From: Greg Kroah-Hartman Date: Sat, 17 Oct 2015 20:17:41 +0000 (-0700) Subject: 4.2-stable patches X-Git-Tag: v3.10.91~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e348343a76251d33a9c97806de46881b2c64ee4b;p=thirdparty%2Fkernel%2Fstable-queue.git 4.2-stable patches added patches: bluetooth-delay-check-for-conn-smp-in-smp_conn_security.patch disabling-oplocks-leases-via-module-parm-enable_oplocks-broken-for-smb3.patch do-not-fall-back-to-smbwritex-in-set_file_size-error-cases.patch fix-sec-krb5-on-smb3-mounts.patch nfs-do-cleanup-before-resetting-pageio-read-write-to-mds.patch nfs-fix-a-write-performance-regression.patch nfs-fix-pg_test-page-count-calculation.patch nfs-fix-v4.2-seek-on-files-over-2-gigs.patch nfsv4-recovery-of-recalled-read-delegations-is-broken.patch regulator-axp20x-fix-enable-bit-indexes-for-dcdc4-and-dcdc5.patch regulator-core-correct-return-value-check-in-regulator_resolve_supply.patch regulator-core-handle-probe-deferral-from-dt-when-resolving-supplies.patch --- diff --git a/queue-4.2/bluetooth-delay-check-for-conn-smp-in-smp_conn_security.patch b/queue-4.2/bluetooth-delay-check-for-conn-smp-in-smp_conn_security.patch new file mode 100644 index 00000000000..d5fcc322564 --- /dev/null +++ b/queue-4.2/bluetooth-delay-check-for-conn-smp-in-smp_conn_security.patch @@ -0,0 +1,53 @@ +From d8949aad3eab5d396f4fefcd581773bf07b9a79e Mon Sep 17 00:00:00 2001 +From: Johan Hedberg +Date: Fri, 4 Sep 2015 12:22:46 +0300 +Subject: Bluetooth: Delay check for conn->smp in smp_conn_security() + +From: Johan Hedberg + +commit d8949aad3eab5d396f4fefcd581773bf07b9a79e upstream. + +There are several actions that smp_conn_security() might make that do +not require a valid SMP context (conn->smp pointer). One of these +actions is to encrypt the link with an existing LTK. If the SMP +context wasn't initialized properly we should still allow the +independent actions to be done, i.e. the check for the context should +only be done at the last possible moment. + +Reported-by: Chuck Ebbert +Signed-off-by: Johan Hedberg +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + net/bluetooth/smp.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/net/bluetooth/smp.c ++++ b/net/bluetooth/smp.c +@@ -2311,12 +2311,6 @@ int smp_conn_security(struct hci_conn *h + if (!conn) + return 1; + +- chan = conn->smp; +- if (!chan) { +- BT_ERR("SMP security requested but not available"); +- return 1; +- } +- + if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) + return 1; + +@@ -2330,6 +2324,12 @@ int smp_conn_security(struct hci_conn *h + if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) + return 0; + ++ chan = conn->smp; ++ if (!chan) { ++ BT_ERR("SMP security requested but not available"); ++ return 1; ++ } ++ + l2cap_chan_lock(chan); + + /* If SMP is already in progress ignore this request */ diff --git a/queue-4.2/disabling-oplocks-leases-via-module-parm-enable_oplocks-broken-for-smb3.patch b/queue-4.2/disabling-oplocks-leases-via-module-parm-enable_oplocks-broken-for-smb3.patch new file mode 100644 index 00000000000..edf573f9b82 --- /dev/null +++ b/queue-4.2/disabling-oplocks-leases-via-module-parm-enable_oplocks-broken-for-smb3.patch @@ -0,0 +1,38 @@ +From e0ddde9d44e37fbc21ce893553094ecf1a633ab5 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Tue, 22 Sep 2015 09:29:38 -0500 +Subject: disabling oplocks/leases via module parm enable_oplocks broken for SMB3 + +From: Steve French + +commit e0ddde9d44e37fbc21ce893553094ecf1a633ab5 upstream. + +leases (oplocks) were always requested for SMB2/SMB3 even when oplocks +disabled in the cifs.ko module. + +Signed-off-by: Steve French +Reviewed-by: Chandrika Srinivasan +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2ops.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -50,9 +50,13 @@ change_conf(struct TCP_Server_Info *serv + break; + default: + server->echoes = true; +- server->oplocks = true; ++ if (enable_oplocks) { ++ server->oplocks = true; ++ server->oplock_credits = 1; ++ } else ++ server->oplocks = false; ++ + server->echo_credits = 1; +- server->oplock_credits = 1; + } + server->credits -= server->echo_credits + server->oplock_credits; + return 0; diff --git a/queue-4.2/do-not-fall-back-to-smbwritex-in-set_file_size-error-cases.patch b/queue-4.2/do-not-fall-back-to-smbwritex-in-set_file_size-error-cases.patch new file mode 100644 index 00000000000..d92f176f1a7 --- /dev/null +++ b/queue-4.2/do-not-fall-back-to-smbwritex-in-set_file_size-error-cases.patch @@ -0,0 +1,101 @@ +From 646200a041203f440fb6fcf9cacd9efeda9de74c Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Mon, 28 Sep 2015 17:21:07 -0500 +Subject: [SMB3] Do not fall back to SMBWriteX in set_file_size error cases + +From: Steve French + +commit 646200a041203f440fb6fcf9cacd9efeda9de74c upstream. + +The error paths in set_file_size for cifs and smb3 are incorrect. + +In the unlikely event that a server did not support set file info +of the file size, the code incorrectly falls back to trying SMBWriteX +(note that only the original core SMB Write, used for example by DOS, +can set the file size this way - this actually does not work for the more +recent SMBWriteX). The idea was since the old DOS SMB Write could set +the file size if you write zero bytes at that offset then use that if +server rejects the normal set file info call. + +Fortunately the SMBWriteX will never be sent on the wire (except when +file size is zero) since the length and offset fields were reversed +in the two places in this function that call SMBWriteX causing +the fall back path to return an error. It is also important to never call +an SMB request from an SMB2/sMB3 session (which theoretically would +be possible, and can cause a brief session drop, although the client +recovers) so this should be fixed. In practice this path does not happen +with modern servers but the error fall back to SMBWriteX is clearly wrong. + +Removing the calls to SMBWriteX in the error paths in cifs_set_file_size + +Pointed out by PaX/grsecurity team + +Signed-off-by: Steve French +Reported-by: PaX Team +CC: Emese Revfy +CC: Brad Spengler +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/inode.c | 36 +----------------------------------- + 1 file changed, 1 insertion(+), 35 deletions(-) + +--- a/fs/cifs/inode.c ++++ b/fs/cifs/inode.c +@@ -2034,7 +2034,6 @@ cifs_set_file_size(struct inode *inode, + struct tcon_link *tlink = NULL; + struct cifs_tcon *tcon = NULL; + struct TCP_Server_Info *server; +- struct cifs_io_parms io_parms; + + /* + * To avoid spurious oplock breaks from server, in the case of +@@ -2056,18 +2055,6 @@ cifs_set_file_size(struct inode *inode, + rc = -ENOSYS; + cifsFileInfo_put(open_file); + cifs_dbg(FYI, "SetFSize for attrs rc = %d\n", rc); +- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) { +- unsigned int bytes_written; +- +- io_parms.netfid = open_file->fid.netfid; +- io_parms.pid = open_file->pid; +- io_parms.tcon = tcon; +- io_parms.offset = 0; +- io_parms.length = attrs->ia_size; +- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, +- NULL, NULL, 1); +- cifs_dbg(FYI, "Wrt seteof rc %d\n", rc); +- } + } else + rc = -EINVAL; + +@@ -2093,28 +2080,7 @@ cifs_set_file_size(struct inode *inode, + else + rc = -ENOSYS; + cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc); +- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) { +- __u16 netfid; +- int oplock = 0; +- +- rc = SMBLegacyOpen(xid, tcon, full_path, FILE_OPEN, +- GENERIC_WRITE, CREATE_NOT_DIR, &netfid, +- &oplock, NULL, cifs_sb->local_nls, +- cifs_remap(cifs_sb)); +- if (rc == 0) { +- unsigned int bytes_written; +- +- io_parms.netfid = netfid; +- io_parms.pid = current->tgid; +- io_parms.tcon = tcon; +- io_parms.offset = 0; +- io_parms.length = attrs->ia_size; +- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, NULL, +- NULL, 1); +- cifs_dbg(FYI, "wrt seteof rc %d\n", rc); +- CIFSSMBClose(xid, tcon, netfid); +- } +- } ++ + if (tlink) + cifs_put_tlink(tlink); + diff --git a/queue-4.2/fix-sec-krb5-on-smb3-mounts.patch b/queue-4.2/fix-sec-krb5-on-smb3-mounts.patch new file mode 100644 index 00000000000..ef7316d19e6 --- /dev/null +++ b/queue-4.2/fix-sec-krb5-on-smb3-mounts.patch @@ -0,0 +1,188 @@ +From ceb1b0b9b4d1089e9f2731a314689ae17784c861 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Thu, 24 Sep 2015 00:52:37 -0500 +Subject: [SMB3] Fix sec=krb5 on smb3 mounts + +From: Steve French + +commit ceb1b0b9b4d1089e9f2731a314689ae17784c861 upstream. + +Kerberos, which is very important for security, was only enabled for +CIFS not SMB2/SMB3 mounts (e.g. vers=3.0) + +Patch based on the information detailed in +http://thread.gmane.org/gmane.linux.kernel.cifs/10081/focus=10307 +to enable Kerberized SMB2/SMB3 + +a) SMB2_negotiate: enable/use decode_negTokenInit in SMB2_negotiate +b) SMB2_sess_setup: handle Kerberos sectype and replicate Kerberos + SMB1 processing done in sess_auth_kerberos + +Signed-off-by: Noel Power +Signed-off-by: Jim McDonough +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 76 +++++++++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 61 insertions(+), 15 deletions(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -46,6 +46,7 @@ + #include "smb2status.h" + #include "smb2glob.h" + #include "cifspdu.h" ++#include "cifs_spnego.h" + + /* + * The following table defines the expected "StructureSize" of SMB2 requests +@@ -486,19 +487,15 @@ SMB2_negotiate(const unsigned int xid, s + cifs_dbg(FYI, "missing security blob on negprot\n"); + + rc = cifs_enable_signing(server, ses->sign); +-#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */ + if (rc) + goto neg_exit; +- if (blob_length) ++ if (blob_length) { + rc = decode_negTokenInit(security_blob, blob_length, server); +- if (rc == 1) +- rc = 0; +- else if (rc == 0) { +- rc = -EIO; +- goto neg_exit; ++ if (rc == 1) ++ rc = 0; ++ else if (rc == 0) ++ rc = -EIO; + } +-#endif +- + neg_exit: + free_rsp_buf(resp_buftype, rsp); + return rc; +@@ -592,7 +589,8 @@ SMB2_sess_setup(const unsigned int xid, + __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */ + struct TCP_Server_Info *server = ses->server; + u16 blob_length = 0; +- char *security_blob; ++ struct key *spnego_key = NULL; ++ char *security_blob = NULL; + char *ntlmssp_blob = NULL; + bool use_spnego = false; /* else use raw ntlmssp */ + +@@ -620,7 +618,8 @@ SMB2_sess_setup(const unsigned int xid, + ses->ntlmssp->sesskey_per_smbsess = true; + + /* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */ +- ses->sectype = RawNTLMSSP; ++ if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP) ++ ses->sectype = RawNTLMSSP; + + ssetup_ntlmssp_authenticate: + if (phase == NtLmChallenge) +@@ -649,7 +648,48 @@ ssetup_ntlmssp_authenticate: + iov[0].iov_base = (char *)req; + /* 4 for rfc1002 length field and 1 for pad */ + iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; +- if (phase == NtLmNegotiate) { ++ ++ if (ses->sectype == Kerberos) { ++#ifdef CONFIG_CIFS_UPCALL ++ struct cifs_spnego_msg *msg; ++ ++ spnego_key = cifs_get_spnego_key(ses); ++ if (IS_ERR(spnego_key)) { ++ rc = PTR_ERR(spnego_key); ++ spnego_key = NULL; ++ goto ssetup_exit; ++ } ++ ++ msg = spnego_key->payload.data; ++ /* ++ * check version field to make sure that cifs.upcall is ++ * sending us a response in an expected form ++ */ ++ if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { ++ cifs_dbg(VFS, ++ "bad cifs.upcall version. Expected %d got %d", ++ CIFS_SPNEGO_UPCALL_VERSION, msg->version); ++ rc = -EKEYREJECTED; ++ goto ssetup_exit; ++ } ++ ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, ++ GFP_KERNEL); ++ if (!ses->auth_key.response) { ++ cifs_dbg(VFS, ++ "Kerberos can't allocate (%u bytes) memory", ++ msg->sesskey_len); ++ rc = -ENOMEM; ++ goto ssetup_exit; ++ } ++ ses->auth_key.len = msg->sesskey_len; ++ blob_length = msg->secblob_len; ++ iov[1].iov_base = msg->data + msg->sesskey_len; ++ iov[1].iov_len = blob_length; ++#else ++ rc = -EOPNOTSUPP; ++ goto ssetup_exit; ++#endif /* CONFIG_CIFS_UPCALL */ ++ } else if (phase == NtLmNegotiate) { /* if not krb5 must be ntlmssp */ + ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE), + GFP_KERNEL); + if (ntlmssp_blob == NULL) { +@@ -672,6 +712,8 @@ ssetup_ntlmssp_authenticate: + /* with raw NTLMSSP we don't encapsulate in SPNEGO */ + security_blob = ntlmssp_blob; + } ++ iov[1].iov_base = security_blob; ++ iov[1].iov_len = blob_length; + } else if (phase == NtLmAuthenticate) { + req->hdr.SessionId = ses->Suid; + ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500, +@@ -699,6 +741,8 @@ ssetup_ntlmssp_authenticate: + } else { + security_blob = ntlmssp_blob; + } ++ iov[1].iov_base = security_blob; ++ iov[1].iov_len = blob_length; + } else { + cifs_dbg(VFS, "illegal ntlmssp phase\n"); + rc = -EIO; +@@ -710,8 +754,6 @@ ssetup_ntlmssp_authenticate: + cpu_to_le16(sizeof(struct smb2_sess_setup_req) - + 1 /* pad */ - 4 /* rfc1001 len */); + req->SecurityBufferLength = cpu_to_le16(blob_length); +- iov[1].iov_base = security_blob; +- iov[1].iov_len = blob_length; + + inc_rfc1001_len(req, blob_length - 1 /* pad */); + +@@ -722,6 +764,7 @@ ssetup_ntlmssp_authenticate: + + kfree(security_blob); + rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base; ++ ses->Suid = rsp->hdr.SessionId; + if (resp_buftype != CIFS_NO_BUFFER && + rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) { + if (phase != NtLmNegotiate) { +@@ -739,7 +782,6 @@ ssetup_ntlmssp_authenticate: + /* NTLMSSP Negotiate sent now processing challenge (response) */ + phase = NtLmChallenge; /* process ntlmssp challenge */ + rc = 0; /* MORE_PROCESSING is not an error here but expected */ +- ses->Suid = rsp->hdr.SessionId; + rc = decode_ntlmssp_challenge(rsp->Buffer, + le16_to_cpu(rsp->SecurityBufferLength), ses); + } +@@ -796,6 +838,10 @@ keygen_exit: + kfree(ses->auth_key.response); + ses->auth_key.response = NULL; + } ++ if (spnego_key) { ++ key_invalidate(spnego_key); ++ key_put(spnego_key); ++ } + kfree(ses->ntlmssp); + + return rc; diff --git a/queue-4.2/nfs-do-cleanup-before-resetting-pageio-read-write-to-mds.patch b/queue-4.2/nfs-do-cleanup-before-resetting-pageio-read-write-to-mds.patch new file mode 100644 index 00000000000..e66e7e35ad4 --- /dev/null +++ b/queue-4.2/nfs-do-cleanup-before-resetting-pageio-read-write-to-mds.patch @@ -0,0 +1,45 @@ +From 6f29b9bba7b08c6b1d6f2cc4cf750b342fc1946c Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Sun, 20 Sep 2015 23:03:28 +0800 +Subject: NFS: Do cleanup before resetting pageio read/write to mds + +From: Kinglong Mee + +commit 6f29b9bba7b08c6b1d6f2cc4cf750b342fc1946c upstream. + +There is a reference leak of layout segment after resetting +pageio read/write to mds. + +Signed-off-by: Kinglong Mee +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/read.c | 3 +++ + fs/nfs/write.c | 3 +++ + 2 files changed, 6 insertions(+) + +--- a/fs/nfs/read.c ++++ b/fs/nfs/read.c +@@ -72,6 +72,9 @@ void nfs_pageio_reset_read_mds(struct nf + { + struct nfs_pgio_mirror *mirror; + ++ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup) ++ pgio->pg_ops->pg_cleanup(pgio); ++ + pgio->pg_ops = &nfs_pgio_rw_ops; + + /* read path should never have more than one mirror */ +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -1351,6 +1351,9 @@ void nfs_pageio_reset_write_mds(struct n + { + struct nfs_pgio_mirror *mirror; + ++ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup) ++ pgio->pg_ops->pg_cleanup(pgio); ++ + pgio->pg_ops = &nfs_pgio_rw_ops; + + nfs_pageio_stop_mirroring(pgio); diff --git a/queue-4.2/nfs-fix-a-write-performance-regression.patch b/queue-4.2/nfs-fix-a-write-performance-regression.patch new file mode 100644 index 00000000000..f9d3270725c --- /dev/null +++ b/queue-4.2/nfs-fix-a-write-performance-regression.patch @@ -0,0 +1,36 @@ +From 8fa4592a14ebb3c22a21d846d1e4f65dab7d1a7c Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Thu, 1 Oct 2015 18:38:27 -0400 +Subject: NFS: Fix a write performance regression + +From: Trond Myklebust + +commit 8fa4592a14ebb3c22a21d846d1e4f65dab7d1a7c upstream. + +If all other conditions in nfs_can_extend_write() are met, and there +are no locks, then we should be able to assume close-to-open semantics +and the ability to extend our write to cover the whole page. + +With this patch, the xfstests generic/074 test completes in 242s instead +of >1400s on my test rig. + +Fixes: bd61e0a9c852 ("locks: convert posix locks to file_lock_context") +Cc: Jeff Layton +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/write.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -1223,7 +1223,7 @@ static int nfs_can_extend_write(struct f + return 1; + if (!flctx || (list_empty_careful(&flctx->flc_flock) && + list_empty_careful(&flctx->flc_posix))) +- return 0; ++ return 1; + + /* Check to see if there are whole file write locks */ + ret = 0; diff --git a/queue-4.2/nfs-fix-pg_test-page-count-calculation.patch b/queue-4.2/nfs-fix-pg_test-page-count-calculation.patch new file mode 100644 index 00000000000..40e451bb4fb --- /dev/null +++ b/queue-4.2/nfs-fix-pg_test-page-count-calculation.patch @@ -0,0 +1,35 @@ +From 048883e0b934d9a5103d40e209cb14b7f33d2933 Mon Sep 17 00:00:00 2001 +From: Peng Tao +Date: Fri, 11 Sep 2015 11:14:06 +0800 +Subject: nfs: fix pg_test page count calculation + +From: Peng Tao + +commit 048883e0b934d9a5103d40e209cb14b7f33d2933 upstream. + +We really want sizeof(struct page *) instead. Otherwise we limit +maximum IO size to 64 pages rather than 512 pages on a 64bit system. + +Fixes 2e11f829(nfs: cap request size to fit a kmalloced page array). + +Cc: Christoph Hellwig +Signed-off-by: Peng Tao +Fixes: 2e11f8296d22 ("nfs: cap request size to fit a kmalloced page array") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pagelist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -508,7 +508,7 @@ size_t nfs_generic_pg_test(struct nfs_pa + * for it without upsetting the slab allocator. + */ + if (((mirror->pg_count + req->wb_bytes) >> PAGE_SHIFT) * +- sizeof(struct page) > PAGE_SIZE) ++ sizeof(struct page *) > PAGE_SIZE) + return 0; + + return min(mirror->pg_bsize - mirror->pg_count, (size_t)req->wb_bytes); diff --git a/queue-4.2/nfs-fix-v4.2-seek-on-files-over-2-gigs.patch b/queue-4.2/nfs-fix-v4.2-seek-on-files-over-2-gigs.patch new file mode 100644 index 00000000000..31c71bcfb73 --- /dev/null +++ b/queue-4.2/nfs-fix-v4.2-seek-on-files-over-2-gigs.patch @@ -0,0 +1,39 @@ +From 306a5549355966e480e0dcacdc6b9321d153e0c0 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Wed, 16 Sep 2015 17:21:27 -0400 +Subject: nfs: fix v4.2 SEEK on files over 2 gigs + +From: "J. Bruce Fields" + +commit 306a5549355966e480e0dcacdc6b9321d153e0c0 upstream. + +We're incorrectly assigning a loff_t return to an int. If SEEK_HOLE or +SEEK_DATA returns an offset over 2^31 then the application will see a +weird lseek() result (usually -EIO). + +Fixes: bdcc2cd14e4e "NFSv4.2: handle NFS-specific llseek errors" +Signed-off-by: J. Bruce Fields +Reviewed-by: Anna Schumaker +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs42proc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/nfs/nfs42proc.c ++++ b/fs/nfs/nfs42proc.c +@@ -175,10 +175,12 @@ loff_t nfs42_proc_llseek(struct file *fi + { + struct nfs_server *server = NFS_SERVER(file_inode(filep)); + struct nfs4_exception exception = { }; +- int err; ++ loff_t err; + + do { + err = _nfs42_proc_llseek(filep, offset, whence); ++ if (err >= 0) ++ break; + if (err == -ENOTSUPP) + return -EOPNOTSUPP; + err = nfs4_handle_exception(server, err, &exception); diff --git a/queue-4.2/nfsv4-recovery-of-recalled-read-delegations-is-broken.patch b/queue-4.2/nfsv4-recovery-of-recalled-read-delegations-is-broken.patch new file mode 100644 index 00000000000..bd85ca6db7d --- /dev/null +++ b/queue-4.2/nfsv4-recovery-of-recalled-read-delegations-is-broken.patch @@ -0,0 +1,214 @@ +From 24311f884189d42d40354a6f38ca218eb9aeb811 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sun, 20 Sep 2015 10:50:17 -0400 +Subject: NFSv4: Recovery of recalled read delegations is broken + +From: Trond Myklebust + +commit 24311f884189d42d40354a6f38ca218eb9aeb811 upstream. + +When a read delegation is being recalled, and we're reclaiming the +cached opens, we need to make sure that we only reclaim read-only +modes. +A previous attempt to do this, relied on retrieving the delegation +type from the nfs4_opendata structure. Unfortunately, as Kinglong +pointed out, this field can only be set when performing reboot recovery. + +Furthermore, if we call nfs4_open_recover(), then we end up clobbering +the state->flags for all modes that we're not recovering... + +The fix is to have the delegation recall code pass this information +to the recovery call, and then refactor the recovery code so that +nfs4_open_delegation_recall() does not need to call nfs4_open_recover(). + +Reported-by: Kinglong Mee +Fixes: 39f897fdbd46 ("NFSv4: When returning a delegation, don't...") +Tested-by: Kinglong Mee +Cc: NeilBrown +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/delegation.c | 8 +++-- + fs/nfs/delegation.h | 2 - + fs/nfs/nfs4proc.c | 81 ++++++++++++++++++++++++++++++---------------------- + 3 files changed, 53 insertions(+), 38 deletions(-) + +--- a/fs/nfs/delegation.c ++++ b/fs/nfs/delegation.c +@@ -113,7 +113,8 @@ out: + return status; + } + +-static int nfs_delegation_claim_opens(struct inode *inode, const nfs4_stateid *stateid) ++static int nfs_delegation_claim_opens(struct inode *inode, ++ const nfs4_stateid *stateid, fmode_t type) + { + struct nfs_inode *nfsi = NFS_I(inode); + struct nfs_open_context *ctx; +@@ -140,7 +141,7 @@ again: + /* Block nfs4_proc_unlck */ + mutex_lock(&sp->so_delegreturn_mutex); + seq = raw_seqcount_begin(&sp->so_reclaim_seqcount); +- err = nfs4_open_delegation_recall(ctx, state, stateid); ++ err = nfs4_open_delegation_recall(ctx, state, stateid, type); + if (!err) + err = nfs_delegation_claim_locks(ctx, state, stateid); + if (!err && read_seqcount_retry(&sp->so_reclaim_seqcount, seq)) +@@ -411,7 +412,8 @@ static int nfs_end_delegation_return(str + do { + if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) + break; +- err = nfs_delegation_claim_opens(inode, &delegation->stateid); ++ err = nfs_delegation_claim_opens(inode, &delegation->stateid, ++ delegation->type); + if (!issync || err != -EAGAIN) + break; + /* +--- a/fs/nfs/delegation.h ++++ b/fs/nfs/delegation.h +@@ -54,7 +54,7 @@ void nfs_delegation_reap_unclaimed(struc + + /* NFSv4 delegation-related procedures */ + int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync); +-int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid); ++int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid, fmode_t type); + int nfs4_lock_delegation_recall(struct file_lock *fl, struct nfs4_state *state, const nfs4_stateid *stateid); + bool nfs4_copy_delegation_stateid(nfs4_stateid *dst, struct inode *inode, fmode_t flags); + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1127,6 +1127,21 @@ static int nfs4_wait_for_completion_rpc_ + return ret; + } + ++static bool nfs4_mode_match_open_stateid(struct nfs4_state *state, ++ fmode_t fmode) ++{ ++ switch(fmode & (FMODE_READ|FMODE_WRITE)) { ++ case FMODE_READ|FMODE_WRITE: ++ return state->n_rdwr != 0; ++ case FMODE_WRITE: ++ return state->n_wronly != 0; ++ case FMODE_READ: ++ return state->n_rdonly != 0; ++ } ++ WARN_ON_ONCE(1); ++ return false; ++} ++ + static int can_open_cached(struct nfs4_state *state, fmode_t mode, int open_mode) + { + int ret = 0; +@@ -1561,17 +1576,13 @@ static struct nfs4_opendata *nfs4_open_r + return opendata; + } + +-static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, fmode_t fmode, struct nfs4_state **res) ++static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, ++ fmode_t fmode) + { + struct nfs4_state *newstate; + int ret; + +- if ((opendata->o_arg.claim == NFS4_OPEN_CLAIM_DELEGATE_CUR || +- opendata->o_arg.claim == NFS4_OPEN_CLAIM_DELEG_CUR_FH) && +- (opendata->o_arg.u.delegation_type & fmode) != fmode) +- /* This mode can't have been delegated, so we must have +- * a valid open_stateid to cover it - not need to reclaim. +- */ ++ if (!nfs4_mode_match_open_stateid(opendata->state, fmode)) + return 0; + opendata->o_arg.open_flags = 0; + opendata->o_arg.fmode = fmode; +@@ -1587,14 +1598,14 @@ static int nfs4_open_recover_helper(stru + newstate = nfs4_opendata_to_nfs4_state(opendata); + if (IS_ERR(newstate)) + return PTR_ERR(newstate); ++ if (newstate != opendata->state) ++ ret = -ESTALE; + nfs4_close_state(newstate, fmode); +- *res = newstate; +- return 0; ++ return ret; + } + + static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *state) + { +- struct nfs4_state *newstate; + int ret; + + /* Don't trigger recovery in nfs_test_and_clear_all_open_stateid */ +@@ -1605,27 +1616,15 @@ static int nfs4_open_recover(struct nfs4 + clear_bit(NFS_DELEGATED_STATE, &state->flags); + clear_bit(NFS_OPEN_STATE, &state->flags); + smp_rmb(); +- if (state->n_rdwr != 0) { +- ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE, &newstate); +- if (ret != 0) +- return ret; +- if (newstate != state) +- return -ESTALE; +- } +- if (state->n_wronly != 0) { +- ret = nfs4_open_recover_helper(opendata, FMODE_WRITE, &newstate); +- if (ret != 0) +- return ret; +- if (newstate != state) +- return -ESTALE; +- } +- if (state->n_rdonly != 0) { +- ret = nfs4_open_recover_helper(opendata, FMODE_READ, &newstate); +- if (ret != 0) +- return ret; +- if (newstate != state) +- return -ESTALE; +- } ++ ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE); ++ if (ret != 0) ++ return ret; ++ ret = nfs4_open_recover_helper(opendata, FMODE_WRITE); ++ if (ret != 0) ++ return ret; ++ ret = nfs4_open_recover_helper(opendata, FMODE_READ); ++ if (ret != 0) ++ return ret; + /* + * We may have performed cached opens for all three recoveries. + * Check if we need to update the current stateid. +@@ -1749,18 +1748,32 @@ static int nfs4_handle_delegation_recall + return err; + } + +-int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid) ++int nfs4_open_delegation_recall(struct nfs_open_context *ctx, ++ struct nfs4_state *state, const nfs4_stateid *stateid, ++ fmode_t type) + { + struct nfs_server *server = NFS_SERVER(state->inode); + struct nfs4_opendata *opendata; +- int err; ++ int err = 0; + + opendata = nfs4_open_recoverdata_alloc(ctx, state, + NFS4_OPEN_CLAIM_DELEG_CUR_FH); + if (IS_ERR(opendata)) + return PTR_ERR(opendata); + nfs4_stateid_copy(&opendata->o_arg.u.delegation, stateid); +- err = nfs4_open_recover(opendata, state); ++ clear_bit(NFS_DELEGATED_STATE, &state->flags); ++ switch (type & (FMODE_READ|FMODE_WRITE)) { ++ case FMODE_READ|FMODE_WRITE: ++ case FMODE_WRITE: ++ err = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE); ++ if (err) ++ break; ++ err = nfs4_open_recover_helper(opendata, FMODE_WRITE); ++ if (err) ++ break; ++ case FMODE_READ: ++ err = nfs4_open_recover_helper(opendata, FMODE_READ); ++ } + nfs4_opendata_put(opendata); + return nfs4_handle_delegation_recall_error(server, state, stateid, err); + } diff --git a/queue-4.2/regulator-axp20x-fix-enable-bit-indexes-for-dcdc4-and-dcdc5.patch b/queue-4.2/regulator-axp20x-fix-enable-bit-indexes-for-dcdc4-and-dcdc5.patch new file mode 100644 index 00000000000..46fd211b121 --- /dev/null +++ b/queue-4.2/regulator-axp20x-fix-enable-bit-indexes-for-dcdc4-and-dcdc5.patch @@ -0,0 +1,38 @@ +From 6b3600b4ba0810c84437cf76556d9afbd55c1bfc Mon Sep 17 00:00:00 2001 +From: Chen-Yu Tsai +Date: Sat, 26 Sep 2015 21:21:12 +0800 +Subject: regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5 + +From: Chen-Yu Tsai + +commit 6b3600b4ba0810c84437cf76556d9afbd55c1bfc upstream. + +The enable bit indexes for DCDC4 and DCDC5 regulators are off by 1. + +We haven't run into any problems with this since either the regulators +aren't defined in the DT and aren't used, or all the DCDC regulators +have the "always-on" property set, as they are almost always used +for system critical loads. + +Signed-off-by: Chen-Yu Tsai +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/regulator/axp20x-regulator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/regulator/axp20x-regulator.c ++++ b/drivers/regulator/axp20x-regulator.c +@@ -192,9 +192,9 @@ static const struct regulator_desc axp22 + AXP_DESC(AXP22X, DCDC3, "dcdc3", "vin3", 600, 1860, 20, + AXP22X_DCDC3_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(3)), + AXP_DESC(AXP22X, DCDC4, "dcdc4", "vin4", 600, 1540, 20, +- AXP22X_DCDC4_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(3)), ++ AXP22X_DCDC4_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(4)), + AXP_DESC(AXP22X, DCDC5, "dcdc5", "vin5", 1000, 2550, 50, +- AXP22X_DCDC5_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL1, BIT(4)), ++ AXP22X_DCDC5_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL1, BIT(5)), + /* secondary switchable output of DCDC1 */ + AXP_DESC_SW(AXP22X, DC1SW, "dc1sw", "dcdc1", 1600, 3400, 100, + AXP22X_DCDC1_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL2, BIT(7)), diff --git a/queue-4.2/regulator-core-correct-return-value-check-in-regulator_resolve_supply.patch b/queue-4.2/regulator-core-correct-return-value-check-in-regulator_resolve_supply.patch new file mode 100644 index 00000000000..72b42ac9c85 --- /dev/null +++ b/queue-4.2/regulator-core-correct-return-value-check-in-regulator_resolve_supply.patch @@ -0,0 +1,50 @@ +From 23c3f310e897837aeb8ffe8700b803cb58e7b35d Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Thu, 17 Sep 2015 14:50:20 +0100 +Subject: regulator: core: Correct return value check in regulator_resolve_supply + +From: Charles Keepax + +commit 23c3f310e897837aeb8ffe8700b803cb58e7b35d upstream. + +The ret pointer passed to regulator_dev_lookup is only filled with a +valid error code if regulator_dev_lookup returned NULL. Currently +regulator_resolve_supply checks this ret value before it checks if a +regulator was returned, this can result in valid regulator lookups being +ignored. + +Fixes: 6261b06de565 ("regulator: Defer lookup of supply to regulator_get") +Signed-off-by: Charles Keepax +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/regulator/core.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -1376,15 +1376,15 @@ static int regulator_resolve_supply(stru + return 0; + + r = regulator_dev_lookup(dev, rdev->supply_name, &ret); +- if (ret == -ENODEV) { +- /* +- * No supply was specified for this regulator and +- * there will never be one. +- */ +- return 0; +- } +- + if (!r) { ++ if (ret == -ENODEV) { ++ /* ++ * No supply was specified for this regulator and ++ * there will never be one. ++ */ ++ return 0; ++ } ++ + if (have_full_constraints()) { + r = dummy_regulator_rdev; + } else { diff --git a/queue-4.2/regulator-core-handle-probe-deferral-from-dt-when-resolving-supplies.patch b/queue-4.2/regulator-core-handle-probe-deferral-from-dt-when-resolving-supplies.patch new file mode 100644 index 00000000000..243fdefbe5a --- /dev/null +++ b/queue-4.2/regulator-core-handle-probe-deferral-from-dt-when-resolving-supplies.patch @@ -0,0 +1,42 @@ +From 06423121d9eba0a56b9341cf82b88479017bce14 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Thu, 1 Oct 2015 10:59:48 +0100 +Subject: regulator: core: Handle probe deferral from DT when resolving supplies + +From: Mark Brown + +commit 06423121d9eba0a56b9341cf82b88479017bce14 upstream. + +When resolving regulator-regulator supplies we ignore probe deferral +returns from regulator_dev_lookup() (such as are generated for DT when +we can see a supply is registered) and just fall back to the dummy +regulator if there are full constraints (as is the case for DT). This +means that probe deferral is broken for DT systems, fix that by paying +attention to -EPROBE_DEFER return codes like we do -ENODEV. + +A further patch will simplify this further, this is a minimal fix for +the specific issue. + +Fixes: 9f7e25edb1575a6d2 (regulator: core: Handle full constraints systems when resolving supplies) +Reported-by: Sascha Hauer +Tested-by: Sascha Hauer +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/regulator/core.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -1385,6 +1385,10 @@ static int regulator_resolve_supply(stru + return 0; + } + ++ /* Did the lookup explicitly defer for us? */ ++ if (ret == -EPROBE_DEFER) ++ return ret; ++ + if (have_full_constraints()) { + r = dummy_regulator_rdev; + } else { diff --git a/queue-4.2/series b/queue-4.2/series index ec2496a5831..cb6ae812573 100644 --- a/queue-4.2/series +++ b/queue-4.2/series @@ -125,3 +125,15 @@ netfilter-conntrack-use-nf_ct_tmpl_free-in-ct-synproxy-error-paths.patch netfilter-nf_log-wait-for-rcu-grace-after-logger-unregistration.patch netfilter-nft_compat-skip-family-comparison-in-case-of-nfproto_unspec.patch netfilter-nf_log-don-t-zap-all-loggers-on-unregister.patch +regulator-core-correct-return-value-check-in-regulator_resolve_supply.patch +regulator-axp20x-fix-enable-bit-indexes-for-dcdc4-and-dcdc5.patch +regulator-core-handle-probe-deferral-from-dt-when-resolving-supplies.patch +bluetooth-delay-check-for-conn-smp-in-smp_conn_security.patch +nfs-fix-v4.2-seek-on-files-over-2-gigs.patch +nfs-do-cleanup-before-resetting-pageio-read-write-to-mds.patch +nfsv4-recovery-of-recalled-read-delegations-is-broken.patch +nfs-fix-pg_test-page-count-calculation.patch +nfs-fix-a-write-performance-regression.patch +fix-sec-krb5-on-smb3-mounts.patch +disabling-oplocks-leases-via-module-parm-enable_oplocks-broken-for-smb3.patch +do-not-fall-back-to-smbwritex-in-set_file_size-error-cases.patch