From 42cc3cbcac05120d0f23202b01a3fe1526cec9a5 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 24 Jun 2015 07:52:32 -0700
Subject: [PATCH] delete a patch and fix up another one.

---
 ...r-target-fix-possible-use-after-free.patch | 49 -------------------
 queue-3.10/series                             |  1 -
 ...g-have-filter-check-for-balanced-ops.patch | 15 +++---
 ...r-target-fix-possible-use-after-free.patch | 49 -------------------
 queue-3.14/series                             |  1 -
 ...g-have-filter-check-for-balanced-ops.patch | 15 +++---
 6 files changed, 16 insertions(+), 114 deletions(-)
 delete mode 100644 queue-3.10/iser-target-fix-possible-use-after-free.patch
 delete mode 100644 queue-3.14/iser-target-fix-possible-use-after-free.patch

diff --git a/queue-3.10/iser-target-fix-possible-use-after-free.patch b/queue-3.10/iser-target-fix-possible-use-after-free.patch
deleted file mode 100644
index 8922536bbea..00000000000
--- a/queue-3.10/iser-target-fix-possible-use-after-free.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 524630d5824c7a75aab568c6bd1423fd748cd3bb Mon Sep 17 00:00:00 2001
-From: Sagi Grimberg <sagig@mellanox.com>
-Date: Thu, 4 Jun 2015 19:49:21 +0300
-Subject: iser-target: Fix possible use-after-free
-
-From: Sagi Grimberg <sagig@mellanox.com>
-
-commit 524630d5824c7a75aab568c6bd1423fd748cd3bb upstream.
-
-iser connection termination process happens in 2 stages:
-- isert_wait_conn:
-  - resumes rdma disconnect
-  - wait for session commands
-  - wait for flush completions (post a marked wr to signal we are done)
-  - wait for logout completion
-  - queue work for connection cleanup (depends on disconnected/timewait
-    events)
-- isert_free_conn
-  - last reference put on the connection
-
-In case we are terminating during IOs, we might be posting send/recv
-requests after we posted the last work request which might lead
-to a use-after-free condition in isert_handle_wc.
-After we posted the last wr in isert_wait_conn we are guaranteed that
-no successful completions will follow (meaning no new work request posts
-may happen) but other flush errors might still come. So before we
-put the last reference on the connection, we repeat the process of
-posting a marked work request (isert_wait4flush) in order to make sure all
-pending completions were flushed.
-
-Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
-Signed-off-by: Jenny Falkovich <jennyf@mellanox.com>
-Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/infiniband/ulp/isert/ib_isert.c |    1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/infiniband/ulp/isert/ib_isert.c
-+++ b/drivers/infiniband/ulp/isert/ib_isert.c
-@@ -2426,6 +2426,7 @@ static void isert_free_conn(struct iscsi
- {
- 	struct isert_conn *isert_conn = conn->context;
- 
-+	isert_wait4flush(isert_conn);
- 	isert_put_conn(isert_conn);
- }
- 
diff --git a/queue-3.10/series b/queue-3.10/series
index 9910a9ae78c..0b1e22d4748 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -1,4 +1,3 @@
 crypto-caam-fix-rng-buffer-cache-alignment.patch
 tracing-have-filter-check-for-balanced-ops.patch
-iser-target-fix-possible-use-after-free.patch
 drm-mgag200-reject-non-character-cell-aligned-mode-widths.patch
diff --git a/queue-3.10/tracing-have-filter-check-for-balanced-ops.patch b/queue-3.10/tracing-have-filter-check-for-balanced-ops.patch
index 5ad40540683..78040ecc867 100644
--- a/queue-3.10/tracing-have-filter-check-for-balanced-ops.patch
+++ b/queue-3.10/tracing-have-filter-check-for-balanced-ops.patch
@@ -69,15 +69,18 @@ Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
 Reported-by: Vince Weaver <vincent.weaver@maine.edu>
 Tested-by: Vince Weaver <vincent.weaver@maine.edu>
 Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+[ luis: backported to 3.16:
+  - unconditionally decrement cnt as the OP_NOT logic was introduced only
+    by e12c09cf3087 ("tracing: Add NOT to filtering logic") ]
+Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
 ---
- kernel/trace/trace_events_filter.c |   11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
+ kernel/trace/trace_events_filter.c |    9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
 
 --- a/kernel/trace/trace_events_filter.c
 +++ b/kernel/trace/trace_events_filter.c
-@@ -1328,19 +1328,26 @@ static int check_preds(struct filter_par
+@@ -1328,19 +1328,24 @@ static int check_preds(struct filter_par
  {
  	int n_normal_preds = 0, n_logical_preds = 0;
  	struct postfix_elt *elt;
@@ -90,13 +93,11 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  			continue;
 +		}
  
++		cnt--;
  		if (elt->op == OP_AND || elt->op == OP_OR) {
  			n_logical_preds++;
-+			cnt--;
  			continue;
  		}
-+		if (elt->op != OP_NOT)
-+			cnt--;
  		n_normal_preds++;
 +		WARN_ON_ONCE(cnt < 0);
  	}
diff --git a/queue-3.14/iser-target-fix-possible-use-after-free.patch b/queue-3.14/iser-target-fix-possible-use-after-free.patch
deleted file mode 100644
index 5b99166b5ca..00000000000
--- a/queue-3.14/iser-target-fix-possible-use-after-free.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 524630d5824c7a75aab568c6bd1423fd748cd3bb Mon Sep 17 00:00:00 2001
-From: Sagi Grimberg <sagig@mellanox.com>
-Date: Thu, 4 Jun 2015 19:49:21 +0300
-Subject: iser-target: Fix possible use-after-free
-
-From: Sagi Grimberg <sagig@mellanox.com>
-
-commit 524630d5824c7a75aab568c6bd1423fd748cd3bb upstream.
-
-iser connection termination process happens in 2 stages:
-- isert_wait_conn:
-  - resumes rdma disconnect
-  - wait for session commands
-  - wait for flush completions (post a marked wr to signal we are done)
-  - wait for logout completion
-  - queue work for connection cleanup (depends on disconnected/timewait
-    events)
-- isert_free_conn
-  - last reference put on the connection
-
-In case we are terminating during IOs, we might be posting send/recv
-requests after we posted the last work request which might lead
-to a use-after-free condition in isert_handle_wc.
-After we posted the last wr in isert_wait_conn we are guaranteed that
-no successful completions will follow (meaning no new work request posts
-may happen) but other flush errors might still come. So before we
-put the last reference on the connection, we repeat the process of
-posting a marked work request (isert_wait4flush) in order to make sure all
-pending completions were flushed.
-
-Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
-Signed-off-by: Jenny Falkovich <jennyf@mellanox.com>
-Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/infiniband/ulp/isert/ib_isert.c |    1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/infiniband/ulp/isert/ib_isert.c
-+++ b/drivers/infiniband/ulp/isert/ib_isert.c
-@@ -2952,6 +2952,7 @@ static void isert_free_conn(struct iscsi
- {
- 	struct isert_conn *isert_conn = conn->context;
- 
-+	isert_wait4flush(isert_conn);
- 	isert_put_conn(isert_conn);
- }
- 
diff --git a/queue-3.14/series b/queue-3.14/series
index 9910a9ae78c..0b1e22d4748 100644
--- a/queue-3.14/series
+++ b/queue-3.14/series
@@ -1,4 +1,3 @@
 crypto-caam-fix-rng-buffer-cache-alignment.patch
 tracing-have-filter-check-for-balanced-ops.patch
-iser-target-fix-possible-use-after-free.patch
 drm-mgag200-reject-non-character-cell-aligned-mode-widths.patch
diff --git a/queue-3.14/tracing-have-filter-check-for-balanced-ops.patch b/queue-3.14/tracing-have-filter-check-for-balanced-ops.patch
index e37023e8baf..1c2c6ee23dc 100644
--- a/queue-3.14/tracing-have-filter-check-for-balanced-ops.patch
+++ b/queue-3.14/tracing-have-filter-check-for-balanced-ops.patch
@@ -69,15 +69,18 @@ Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
 Reported-by: Vince Weaver <vincent.weaver@maine.edu>
 Tested-by: Vince Weaver <vincent.weaver@maine.edu>
 Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+[ luis: backported to 3.16:
+  - unconditionally decrement cnt as the OP_NOT logic was introduced only
+    by e12c09cf3087 ("tracing: Add NOT to filtering logic") ]
+Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
 ---
- kernel/trace/trace_events_filter.c |   11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
+ kernel/trace/trace_events_filter.c |    9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
 
 --- a/kernel/trace/trace_events_filter.c
 +++ b/kernel/trace/trace_events_filter.c
-@@ -1399,19 +1399,26 @@ static int check_preds(struct filter_par
+@@ -1399,19 +1399,24 @@ static int check_preds(struct filter_par
  {
  	int n_normal_preds = 0, n_logical_preds = 0;
  	struct postfix_elt *elt;
@@ -90,13 +93,11 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  			continue;
 +		}
  
++		cnt--;
  		if (elt->op == OP_AND || elt->op == OP_OR) {
  			n_logical_preds++;
-+			cnt--;
  			continue;
  		}
-+		if (elt->op != OP_NOT)
-+			cnt--;
  		n_normal_preds++;
 +		WARN_ON_ONCE(cnt < 0);
  	}
-- 
2.47.3