From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 11 Mar 2015 14:31:08 +0000 (+0100)
Subject: 3.10-stable patches
X-Git-Tag: v3.10.72~43
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=655087897525e1e291c589840ba08961bf043160;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	pm-qos-remove-duplicate-call-to-pm_qos_update_target.patch
	target-check-for-lba-sectors-wrap-around-in-sbc_parse_cdb.patch
---

diff --git a/queue-3.10/mm-hugetlb-add-migration-hwpoisoned-entry-check-in-hugetlb_change_protection.patch b/queue-3.10/mm-hugetlb-add-migration-hwpoisoned-entry-check-in-hugetlb_change_protection.patch
deleted file mode 100644
index 5c76a4ef3bc..00000000000
--- a/queue-3.10/mm-hugetlb-add-migration-hwpoisoned-entry-check-in-hugetlb_change_protection.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From a8bda28d87c38c6aa93de28ba5d30cc18e865a11 Mon Sep 17 00:00:00 2001
-From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
-Date: Wed, 11 Feb 2015 15:25:28 -0800
-Subject: mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection
-
-From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
-
-commit a8bda28d87c38c6aa93de28ba5d30cc18e865a11 upstream.
-
-There is a race condition between hugepage migration and
-change_protection(), where hugetlb_change_protection() doesn't care about
-migration entries and wrongly overwrites them.  That causes unexpected
-results like kernel crash.  HWPoison entries also can cause the same
-problem.
-
-This patch adds is_hugetlb_entry_(migration|hwpoisoned) check in this
-function to do proper actions.
-
-Fixes: 290408d4a2 ("hugetlb: hugepage migration core")
-Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
-Cc: Hugh Dickins <hughd@google.com>
-Cc: James Hogan <james.hogan@imgtec.com>
-Cc: David Rientjes <rientjes@google.com>
-Cc: Mel Gorman <mel@csn.ul.ie>
-Cc: Johannes Weiner <hannes@cmpxchg.org>
-Cc: Michal Hocko <mhocko@suse.cz>
-Cc: Rik van Riel <riel@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: Luiz Capitulino <lcapitulino@redhat.com>
-Cc: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
-Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
-Cc: Steve Capper <steve.capper@linaro.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- mm/hugetlb.c |   21 ++++++++++++++++++++-
- 1 file changed, 20 insertions(+), 1 deletion(-)
-
---- a/mm/hugetlb.c
-+++ b/mm/hugetlb.c
-@@ -3116,7 +3116,26 @@ unsigned long hugetlb_change_protection(
- 			pages++;
- 			continue;
- 		}
--		if (!huge_pte_none(huge_ptep_get(ptep))) {
-+		pte = huge_ptep_get(ptep);
-+		if (unlikely(is_hugetlb_entry_hwpoisoned(pte))) {
-+			spin_unlock(ptl);
-+			continue;
-+		}
-+		if (unlikely(is_hugetlb_entry_migration(pte))) {
-+			swp_entry_t entry = pte_to_swp_entry(pte);
-+
-+			if (is_write_migration_entry(entry)) {
-+				pte_t newpte;
-+
-+				make_migration_entry_read(&entry);
-+				newpte = swp_entry_to_pte(entry);
-+				set_huge_pte_at(mm, address, ptep, newpte);
-+				pages++;
-+			}
-+			spin_unlock(ptl);
-+			continue;
-+		}
-+		if (!huge_pte_none(pte)) {
- 			pte = huge_ptep_get_and_clear(mm, address, ptep);
- 			pte = pte_mkhuge(huge_pte_modify(pte, newprot));
- 			pte = arch_make_huge_pte(pte, vma, NULL, 0);
diff --git a/queue-3.10/pm-qos-remove-duplicate-call-to-pm_qos_update_target.patch b/queue-3.10/pm-qos-remove-duplicate-call-to-pm_qos_update_target.patch
new file mode 100644
index 00000000000..cf2656fd069
--- /dev/null
+++ b/queue-3.10/pm-qos-remove-duplicate-call-to-pm_qos_update_target.patch
@@ -0,0 +1,44 @@
+From michael.scott@linaro.org  Wed Mar 11 15:07:47 2015
+From: Michael Scott <michael.scott@linaro.org>
+Date: Tue, 10 Mar 2015 13:15:02 -0700
+Subject: PM / QoS: remove duplicate call to pm_qos_update_target
+To: pavel@ucw.cz, rjw@sisk.pl, gregkh@linuxfoundation.org
+Cc: linux-kernel@vger.kernel.org, linux-stable@vger.kernel.org, linux-pm@vger.kernel.org, Michael Scott <michael.scott@linaro.org>
+Message-ID: <1426018502-16010-1-git-send-email-michael.scott@linaro.org>
+
+From: Michael Scott <michael.scott@linaro.org>
+
+In 3.10.y backport patch 1dba303727f52ea062580b0a9b3f0c3b462769cf,
+the logic to call pm_qos_update_target was moved to __pm_qos_update_request.
+However, the original code was left in function pm_qos_update_request.
+
+Currently, if pm_qos_update_request is called where new_value !=
+req->node.prio then pm_qos_update_target will be called twice in a row.
+Once in pm_qos_update_request and then again in the following call to
+_pm_qos_update_request.
+
+Removing the left over code from pm_qos_update_request stops this second
+call to pm_qos_update_target where the work of removing / re-adding the
+new_value in the constraints list would be duplicated.
+
+Signed-off-by: Michael Scott <michael.scott@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/power/qos.c |    6 ------
+ 1 file changed, 6 deletions(-)
+
+--- a/kernel/power/qos.c
++++ b/kernel/power/qos.c
+@@ -369,12 +369,6 @@ void pm_qos_update_request(struct pm_qos
+ 	}
+ 
+ 	cancel_delayed_work_sync(&req->work);
+-
+-	if (new_value != req->node.prio)
+-		pm_qos_update_target(
+-			pm_qos_array[req->pm_qos_class]->constraints,
+-			&req->node, PM_QOS_UPDATE_REQ, new_value);
+-
+ 	__pm_qos_update_request(req, new_value);
+ }
+ EXPORT_SYMBOL_GPL(pm_qos_update_request);
diff --git a/queue-3.10/series b/queue-3.10/series
index ec2ae31e5f1..a2a9e7c3680 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -13,9 +13,10 @@ macvtap-make-sure-neighbour-code-can-push-ethernet-header.patch
 usb-plusb-add-support-for-national-instruments-host-to-host-cable.patch
 udp-only-allow-ufo-for-packets-from-sock_dgram-sockets.patch
 team-don-t-traverse-port-list-using-rcu-in-team_set_mac_address.patch
-mm-hugetlb-add-migration-hwpoisoned-entry-check-in-hugetlb_change_protection.patch
 mm-hugetlb-add-migration-entry-check-in-__unmap_hugepage_range.patch
 mm-mmap.c-fix-arithmetic-overflow-in-__vm_enough_memory.patch
 mm-nommu.c-fix-arithmetic-overflow-in-__vm_enough_memory.patch
 mm-compaction-fix-wrong-order-check-in-compact_finished.patch
 mm-memory.c-actually-remap-enough-memory.patch
+target-check-for-lba-sectors-wrap-around-in-sbc_parse_cdb.patch
+pm-qos-remove-duplicate-call-to-pm_qos_update_target.patch
diff --git a/queue-3.10/target-check-for-lba-sectors-wrap-around-in-sbc_parse_cdb.patch b/queue-3.10/target-check-for-lba-sectors-wrap-around-in-sbc_parse_cdb.patch
new file mode 100644
index 00000000000..398a5c98b2f
--- /dev/null
+++ b/queue-3.10/target-check-for-lba-sectors-wrap-around-in-sbc_parse_cdb.patch
@@ -0,0 +1,34 @@
+From aa179935edea9a64dec4b757090c8106a3907ffa Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Fri, 13 Feb 2015 22:27:40 +0000
+Subject: target: Check for LBA + sectors wrap-around in sbc_parse_cdb
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit aa179935edea9a64dec4b757090c8106a3907ffa upstream.
+
+This patch adds a check to sbc_parse_cdb() in order to detect when
+an LBA + sector vs. end-of-device calculation wraps when the LBA is
+sufficently large enough (eg: 0xFFFFFFFFFFFFFFFF).
+
+Cc: Martin Petersen <martin.petersen@oracle.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_sbc.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/target/target_core_sbc.c
++++ b/drivers/target/target_core_sbc.c
+@@ -562,7 +562,8 @@ sbc_parse_cdb(struct se_cmd *cmd, struct
+ 		unsigned long long end_lba;
+ 
+ 		end_lba = dev->transport->get_blocks(dev) + 1;
+-		if (cmd->t_task_lba + sectors > end_lba) {
++		if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
++		    ((cmd->t_task_lba + sectors) > end_lba)) {
+ 			pr_err("cmd exceeds last lba %llu "
+ 				"(lba %llu, sectors %u)\n",
+ 				end_lba, cmd->t_task_lba, sectors);