--- /dev/null
+From be896bd3b72b44126c55768f14c22a8729b0992e Mon Sep 17 00:00:00 2001
+From: Phoenix Huang <phoenix@emc.com.tw>
+Date: Sun, 7 Nov 2021 22:00:03 -0800
+Subject: Input: elantench - fix misreporting trackpoint coordinates
+
+From: Phoenix Huang <phoenix@emc.com.tw>
+
+commit be896bd3b72b44126c55768f14c22a8729b0992e upstream.
+
+Some firmwares occasionally report bogus data from trackpoint, with X or Y
+displacement being too large (outside of [-127, 127] range). Let's drop such
+packets so that we do not generate jumps.
+
+Signed-off-by: Phoenix Huang <phoenix@emc.com.tw>
+Tested-by: Yufei Du <yufeidu@cs.unc.edu>
+Link: https://lore.kernel.org/r/20210729010940.5752-1-phoenix@emc.com.tw
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/mouse/elantech.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/drivers/input/mouse/elantech.c
++++ b/drivers/input/mouse/elantech.c
+@@ -517,6 +517,19 @@ static void elantech_report_trackpoint(s
+ case 0x16008020U:
+ case 0x26800010U:
+ case 0x36808000U:
++
++ /*
++ * This firmware misreport coordinates for trackpoint
++ * occasionally. Discard packets outside of [-127, 127] range
++ * to prevent cursor jumps.
++ */
++ if (packet[4] == 0x80 || packet[5] == 0x80 ||
++ packet[1] >> 7 == packet[4] >> 7 ||
++ packet[2] >> 7 == packet[5] >> 7) {
++ elantech_debug("discarding packet [%6ph]\n", packet);
++ break;
++
++ }
+ x = packet[4] - (int)((packet[1]^0x80) << 1);
+ y = (int)((packet[2]^0x80) << 1) - packet[5];
+
--- /dev/null
+From 16e28abb7290c4ca3b3a0f333ba067f34bb18c86 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 3 Nov 2021 08:00:19 +0100
+Subject: Input: i8042 - Add quirk for Fujitsu Lifebook T725
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 16e28abb7290c4ca3b3a0f333ba067f34bb18c86 upstream.
+
+Fujitsu Lifebook T725 laptop requires, like a few other similar
+models, the nomux and notimeout options to probe the touchpad
+properly. This patch adds the corresponding quirk entries.
+
+BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1191980
+Tested-by: Neal Gompa <ngompa13@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Link: https://lore.kernel.org/r/20211103070019.13374-1-tiwai@suse.de
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/serio/i8042-x86ia64io.h | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/drivers/input/serio/i8042-x86ia64io.h
++++ b/drivers/input/serio/i8042-x86ia64io.h
+@@ -273,6 +273,13 @@ static const struct dmi_system_id __init
+ },
+ },
+ {
++ /* Fujitsu Lifebook T725 laptop */
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
++ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK T725"),
++ },
++ },
++ {
+ /* Fujitsu Lifebook U745 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+@@ -841,6 +848,13 @@ static const struct dmi_system_id __init
+ },
+ },
+ {
++ /* Fujitsu Lifebook T725 laptop */
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
++ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK T725"),
++ },
++ },
++ {
+ /* Fujitsu U574 laptop */
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=69731 */
+ .matches = {
--- /dev/null
+From 744d0090a5f6dfa4c81b53402ccdf08313100429 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 9 Nov 2021 22:58:01 -0800
+Subject: Input: iforce - fix control-message timeout
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 744d0090a5f6dfa4c81b53402ccdf08313100429 upstream.
+
+USB control-message timeouts are specified in milliseconds and should
+specifically not vary with CONFIG_HZ.
+
+Fixes: 487358627825 ("Input: iforce - use DMA-safe buffer when getting IDs from USB")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Cc: stable@vger.kernel.org # 5.3
+Link: https://lore.kernel.org/r/20211025115501.5190-1-johan@kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/joystick/iforce/iforce-usb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/input/joystick/iforce/iforce-usb.c
++++ b/drivers/input/joystick/iforce/iforce-usb.c
+@@ -92,7 +92,7 @@ static int iforce_usb_get_id(struct ifor
+ id,
+ USB_TYPE_VENDOR | USB_DIR_IN |
+ USB_RECIP_INTERFACE,
+- 0, 0, buf, IFORCE_MAX_LENGTH, HZ);
++ 0, 0, buf, IFORCE_MAX_LENGTH, 1000);
+ if (status < 0) {
+ dev_err(&iforce_usb->intf->dev,
+ "usb_submit_urb failed: %d\n", status);
--- /dev/null
+From 68dbbe7d5b4fde736d104cbbc9a2fce875562012 Mon Sep 17 00:00:00 2001
+From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+Date: Thu, 4 Nov 2021 17:31:58 +0900
+Subject: libata: fix read log timeout value
+
+From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+
+commit 68dbbe7d5b4fde736d104cbbc9a2fce875562012 upstream.
+
+Some ATA drives are very slow to respond to READ_LOG_EXT and
+READ_LOG_DMA_EXT commands issued from ata_dev_configure() when the
+device is revalidated right after resuming a system or inserting the
+ATA adapter driver (e.g. ahci). The default 5s timeout
+(ATA_EH_CMD_DFL_TIMEOUT) used for these commands is too short, causing
+errors during the device configuration. Ex:
+
+...
+ata9: SATA max UDMA/133 abar m524288@0x9d200000 port 0x9d200400 irq 209
+ata9: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
+ata9.00: ATA-9: XXX XXXXXXXXXXXXXXX, XXXXXXXX, max UDMA/133
+ata9.00: qc timeout (cmd 0x2f)
+ata9.00: Read log page 0x00 failed, Emask 0x4
+ata9.00: Read log page 0x00 failed, Emask 0x40
+ata9.00: NCQ Send/Recv Log not supported
+ata9.00: Read log page 0x08 failed, Emask 0x40
+ata9.00: 27344764928 sectors, multi 16: LBA48 NCQ (depth 32), AA
+ata9.00: Read log page 0x00 failed, Emask 0x40
+ata9.00: ATA Identify Device Log not supported
+ata9.00: failed to set xfermode (err_mask=0x40)
+ata9: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
+ata9.00: configured for UDMA/133
+...
+
+The timeout error causes a soft reset of the drive link, followed in
+most cases by a successful revalidation as that give enough time to the
+drive to become fully ready to quickly process the read log commands.
+However, in some cases, this also fails resulting in the device being
+dropped.
+
+Fix this by using adding the ata_eh_revalidate_timeouts entries for the
+READ_LOG_EXT and READ_LOG_DMA_EXT commands. This defines a timeout
+increased to 15s, retriable one time.
+
+Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Cc: stable@vger.kernel.org
+Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ata/libata-eh.c | 8 ++++++++
+ include/linux/libata.h | 2 +-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/drivers/ata/libata-eh.c
++++ b/drivers/ata/libata-eh.c
+@@ -97,6 +97,12 @@ static const unsigned long ata_eh_identi
+ ULONG_MAX,
+ };
+
++static const unsigned long ata_eh_revalidate_timeouts[] = {
++ 15000, /* Some drives are slow to read log pages when waking-up */
++ 15000, /* combined time till here is enough even for media access */
++ ULONG_MAX,
++};
++
+ static const unsigned long ata_eh_flush_timeouts[] = {
+ 15000, /* be generous with flush */
+ 15000, /* ditto */
+@@ -133,6 +139,8 @@ static const struct ata_eh_cmd_timeout_e
+ ata_eh_cmd_timeout_table[ATA_EH_CMD_TIMEOUT_TABLE_SIZE] = {
+ { .commands = CMDS(ATA_CMD_ID_ATA, ATA_CMD_ID_ATAPI),
+ .timeouts = ata_eh_identify_timeouts, },
++ { .commands = CMDS(ATA_CMD_READ_LOG_EXT, ATA_CMD_READ_LOG_DMA_EXT),
++ .timeouts = ata_eh_revalidate_timeouts, },
+ { .commands = CMDS(ATA_CMD_READ_NATIVE_MAX, ATA_CMD_READ_NATIVE_MAX_EXT),
+ .timeouts = ata_eh_other_timeouts, },
+ { .commands = CMDS(ATA_CMD_SET_MAX, ATA_CMD_SET_MAX_EXT),
+--- a/include/linux/libata.h
++++ b/include/linux/libata.h
+@@ -391,7 +391,7 @@ enum {
+ /* This should match the actual table size of
+ * ata_eh_cmd_timeout_table in libata-eh.c.
+ */
+- ATA_EH_CMD_TIMEOUT_TABLE_SIZE = 6,
++ ATA_EH_CMD_TIMEOUT_TABLE_SIZE = 7,
+
+ /* Horkage types. May be set by libata or controller on drives
+ (some horkage may be drive/controller pair dependent */
--- /dev/null
+From 839b63860eb3835da165642923120d305925561d Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Fri, 5 Nov 2021 13:34:55 -0700
+Subject: ocfs2: fix data corruption on truncate
+
+From: Jan Kara <jack@suse.cz>
+
+commit 839b63860eb3835da165642923120d305925561d upstream.
+
+Patch series "ocfs2: Truncate data corruption fix".
+
+As further testing has shown, commit 5314454ea3f ("ocfs2: fix data
+corruption after conversion from inline format") didn't fix all the data
+corruption issues the customer started observing after 6dbf7bb55598
+("fs: Don't invalidate page buffers in block_write_full_page()") This
+time I have tracked them down to two bugs in ocfs2 truncation code.
+
+One bug (truncating page cache before clearing tail cluster and setting
+i_size) could cause data corruption even before 6dbf7bb55598, but before
+that commit it needed a race with page fault, after 6dbf7bb55598 it
+started to be pretty deterministic.
+
+Another bug (zeroing pages beyond old i_size) used to be harmless
+inefficiency before commit 6dbf7bb55598. But after commit 6dbf7bb55598
+in combination with the first bug it resulted in deterministic data
+corruption.
+
+Although fixing only the first problem is needed to stop data
+corruption, I've fixed both issues to make the code more robust.
+
+This patch (of 2):
+
+ocfs2_truncate_file() did unmap invalidate page cache pages before
+zeroing partial tail cluster and setting i_size. Thus some pages could
+be left (and likely have left if the cluster zeroing happened) in the
+page cache beyond i_size after truncate finished letting user possibly
+see stale data once the file was extended again. Also the tail cluster
+zeroing was not guaranteed to finish before truncate finished causing
+possible stale data exposure. The problem started to be particularly
+easy to hit after commit 6dbf7bb55598 "fs: Don't invalidate page buffers
+in block_write_full_page()" stopped invalidation of pages beyond i_size
+from page writeback path.
+
+Fix these problems by unmapping and invalidating pages in the page cache
+after the i_size is reduced and tail cluster is zeroed out.
+
+Link: https://lkml.kernel.org/r/20211025150008.29002-1-jack@suse.cz
+Link: https://lkml.kernel.org/r/20211025151332.11301-1-jack@suse.cz
+Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem")
+Signed-off-by: Jan Kara <jack@suse.cz>
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ocfs2/file.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/ocfs2/file.c
++++ b/fs/ocfs2/file.c
+@@ -478,10 +478,11 @@ int ocfs2_truncate_file(struct inode *in
+ * greater than page size, so we have to truncate them
+ * anyway.
+ */
+- unmap_mapping_range(inode->i_mapping, new_i_size + PAGE_SIZE - 1, 0, 1);
+- truncate_inode_pages(inode->i_mapping, new_i_size);
+
+ if (OCFS2_I(inode)->ip_dyn_features & OCFS2_INLINE_DATA_FL) {
++ unmap_mapping_range(inode->i_mapping,
++ new_i_size + PAGE_SIZE - 1, 0, 1);
++ truncate_inode_pages(inode->i_mapping, new_i_size);
+ status = ocfs2_truncate_inline(inode, di_bh, new_i_size,
+ i_size_read(inode), 1);
+ if (status)
+@@ -500,6 +501,9 @@ int ocfs2_truncate_file(struct inode *in
+ goto bail_unlock_sem;
+ }
+
++ unmap_mapping_range(inode->i_mapping, new_i_size + PAGE_SIZE - 1, 0, 1);
++ truncate_inode_pages(inode->i_mapping, new_i_size);
++
+ status = ocfs2_commit_truncate(osb, inode, di_bh);
+ if (status < 0) {
+ mlog_errno(status);
--- /dev/null
+From 3ef68d4f0c9e7cb589ae8b70f07d77f528105331 Mon Sep 17 00:00:00 2001
+From: Arun Easi <aeasi@marvell.com>
+Date: Wed, 8 Sep 2021 09:46:18 -0700
+Subject: scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
+
+From: Arun Easi <aeasi@marvell.com>
+
+commit 3ef68d4f0c9e7cb589ae8b70f07d77f528105331 upstream.
+
+Kernel crashes when accessing port_speed sysfs file. The issue happens on
+a CNA when the local array was accessed beyond bounds. Fix this by changing
+the lookup.
+
+BUG: unable to handle kernel paging request at 0000000000004000
+PGD 0 P4D 0
+Oops: 0000 [#1] SMP PTI
+CPU: 15 PID: 455213 Comm: sosreport Kdump: loaded Not tainted
+4.18.0-305.7.1.el8_4.x86_64 #1
+RIP: 0010:string_nocheck+0x12/0x70
+Code: 00 00 4c 89 e2 be 20 00 00 00 48 89 ef e8 86 9a 00 00 4c 01
+e3 eb 81 90 49 89 f2 48 89 ce 48 89 f8 48 c1 fe 30 66 85 f6 74 4f <44> 0f b6 0a
+45 84 c9 74 46 83 ee 01 41 b8 01 00 00 00 48 8d 7c 37
+RSP: 0018:ffffb5141c1afcf0 EFLAGS: 00010286
+RAX: ffff8bf4009f8000 RBX: ffff8bf4009f9000 RCX: ffff0a00ffffff04
+RDX: 0000000000004000 RSI: ffffffffffffffff RDI: ffff8bf4009f8000
+RBP: 0000000000004000 R08: 0000000000000001 R09: ffffb5141c1afb84
+R10: ffff8bf4009f9000 R11: ffffb5141c1afce6 R12: ffff0a00ffffff04
+R13: ffffffffc08e21aa R14: 0000000000001000 R15: ffffffffc08e21aa
+FS: 00007fc4ebfff700(0000) GS:ffff8c717f7c0000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000000004000 CR3: 000000edfdee6006 CR4: 00000000001706e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ string+0x40/0x50
+ vsnprintf+0x33c/0x520
+ scnprintf+0x4d/0x90
+ qla2x00_port_speed_show+0xb5/0x100 [qla2xxx]
+ dev_attr_show+0x1c/0x40
+ sysfs_kf_seq_show+0x9b/0x100
+ seq_read+0x153/0x410
+ vfs_read+0x91/0x140
+ ksys_read+0x4f/0xb0
+ do_syscall_64+0x5b/0x1a0
+ entry_SYSCALL_64_after_hwframe+0x65/0xca
+
+Link: https://lore.kernel.org/r/20210908164622.19240-7-njavali@marvell.com
+Fixes: 4910b524ac9e ("scsi: qla2xxx: Add support for setting port speed")
+Cc: stable@vger.kernel.org
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Arun Easi <aeasi@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_attr.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_attr.c
++++ b/drivers/scsi/qla2xxx/qla_attr.c
+@@ -1759,6 +1759,18 @@ qla2x00_port_speed_store(struct device *
+ return strlen(buf);
+ }
+
++static const struct {
++ u16 rate;
++ char *str;
++} port_speed_str[] = {
++ { PORT_SPEED_4GB, "4" },
++ { PORT_SPEED_8GB, "8" },
++ { PORT_SPEED_16GB, "16" },
++ { PORT_SPEED_32GB, "32" },
++ { PORT_SPEED_64GB, "64" },
++ { PORT_SPEED_10GB, "10" },
++};
++
+ static ssize_t
+ qla2x00_port_speed_show(struct device *dev, struct device_attribute *attr,
+ char *buf)
+@@ -1766,7 +1778,8 @@ qla2x00_port_speed_show(struct device *d
+ struct scsi_qla_host *vha = shost_priv(dev_to_shost(dev));
+ struct qla_hw_data *ha = vha->hw;
+ ssize_t rval;
+- char *spd[7] = {"0", "0", "0", "4", "8", "16", "32"};
++ u16 i;
++ char *speed = "Unknown";
+
+ rval = qla2x00_get_data_rate(vha);
+ if (rval != QLA_SUCCESS) {
+@@ -1775,7 +1788,14 @@ qla2x00_port_speed_show(struct device *d
+ return -EINVAL;
+ }
+
+- return scnprintf(buf, PAGE_SIZE, "%s\n", spd[ha->link_data_rate]);
++ for (i = 0; i < ARRAY_SIZE(port_speed_str); i++) {
++ if (port_speed_str[i].rate != ha->link_data_rate)
++ continue;
++ speed = port_speed_str[i].str;
++ break;
++ }
++
++ return scnprintf(buf, PAGE_SIZE, "%s\n", speed);
+ }
+
+ /* ----- */
--- /dev/null
+From 3d33b303d4f3b74a71bede5639ebba3cfd2a2b4d Mon Sep 17 00:00:00 2001
+From: Quinn Tran <qutran@marvell.com>
+Date: Wed, 8 Sep 2021 09:46:21 -0700
+Subject: scsi: qla2xxx: Fix use after free in eh_abort path
+
+From: Quinn Tran <qutran@marvell.com>
+
+commit 3d33b303d4f3b74a71bede5639ebba3cfd2a2b4d upstream.
+
+In eh_abort path driver prematurely exits the call to upper layer. Check
+whether command is aborted / completed by firmware before exiting the call.
+
+9 [ffff8b1ebf803c00] page_fault at ffffffffb0389778
+ [exception RIP: qla2x00_status_entry+0x48d]
+ RIP: ffffffffc04fa62d RSP: ffff8b1ebf803cb0 RFLAGS: 00010082
+ RAX: 00000000ffffffff RBX: 00000000000e0000 RCX: 0000000000000000
+ RDX: 0000000000000000 RSI: 00000000000013d8 RDI: fffff3253db78440
+ RBP: ffff8b1ebf803dd0 R8: ffff8b1ebcd9b0c0 R9: 0000000000000000
+ R10: ffff8b1e38a30808 R11: 0000000000001000 R12: 00000000000003e9
+ R13: 0000000000000000 R14: ffff8b1ebcd9d740 R15: 0000000000000028
+ ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
+10 [ffff8b1ebf803cb0] enqueue_entity at ffffffffafce708f
+11 [ffff8b1ebf803d00] enqueue_task_fair at ffffffffafce7b88
+12 [ffff8b1ebf803dd8] qla24xx_process_response_queue at ffffffffc04fc9a6
+[qla2xxx]
+13 [ffff8b1ebf803e78] qla24xx_msix_rsp_q at ffffffffc04ff01b [qla2xxx]
+14 [ffff8b1ebf803eb0] __handle_irq_event_percpu at ffffffffafd50714
+
+Link: https://lore.kernel.org/r/20210908164622.19240-10-njavali@marvell.com
+Fixes: f45bca8c5052 ("scsi: qla2xxx: Fix double scsi_done for abort path")
+Cc: stable@vger.kernel.org
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Co-developed-by: David Jeffery <djeffery@redhat.com>
+Signed-off-by: David Jeffery <djeffery@redhat.com>
+Co-developed-by: Laurence Oberman <loberman@redhat.com>
+Signed-off-by: Laurence Oberman <loberman@redhat.com>
+Signed-off-by: Quinn Tran <qutran@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_os.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -1229,6 +1229,7 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd)
+ uint32_t ratov_j;
+ struct qla_qpair *qpair;
+ unsigned long flags;
++ int fast_fail_status = SUCCESS;
+
+ if (qla2x00_isp_reg_stat(ha)) {
+ ql_log(ql_log_info, vha, 0x8042,
+@@ -1236,15 +1237,16 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd)
+ return FAILED;
+ }
+
++ /* Save any FAST_IO_FAIL value to return later if abort succeeds */
+ ret = fc_block_scsi_eh(cmd);
+ if (ret != 0)
+- return ret;
++ fast_fail_status = ret;
+
+ sp = scsi_cmd_priv(cmd);
+ qpair = sp->qpair;
+
+ if ((sp->fcport && sp->fcport->deleted) || !qpair)
+- return SUCCESS;
++ return fast_fail_status != SUCCESS ? fast_fail_status : FAILED;
+
+ spin_lock_irqsave(qpair->qp_lock_ptr, flags);
+ if (sp->completed) {
+@@ -1290,7 +1292,7 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd)
+ __func__, ha->r_a_tov/10);
+ ret = FAILED;
+ } else {
+- ret = SUCCESS;
++ ret = fast_fail_status;
+ }
+ break;
+ default:
binder-use-euid-from-cred-instead-of-using-task.patch
binder-use-cred-instead-of-task-for-selinux-checks.patch
binder-use-cred-instead-of-task-for-getsecid.patch
+input-iforce-fix-control-message-timeout.patch
+input-elantench-fix-misreporting-trackpoint-coordinates.patch
+input-i8042-add-quirk-for-fujitsu-lifebook-t725.patch
+libata-fix-read-log-timeout-value.patch
+ocfs2-fix-data-corruption-on-truncate.patch
+scsi-qla2xxx-fix-kernel-crash-when-accessing-port_speed-sysfs-file.patch
+scsi-qla2xxx-fix-use-after-free-in-eh_abort-path.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
