_list); ++ spin_unlock(&ibmvscsi_driver_lock); ++ + scsi_host_put(hostdata->host); + + return 0; diff --git a/queue-5.0/scsi-ibmvscsi-protect-ibmvscsi_head-from-concurrent-modificaiton.patch b/queue-5.0/scsi-ibmvscsi-protect-ibmvscsi_head-from-concurrent-modificaiton.patch new file mode 100644 index 00000000000..7a62a51c1d1 --- /dev/null +++ b/queue-5.0/scsi-ibmvscsi-protect-ibmvscsi_head-from-concurrent-modificaiton.patch @@ -0,0 +1,57 @@ +From 7205981e045e752ccf96cf6ddd703a98c59d4339 Mon Sep 17 00:00:00 2001 +From: Tyrel Datwyler +Date: Wed, 20 Mar 2019 13:41:50 -0500 +Subject: scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton + +From: Tyrel Datwyler + +commit 7205981e045e752ccf96cf6ddd703a98c59d4339 upstream. + +For each ibmvscsi host created during a probe or destroyed during a remove +we either add or remove that host to/from the global ibmvscsi_head +list. This runs the risk of concurrent modification. + +This patch adds a simple spinlock around the list modification calls to +prevent concurrent updates as is done similarly in the ibmvfc driver and +ipr driver. + +Fixes: 32d6e4b6e4ea ("scsi: ibmvscsi: add vscsi hosts to global list_head") +Cc: # v4.10+ +Signed-off-by: Tyrel Datwyler +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/ibmvscsi/ibmvscsi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/scsi/ibmvscsi/ibmvscsi.c ++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c +@@ -96,6 +96,7 @@ static int client_reserve = 1; + static char partition_name[96] = "UNKNOWN"; + static unsigned int partition_number = -1; + static LIST_HEAD(ibmvscsi_head); ++static DEFINE_SPINLOCK(ibmvscsi_driver_lock); + + static struct scsi_transport_template *ibmvscsi_transport_template; + +@@ -2270,7 +2271,9 @@ static int ibmvscsi_probe(struct vio_dev + } + + dev_set_drvdata(&vdev->dev, hostdata); ++ spin_lock(&ibmvscsi_driver_lock); + list_add_tail(&hostdata->host_list, &ibmvscsi_head); ++ spin_unlock(&ibmvscsi_driver_lock); + return 0; + + add_srp_port_failed: +@@ -2292,7 +2295,9 @@ static int ibmvscsi_probe(struct vio_dev + static int ibmvscsi_remove(struct vio_dev *vdev) + { + struct ibmvscsi_host_data *hostdata = dev_get_drvdata(&vdev->dev); ++ spin_lock(&ibmvscsi_driver_lock); + list_del(&hostdata->host_list); ++ spin_unlock(&ibmvscsi_driver_lock); + unmap_persist_bufs(hostdata); + release_event_pool(&hostdata->pool, hostdata); + ibmvscsi_release_crq_queue(&hostdata->queue, hostdata, diff --git a/queue-5.0/scsi-qla2xxx-fix-fc-al-connection-target-discovery.patch b/queue-5.0/scsi-qla2xxx-fix-fc-al-connection-target-discovery.patch new file mode 100644 index 00000000000..bf4653c143e --- /dev/null +++ b/queue-5.0/scsi-qla2xxx-fix-fc-al-connection-target-discovery.patch @@ -0,0 +1,42 @@ +From 4705f10e82c63924bd84a9b31d15839ec9ba3d06 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Fri, 15 Mar 2019 15:04:18 -0700 +Subject: scsi: qla2xxx: Fix FC-AL connection target discovery + +From: Quinn Tran + +commit 4705f10e82c63924bd84a9b31d15839ec9ba3d06 upstream. + +Commit 7f147f9bfd44 ("scsi: qla2xxx: Fix N2N target discovery with Local +loop") fixed N2N target discovery for local loop. However, same code is +used for FC-AL discovery as well. Added check to make sure we are bypassing +area and domain check only in N2N topology for target discovery. + +Fixes: 7f147f9bfd44 ("scsi: qla2xxx: Fix N2N target discovery with Local loop") +Cc: stable@vger.kernel.org # 5.0+ +Signed-off-by: Quinn Tran +Signed-off-by: Himanshu Madhani +Reviewed-by: Ewan D. Milne +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qla2xxx/qla_init.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -4968,6 +4968,13 @@ qla2x00_configure_local_loop(scsi_qla_ho + (area != vha->d_id.b.area || domain != vha->d_id.b.domain)) + continue; + ++ /* Bypass if not same domain and area of adapter. */ ++ if (area && domain && ((area != vha->d_id.b.area) || ++ (domain != vha->d_id.b.domain)) && ++ (ha->current_topology == ISP_CFG_NL)) ++ continue; ++ ++ + /* Bypass invalid local loop ID. */ + if (loop_id > LAST_LOCAL_LOOP_ID) + continue; diff --git a/queue-5.0/series b/queue-5.0/series index 042b84c596f..d626eeee60a 100644 --- a/queue-5.0/series +++ b/queue-5.0/series @@ -18,3 +18,14 @@ powerpc-vdso64-fix-clock_monotonic-inconsistencies-across-y2038.patch powerpc-mm-only-define-max_physmem_bits-in-sparsemem-configurations.patch powerpc-security-fix-spectre_v2-reporting.patch net-mlx5-fix-dct-creation-bad-flow.patch +scsi-core-avoid-that-a-kernel-warning-appears-during-system-resume.patch +scsi-qla2xxx-fix-fc-al-connection-target-discovery.patch +scsi-ibmvscsi-protect-ibmvscsi_head-from-concurrent-modificaiton.patch +scsi-ibmvscsi-fix-empty-event-pool-access-during-host-removal.patch +futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch +cifs-allow-guest-mounts-to-work-for-smb3.11.patch +perf-probe-fix-getting-the-kernel-map.patch +objtool-move-objtool_file-struct-off-the-stack.patch +irqchip-gic-v3-its-fix-comparison-logic-in-lpi_range_cmp.patch +clocksource-drivers-riscv-fix-clocksource-mask.patch +smb3-fix-smb3.1.1-guest-mounts-to-samba.patch diff --git a/queue-5.0/smb3-fix-smb3.1.1-guest-mounts-to-samba.patch b/queue-5.0/smb3-fix-smb3.1.1-guest-mounts-to-samba.patch new file mode 100644 index 00000000000..5b468d32d95 --- /dev/null +++ b/queue-5.0/smb3-fix-smb3.1.1-guest-mounts-to-samba.patch @@ -0,0 +1,56 @@ +From 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Fri, 22 Mar 2019 22:31:17 -0500 +Subject: SMB3: Fix SMB3.1.1 guest mounts to Samba + +From: Steve French + +commit 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a upstream. + +Workaround problem with Samba responses to SMB3.1.1 +null user (guest) mounts. The server doesn't set the +expected flag in the session setup response so we have +to do a similar check to what is done in smb3_validate_negotiate +where we also check if the user is a null user (but not sec=krb5 +since username might not be passed in on mount for Kerberos case). + +Note that the commit below tightened the conditions and forced signing +for the SMB2-TreeConnect commands as per MS-SMB2. +However, this should only apply to normal user sessions and not for +cases where there is no user (even if server forgets to set the flag +in the response) since we don't have anything useful to sign with. +This is especially important now that the more secure SMB3.1.1 protocol +is in the default dialect list. + +An earlier patch ("cifs: allow guest mounts to work for smb3.11") fixed +the guest mounts to Windows. + + Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares") + +Reviewed-by: Ronnie Sahlberg +Reviewed-by: Paulo Alcantara +CC: Stable +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1608,10 +1608,13 @@ SMB2_tcon(const unsigned int xid, struct + /* + * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 + * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1 ++ * (Samba servers don't always set the flag so also check if null user) + */ + if ((ses->server->dialect == SMB311_PROT_ID) && + !smb3_encryption_required(tcon) && +- !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL))) ++ !(ses->session_flags & ++ (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) && ++ ((ses->user_name != NULL) || (ses->sectype == Kerberos))) + req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED; + + memset(&rqst, 0, sizeof(struct smb_rqst));