Home Home > GIT Browse > SLE12-SP4-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlaf Hering <ohering@suse.de>2019-04-10 10:59:44 +0200
committerOlaf Hering <ohering@suse.de>2019-04-10 10:59:44 +0200
commitb107b591d7dd506519959d2b52fba64c730ee81d (patch)
tree9da742934f30b1826616336b5d221ef8e6cad8a1
parent52d4ec463b9ef14a7d857e5b94ee96b31943a566 (diff)
parent951704ac7b3f373a774cbc6d1fce14d1e53320d2 (diff)
Merge remote-tracking branch 'kerncvs/SLE12-SP4' into SLE12-SP4-AZURESLE12-SP4-AZURE
-rw-r--r--blacklist.conf1
-rw-r--r--patches.arch/powerpc-hugetlb-Handle-mmap_min_addr-correctly-in-ge.patch71
-rw-r--r--patches.arch/powerpc-mm-Check-secondary-hash-page-table.patch38
-rw-r--r--patches.arch/powerpc-mm-hash-Handle-mmap_min_addr-correctly-in-ge.patch75
-rw-r--r--patches.drivers/Disable-kgdboc-failed-by-echo-space-to-sys-module-kg.patch48
-rw-r--r--patches.fixes/0001-crypto-caam-add-missing-put_device-call.patch247
-rw-r--r--patches.fixes/0001-cxgb4-Mask-out-interrupts-that-are-not-enabled.patch47
-rw-r--r--patches.fixes/0001-cxgb4-add-per-rx-queue-counter-for-packet-errors.patch62
-rw-r--r--patches.fixes/0001-mm-debug.c-fix-__dump_page-when-mapping-host-is-not-.patch59
-rw-r--r--patches.fixes/0001-mm-page_isolation.c-fix-a-wrong-flag-in-set_migratet.patch43
-rw-r--r--patches.fixes/It-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape.patch31
-rw-r--r--patches.fixes/NFS-Don-t-recoalesce-on-error-in-nfs_pageio_complete.patch31
-rw-r--r--patches.fixes/NFS-Don-t-use-page_file_mapping-after-removing-the-p.patch63
-rw-r--r--patches.fixes/NFS-Fix-I-O-request-leakages.patch87
-rw-r--r--patches.fixes/NFS-Fix-a-soft-lockup-in-the-delegation-recovery-cod.patch75
-rw-r--r--patches.fixes/NFS-Fix-a-typo-in-nfs_init_timeout_values.patch30
-rw-r--r--patches.fixes/NFS-Fix-an-I-O-request-leakage-in-nfs_do_recoalesce.patch29
-rw-r--r--patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch46
-rw-r--r--patches.fixes/NFS-pnfs-Bulk-destroy-of-layouts-needs-to-be-safe-w..patch87
-rw-r--r--patches.fixes/NFSv4-flexfiles-Fix-invalid-deref-in-FF_LAYOUT_DEVID.patch67
-rw-r--r--patches.fixes/NFSv4.1-Reinitialise-sequence-results-before-retrans.patch55
-rw-r--r--patches.fixes/NFSv4.1-don-t-free-interrupted-slot-on-open.patch32
-rw-r--r--patches.fixes/block-remove-bio_rewind_iter.patch154
-rw-r--r--patches.fixes/bsg-Do-not-copy-sense-if-no-response-buffer-is-alloc.patch40
-rw-r--r--patches.fixes/dm-disable-DISCARD-if-the-underlying-storage-no-long.patch127
-rw-r--r--patches.fixes/fs-nfs-Fix-nfs_parse_devname-to-not-modify-it-s-argu.patch32
-rw-r--r--patches.fixes/md-Fix-failed-allocation-of-md_register_thread.patch46
-rw-r--r--patches.fixes/md-raid1-don-t-clear-bitmap-bits-on-interrupted-reco.patch83
-rw-r--r--patches.fixes/md-raid5-fix-out-of-memory-during-raid-cache-recover.patch123
-rw-r--r--patches.fixes/nfsd4-catch-some-false-session-retries.patch111
-rw-r--r--patches.fixes/nfsd4-fix-cached-replies-to-solo-SEQUENCE-compounds.patch122
-rw-r--r--patches.fixes/nvme-add-proper-discard-setup-for-the-multipath-devi.patch51
-rw-r--r--patches.fixes/nvme-only-reconfigure-discard-if-necessary.patch98
-rw-r--r--patches.fixes/sunrpc-fix-4-more-call-sites-that-were-using-stack-m.patch166
-rw-r--r--patches.kabi/NFSv4.1-Fix-up-replays-of-interrupted-requests.patch6
-rw-r--r--patches.kabi/block-kABI-fixes-for-bio_rewind_iter-removal.patch214
-rw-r--r--patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch43
-rw-r--r--patches.suse/btrfs-fix-bound-checking-in-qgroup_trace_new_subtree_blocks.patch41
-rw-r--r--patches.suse/mpt3sas-check-sense-buffer-before-copying-sense-data.patch32
-rw-r--r--patches.suse/scsi-libsas-allocate-sense-buffer-for-bsg-queue.patch60
-rw-r--r--series.conf39
41 files changed, 2835 insertions, 77 deletions
diff --git a/blacklist.conf b/blacklist.conf
index ca1b9d5550..4cfe0400c5 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -1052,3 +1052,4 @@ dfa88658fb0583abb92e062c7a9cd5a5b94f2a46 # powerpc/fsl: Update Spectre v2 report
6d183ca8baec983dc4208ca45ece3c36763df912 # powerpc/wii: properly disable use of BATs when requested.
0bbea75c476b77fa7d7811d6be911cc7583e640f # powerpc/traps: fix recoverability of machine check handling on book3s/32
179ab1cbf883575c3a585bcfc0f2160f1d22a149 # powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - too invasive, we build this anyway
+a89e7bcb18081c611eb6cf50edd440fa4983a71a # too invasive, would break kABI in the prerequisites
diff --git a/patches.arch/powerpc-hugetlb-Handle-mmap_min_addr-correctly-in-ge.patch b/patches.arch/powerpc-hugetlb-Handle-mmap_min_addr-correctly-in-ge.patch
new file mode 100644
index 0000000000..4122925816
--- /dev/null
+++ b/patches.arch/powerpc-hugetlb-Handle-mmap_min_addr-correctly-in-ge.patch
@@ -0,0 +1,71 @@
+From 09091c0a7a5695384530c5526786dfbb1a522dc0 Mon Sep 17 00:00:00 2001
+From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
+Date: Tue, 26 Feb 2019 10:09:34 +0530
+Subject: [PATCH] powerpc/hugetlb: Handle mmap_min_addr correctly in
+ get_unmapped_area callback
+
+References: bsc#1131900
+Patch-mainline: v5.1-rc1
+Git-commit: 5330367fa300742a97e20e953b1f77f48392faae
+
+After we ALIGN up the address we need to make sure we didn't overflow
+and resulted in zero address. In that case, we need to make sure that
+the returned address is greater than mmap_min_addr.
+
+This fixes selftest va_128TBswitch --run-hugetlb reporting failures when
+run as non root user for
+
+mmap(-1, MAP_HUGETLB)
+
+The bug is that a non-root user requesting address -1 will be given address 0
+which will then fail, whereas they should have been given something else that
+would have succeeded.
+
+We also avoid the first mmap(-1, MAP_HUGETLB) returning NULL address as mmap address
+with this change. So we think this is not a security issue, because it only affects
+whether we choose an address below mmap_min_addr, not whether we
+actually allow that address to be mapped. ie. there are existing capability
+checks to prevent a user mapping below mmap_min_addr and those will still be
+honoured even without this fix.
+
+Fixes: 484837601d4d ("powerpc/mm: Add radix support for hugetlb")
+Reviewed-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
+Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/mm/hugetlbpage-radix.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/arch/powerpc/mm/hugetlbpage-radix.c b/arch/powerpc/mm/hugetlbpage-radix.c
+index b54b581a2f7d..6038d71e4164 100644
+--- a/arch/powerpc/mm/hugetlbpage-radix.c
++++ b/arch/powerpc/mm/hugetlbpage-radix.c
+@@ -1,5 +1,6 @@
+ #include <linux/mm.h>
+ #include <linux/hugetlb.h>
++#include <linux/security.h>
+ #include <asm/pgtable.h>
+ #include <asm/pgalloc.h>
+ #include <asm/cacheflush.h>
+@@ -72,7 +73,7 @@ radix__hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+ if (addr) {
+ addr = ALIGN(addr, huge_page_size(h));
+ vma = find_vma(mm, addr);
+- if (high_limit - len >= addr &&
++ if (high_limit - len >= addr && addr >= mmap_min_addr &&
+ (!vma || addr + len <= vm_start_gap(vma)))
+ return addr;
+ }
+@@ -82,7 +83,7 @@ radix__hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+ */
+ info.flags = VM_UNMAPPED_AREA_TOPDOWN;
+ info.length = len;
+- info.low_limit = PAGE_SIZE;
++ info.low_limit = max(PAGE_SIZE, mmap_min_addr);
+ info.high_limit = mm->mmap_base + (high_limit - DEFAULT_MAP_WINDOW);
+ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
+ info.align_offset = 0;
+--
+2.20.1
+
diff --git a/patches.arch/powerpc-mm-Check-secondary-hash-page-table.patch b/patches.arch/powerpc-mm-Check-secondary-hash-page-table.patch
new file mode 100644
index 0000000000..6c7cc764b8
--- /dev/null
+++ b/patches.arch/powerpc-mm-Check-secondary-hash-page-table.patch
@@ -0,0 +1,38 @@
+From 04951195cbcfd6c34f048f3846c4ee4c23292da6 Mon Sep 17 00:00:00 2001
+From: Rashmica Gupta <rashmica.g@gmail.com>
+Date: Wed, 13 Feb 2019 10:29:49 +1100
+Subject: [PATCH] powerpc/mm: Check secondary hash page table
+
+References: bsc#1065729
+Patch-mainline: v5.1-rc1
+Git-commit: 790845e2f12709d273d08ea7a2af7c2593689519
+
+We were always calling base_hpte_find() with primary = true,
+even when we wanted to check the secondary table.
+
+mpe: I broke this when refactoring Rashmica's original patch.
+
+Fixes: 1515ab932156 ("powerpc/mm: Dump hash table")
+Signed-off-by: Rashmica Gupta <rashmica.g@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/mm/dump_hashpagetable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/powerpc/mm/dump_hashpagetable.c b/arch/powerpc/mm/dump_hashpagetable.c
+index db739e2f8788..b82ff65a33da 100644
+--- a/arch/powerpc/mm/dump_hashpagetable.c
++++ b/arch/powerpc/mm/dump_hashpagetable.c
+@@ -343,7 +343,7 @@ static unsigned long hpte_find(struct pg_state *st, unsigned long ea, int psize)
+
+ /* Look in secondary table */
+ if (slot == -1)
+- slot = base_hpte_find(ea, psize, true, &v, &r);
++ slot = base_hpte_find(ea, psize, false, &v, &r);
+
+ /* No entry found */
+ if (slot == -1)
+--
+2.20.1
+
diff --git a/patches.arch/powerpc-mm-hash-Handle-mmap_min_addr-correctly-in-ge.patch b/patches.arch/powerpc-mm-hash-Handle-mmap_min_addr-correctly-in-ge.patch
new file mode 100644
index 0000000000..2b16871137
--- /dev/null
+++ b/patches.arch/powerpc-mm-hash-Handle-mmap_min_addr-correctly-in-ge.patch
@@ -0,0 +1,75 @@
+From 806ce5c2b829d502384113a1ed88588dff095013 Mon Sep 17 00:00:00 2001
+From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
+Date: Tue, 26 Feb 2019 10:09:35 +0530
+Subject: [PATCH] powerpc/mm/hash: Handle mmap_min_addr correctly in
+ get_unmapped_area topdown search
+
+References: bsc#1131900
+Patch-mainline: v5.1-rc1
+Git-commit: 3b4d07d2674f6b4a9281031f99d1f7efd325b16d
+
+When doing top-down search the low_limit is not PAGE_SIZE but rather
+max(PAGE_SIZE, mmap_min_addr). This handle cases in which mmap_min_addr >
+PAGE_SIZE.
+
+Fixes: fba2369e6ceb ("mm: use vm_unmapped_area() on powerpc architecture")
+Reviewed-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
+Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/mm/slice.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
+index 98b53d48968f..bb26d7535064 100644
+--- a/arch/powerpc/mm/slice.c
++++ b/arch/powerpc/mm/slice.c
+@@ -31,6 +31,7 @@
+ #include <linux/spinlock.h>
+ #include <linux/export.h>
+ #include <linux/hugetlb.h>
++#include <linux/security.h>
+ #include <asm/mman.h>
+ #include <asm/mmu.h>
+ #include <asm/copro.h>
+@@ -325,6 +326,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm,
+ int pshift = max_t(int, mmu_psize_defs[psize].shift, PAGE_SHIFT);
+ unsigned long addr, found, prev;
+ struct vm_unmapped_area_info info;
++ unsigned long min_addr = max(PAGE_SIZE, mmap_min_addr);
+
+ info.flags = VM_UNMAPPED_AREA_TOPDOWN;
+ info.length = len;
+@@ -341,7 +343,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm,
+ if (high_limit > DEFAULT_MAP_WINDOW)
+ addr += mm->context.slb_addr_limit - DEFAULT_MAP_WINDOW;
+
+- while (addr > PAGE_SIZE) {
++ while (addr > min_addr) {
+ info.high_limit = addr;
+ if (!slice_scan_available(addr - 1, available, 0, &addr))
+ continue;
+@@ -353,8 +355,8 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm,
+ * Check if we need to reduce the range, or if we can
+ * extend it to cover the previous available slice.
+ */
+- if (addr < PAGE_SIZE)
+- addr = PAGE_SIZE;
++ if (addr < min_addr)
++ addr = min_addr;
+ else if (slice_scan_available(addr - 1, available, 0, &prev)) {
+ addr = prev;
+ goto prev_slice;
+@@ -469,7 +471,7 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
+ addr = _ALIGN_UP(addr, page_size);
+ slice_dbg(" aligned addr=%lx\n", addr);
+ /* Ignore hint if it's too large or overlaps a VMA */
+- if (addr > high_limit - len ||
++ if (addr > high_limit - len || addr < mmap_min_addr ||
+ !slice_area_is_free(mm, addr, len))
+ addr = 0;
+ }
+--
+2.20.1
+
diff --git a/patches.drivers/Disable-kgdboc-failed-by-echo-space-to-sys-module-kg.patch b/patches.drivers/Disable-kgdboc-failed-by-echo-space-to-sys-module-kg.patch
new file mode 100644
index 0000000000..4881bf1d3e
--- /dev/null
+++ b/patches.drivers/Disable-kgdboc-failed-by-echo-space-to-sys-module-kg.patch
@@ -0,0 +1,48 @@
+From 3ec8002951ea173e24b466df1ea98c56b7920e63 Mon Sep 17 00:00:00 2001
+From: Wentao Wang <witallwang@gmail.com>
+Date: Wed, 20 Mar 2019 15:30:39 +0000
+Subject: [PATCH] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 3ec8002951ea173e24b466df1ea98c56b7920e63
+Patch-mainline: v5.1-rc3
+References: bsc#1051510
+
+Echo "" to /sys/module/kgdboc/parameters/kgdboc will fail with "No such
+device” error.
+
+This is caused by function "configure_kgdboc" who init err to ENODEV
+when the config is empty (legal input) the code go out with ENODEV
+returned.
+
+Fixes: 2dd453168643 ("kgdboc: Fix restrict error")
+Signed-off-by: Wentao Wang <witallwang@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/kgdboc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c
+index 6fb312e7af71..bfe5e9e034ec 100644
+--- a/drivers/tty/serial/kgdboc.c
++++ b/drivers/tty/serial/kgdboc.c
+@@ -148,8 +148,10 @@ static int configure_kgdboc(void)
+ char *cptr = config;
+ struct console *cons;
+
+- if (!strlen(config) || isspace(config[0]))
++ if (!strlen(config) || isspace(config[0])) {
++ err = 0;
+ goto noconfig;
++ }
+
+ kgdboc_io_ops.is_console = 0;
+ kgdb_tty_driver = NULL;
+--
+2.16.4
+
diff --git a/patches.fixes/0001-crypto-caam-add-missing-put_device-call.patch b/patches.fixes/0001-crypto-caam-add-missing-put_device-call.patch
new file mode 100644
index 0000000000..b735435176
--- /dev/null
+++ b/patches.fixes/0001-crypto-caam-add-missing-put_device-call.patch
@@ -0,0 +1,247 @@
+From 00e87449430dc130b43d84bdee71ef94524d9c39 Mon Sep 17 00:00:00 2001
+From: Wen Yang <yellowriver2010@hotmail.com>
+Date: Fri, 1 Mar 2019 19:19:25 +0200
+Subject: [PATCH] crypto: caam - add missing put_device() call
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: 00e87449430dc130b43d84bdee71ef94524d9c39
+Patch-mainline: v5.1-rc1
+References: bsc#1129770
+
+The of_find_device_by_node() takes a reference to the underlying device
+structure, we should release that reference.
+
+Fixes: 35af64038623 ("crypto: caam - Check for CAAM block presence before registering with crypto layer")
+Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms")
+Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Wen Yang <yellowriver2010@hotmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+---
+ drivers/crypto/caam/caamalg.c | 12 +++++++-----
+ drivers/crypto/caam/caamalg_qi.c | 8 ++++++--
+ drivers/crypto/caam/caamhash.c | 18 +++++++++++-------
+ drivers/crypto/caam/caampkc.c | 14 ++++++++++----
+ drivers/crypto/caam/caamrng.c | 22 ++++++++++++++--------
+ 5 files changed, 48 insertions(+), 26 deletions(-)
+
+--- a/drivers/crypto/caam/caamalg.c
++++ b/drivers/crypto/caam/caamalg.c
+@@ -3360,7 +3360,6 @@ static int __init caam_algapi_init(void)
+ {
+ struct device_node *dev_node;
+ struct platform_device *pdev;
+- struct device *ctrldev;
+ struct caam_drv_private *priv;
+ int i = 0, err = 0;
+ u32 cha_vid, cha_inst, des_inst, aes_inst, md_inst;
+@@ -3380,16 +3379,17 @@ static int __init caam_algapi_init(void)
+ return -ENODEV;
+ }
+
+- ctrldev = &pdev->dev;
+- priv = dev_get_drvdata(ctrldev);
++ priv = dev_get_drvdata(&pdev->dev);
+ of_node_put(dev_node);
+
+ /*
+ * If priv is NULL, it's probably because the caam driver wasn't
+ * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
+ */
+- if (!priv)
+- return -ENODEV;
++ if (!priv) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+
+ INIT_LIST_HEAD(&alg_list);
+@@ -3501,6 +3501,8 @@ static int __init caam_algapi_init(void)
+ if (registered)
+ pr_info("caam algorithms registered in /proc/crypto\n");
+
++out_put_dev:
++ put_device(&pdev->dev);
+ return err;
+ }
+
+--- a/drivers/crypto/caam/caamalg_qi.c
++++ b/drivers/crypto/caam/caamalg_qi.c
+@@ -2315,8 +2315,10 @@ static int __init caam_qi_algapi_init(vo
+ * If priv is NULL, it's probably because the caam driver wasn't
+ * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
+ */
+- if (!priv || !priv->qi_present)
+- return -ENODEV;
++ if (!priv || !priv->qi_present) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ INIT_LIST_HEAD(&alg_list);
+
+@@ -2419,6 +2421,8 @@ static int __init caam_qi_algapi_init(vo
+ if (registered)
+ dev_info(priv->qidev, "algorithms registered in /proc/crypto\n");
+
++out_put_dev:
++ put_device(ctrldev);
+ return err;
+ }
+
+--- a/drivers/crypto/caam/caamhash.c
++++ b/drivers/crypto/caam/caamhash.c
+@@ -1839,7 +1839,6 @@ static int __init caam_algapi_hash_init(
+ {
+ struct device_node *dev_node;
+ struct platform_device *pdev;
+- struct device *ctrldev;
+ int i = 0, err = 0;
+ struct caam_drv_private *priv;
+ unsigned int md_limit = SHA512_DIGEST_SIZE;
+@@ -1858,16 +1857,17 @@ static int __init caam_algapi_hash_init(
+ return -ENODEV;
+ }
+
+- ctrldev = &pdev->dev;
+- priv = dev_get_drvdata(ctrldev);
++ priv = dev_get_drvdata(&pdev->dev);
+ of_node_put(dev_node);
+
+ /*
+ * If priv is NULL, it's probably because the caam driver wasn't
+ * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
+ */
+- if (!priv)
+- return -ENODEV;
++ if (!priv) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ /*
+ * Register crypto algorithms the device supports. First, identify
+@@ -1880,8 +1880,10 @@ static int __init caam_algapi_hash_init(
+ * Skip registration of any hashing algorithms if MD block
+ * is not present.
+ */
+- if (!((cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT))
+- return -ENODEV;
++ if (!((cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT)) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ /* Limit digest size based on LP256 */
+ if ((cha_vid & CHA_ID_LS_MD_MASK) == CHA_ID_LS_MD_LP256)
+@@ -1933,6 +1935,8 @@ static int __init caam_algapi_hash_init(
+ list_add_tail(&t_alg->entry, &hash_list);
+ }
+
++out_put_dev:
++ put_device(&pdev->dev);
+ return err;
+ }
+
+--- a/drivers/crypto/caam/caampkc.c
++++ b/drivers/crypto/caam/caampkc.c
+@@ -627,16 +627,20 @@ static int __init caam_pkc_init(void)
+ * If priv is NULL, it's probably because the caam driver wasn't
+ * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
+ */
+- if (!priv)
+- return -ENODEV;
++ if (!priv) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ /* Determine public key hardware accelerator presence. */
+ cha_inst = rd_reg32(&priv->ctrl->perfmon.cha_num_ls);
+ pk_inst = (cha_inst & CHA_ID_LS_PK_MASK) >> CHA_ID_LS_PK_SHIFT;
+
+ /* Do not register algorithms if PKHA is not present. */
+- if (!pk_inst)
+- return -ENODEV;
++ if (!pk_inst) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ err = crypto_register_akcipher(&caam_rsa);
+ if (err)
+@@ -645,6 +649,8 @@ static int __init caam_pkc_init(void)
+ else
+ dev_info(ctrldev, "caam pkc algorithms registered in /proc/crypto\n");
+
++out_put_dev:
++ put_device(ctrldev);
+ return err;
+ }
+
+--- a/drivers/crypto/caam/caamrng.c
++++ b/drivers/crypto/caam/caamrng.c
+@@ -310,7 +310,6 @@ static int __init caam_rng_init(void)
+ struct device *dev;
+ struct device_node *dev_node;
+ struct platform_device *pdev;
+- struct device *ctrldev;
+ struct caam_drv_private *priv;
+ int err;
+
+@@ -327,25 +326,29 @@ static int __init caam_rng_init(void)
+ return -ENODEV;
+ }
+
+- ctrldev = &pdev->dev;
+- priv = dev_get_drvdata(ctrldev);
++ priv = dev_get_drvdata(&pdev->dev);
+ of_node_put(dev_node);
+
+ /*
+ * If priv is NULL, it's probably because the caam driver wasn't
+ * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
+ */
+- if (!priv)
+- return -ENODEV;
++ if (!priv) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ /* Check for an instantiated RNG before registration */
+- if (!(rd_reg32(&priv->ctrl->perfmon.cha_num_ls) & CHA_ID_LS_RNG_MASK))
+- return -ENODEV;
++ if (!(rd_reg32(&priv->ctrl->perfmon.cha_num_ls) & CHA_ID_LS_RNG_MASK)) {
++ err = -ENODEV;
++ goto out_put_dev;
++ }
+
+ dev = caam_jr_alloc();
+ if (IS_ERR(dev)) {
+ pr_err("Job Ring Device allocation for transform failed\n");
+- return PTR_ERR(dev);
++ err = PTR_ERR(dev);
++ goto out_put_dev;
+ }
+ rng_ctx = kmalloc(sizeof(*rng_ctx), GFP_DMA | GFP_KERNEL);
+ if (!rng_ctx) {
+@@ -356,6 +359,7 @@ static int __init caam_rng_init(void)
+ if (err)
+ goto free_rng_ctx;
+
++ put_device(&pdev->dev);
+ dev_info(dev, "registering rng-caam\n");
+ return hwrng_register(&caam_rng);
+
+@@ -363,6 +367,8 @@ free_rng_ctx:
+ kfree(rng_ctx);
+ free_caam_alloc:
+ caam_jr_free(dev);
++out_put_dev:
++ put_device(&pdev->dev);
+ return err;
+ }
+
diff --git a/patches.fixes/0001-cxgb4-Mask-out-interrupts-that-are-not-enabled.patch b/patches.fixes/0001-cxgb4-Mask-out-interrupts-that-are-not-enabled.patch
new file mode 100644
index 0000000000..817544a8bc
--- /dev/null
+++ b/patches.fixes/0001-cxgb4-Mask-out-interrupts-that-are-not-enabled.patch
@@ -0,0 +1,47 @@
+From: Vishal Kulkarni <vishal@chelsio.com>
+Patch-mainline: 5.1-rc1
+Git-commit: 64ccfd2dbbdff4946e114e36cb8d58f432cccc50
+Subject: cxgb4: Mask out interrupts that are not enabled.
+References: bsc#1127175
+
+There are rare cases where a PL_INT_CAUSE bit may end up getting
+set when the corresponding PL_INT_ENABLE bit isn't set.
+
+Signed-off-by: Vishal Kulkarni <vishal@chelsio.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Denis Kirjanov <dkirjanov@suse.com>
+---
+ drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
+index 27af347be4af..49e4374d584c 100644
+--- a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
++++ b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
+@@ -4962,7 +4962,13 @@ static void pl_intr_handler(struct adapter *adap)
+ */
+ int t4_slow_intr_handler(struct adapter *adapter)
+ {
+- u32 cause = t4_read_reg(adapter, PL_INT_CAUSE_A);
++ /* There are rare cases where a PL_INT_CAUSE bit may end up getting
++ * set when the corresponding PL_INT_ENABLE bit isn't set. It's
++ * easiest just to mask that case here.
++ */
++ u32 raw_cause = t4_read_reg(adapter, PL_INT_CAUSE_A);
++ u32 enable = t4_read_reg(adapter, PL_INT_ENABLE_A);
++ u32 cause = raw_cause & enable;
+
+ if (!(cause & GLBL_INTR_MASK))
+ return 0;
+@@ -5014,7 +5020,7 @@ int t4_slow_intr_handler(struct adapter *adapter)
+ ulptx_intr_handler(adapter);
+
+ /* Clear the interrupts just processed for which we are the master. */
+- t4_write_reg(adapter, PL_INT_CAUSE_A, cause & GLBL_INTR_MASK);
++ t4_write_reg(adapter, PL_INT_CAUSE_A, raw_cause & GLBL_INTR_MASK);
+ (void)t4_read_reg(adapter, PL_INT_CAUSE_A); /* flush */
+ return 1;
+ }
+--
+2.12.3
+
diff --git a/patches.fixes/0001-cxgb4-add-per-rx-queue-counter-for-packet-errors.patch b/patches.fixes/0001-cxgb4-add-per-rx-queue-counter-for-packet-errors.patch
new file mode 100644
index 0000000000..e523042484
--- /dev/null
+++ b/patches.fixes/0001-cxgb4-add-per-rx-queue-counter-for-packet-errors.patch
@@ -0,0 +1,62 @@
+From: Ganesh Goudar <ganeshgr@chelsio.com>
+Patch-mainline: v4.20-rc1
+Git-commit: 992bea8e40b7f5d2ad5e59ce167556a84da388e2
+Subject: cxgb4: add per rx-queue counter for packet errors
+References: bsc#1127371
+
+print per rx-queue packet errors in sge_qinfo
+
+Signed-off-by: Casey Leedom <leedom@chelsio.com>
+Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Denis Kirjanov <dkirjanov@suse.com>
+---
+ drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 3 +++
+ drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 1 +
+ drivers/net/ethernet/chelsio/cxgb4/sge.c | 4 ++++
+ 3 files changed, 8 insertions(+)
+
+diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
+index 9b5c69eaedd7..56244acf7ce6 100644
+--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
+@@ -656,6 +656,9 @@ struct sge_eth_stats { /* Ethernet queue statistics */
+ unsigned long rx_cso; /* # of Rx checksum offloads */
+ unsigned long vlan_ex; /* # of Rx VLAN extractions */
+ unsigned long rx_drops; /* # of packets dropped due to no mem */
++#ifndef __GENKSYMS__
++ unsigned long bad_rx_pkts; /* # of packets with err_vec!=0 */
++#endif
+ };
+
+ struct sge_eth_rxq { /* SW Ethernet Rx queue */
+diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
+index ef48f0e5011e..f3f78906badf 100644
+--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
+@@ -2506,6 +2506,7 @@ do { \
+ RL("LROmerged:", stats.lro_merged);
+ RL("LROpackets:", stats.lro_pkts);
+ RL("RxDrops:", stats.rx_drops);
++ RL("RxBadPkts:", stats.bad_rx_pkts);
+ TL("TSO:", tso);
+ TL("TxCSO:", tx_cso);
+ TL("VLANins:", vlan_ins);
+diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c
+index 98c7d9119c02..a8025e5f8842 100644
+--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
+@@ -2368,6 +2368,10 @@ int t4_ethrx_handler(struct sge_rspq *q, const __be64 *rsp,
+
+ csum_ok = pkt->csum_calc && !err_vec &&
+ (q->netdev->features & NETIF_F_RXCSUM);
++
++ if (err_vec)
++ rxq->stats.bad_rx_pkts++;
++
+ if (((pkt->l2info & htonl(RXF_TCP_F)) ||
+ tnl_hdr_len) &&
+ (q->netdev->features & NETIF_F_GRO) && csum_ok && !pkt->ip_frag) {
+--
+2.12.3
+
diff --git a/patches.fixes/0001-mm-debug.c-fix-__dump_page-when-mapping-host-is-not-.patch b/patches.fixes/0001-mm-debug.c-fix-__dump_page-when-mapping-host-is-not-.patch
new file mode 100644
index 0000000000..2ccd6f6517
--- /dev/null
+++ b/patches.fixes/0001-mm-debug.c-fix-__dump_page-when-mapping-host-is-not-.patch
@@ -0,0 +1,59 @@
+From 5ae2efb1dea9f537453e841714e3ee2757595aec Mon Sep 17 00:00:00 2001
+From: Oscar Salvador <osalvador@suse.de>
+Date: Thu, 28 Mar 2019 20:44:01 -0700
+Subject: [PATCH] mm/debug.c: fix __dump_page when mapping->host is not set
+Patch-mainline: v5.1-rc3
+Git-commit: 5ae2efb1dea9f537453e841714e3ee2757595aec
+References: bsc#1131934
+
+While debugging something, I added a dump_page() into do_swap_page(),
+and I got the splat from below. The issue happens when dereferencing
+mapping->host in __dump_page():
+
+ ...
+ else if (mapping) {
+ pr_warn("%ps ", mapping->a_ops);
+ if (mapping->host->i_dentry.first) {
+ struct dentry *dentry;
+ dentry = container_of(mapping->host->i_dentry.first, struct dentry, d_u.d_alias);
+ pr_warn("name:\"%pd\" ", dentry);
+ }
+ }
+ ...
+
+Swap address space does not contain an inode information, and so
+mapping->host equals NULL.
+
+Although the dump_page() call was added artificially into
+do_swap_page(), I am not sure if we can hit this from any other path, so
+it looks worth fixing it. We can easily do that by checking
+mapping->host first.
+
+Link: http://lkml.kernel.org/r/20190318072931.29094-1-osalvador@suse.de
+Fixes: 1c6fb1d89e73c ("mm: print more information about mapping in __dump_page")
+Signed-off-by: Oscar Salvador <osalvador@suse.de>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Hugh Dickins <hughd@google.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ mm/debug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mm/debug.c b/mm/debug.c
+index 45d9eb77b84e..eee9c221280c 100644
+--- a/mm/debug.c
++++ b/mm/debug.c
+@@ -79,7 +79,7 @@ void __dump_page(struct page *page, const char *reason)
+ pr_warn("ksm ");
+ else if (mapping) {
+ pr_warn("%ps ", mapping->a_ops);
+- if (mapping->host->i_dentry.first) {
++ if (mapping->host && mapping->host->i_dentry.first) {
+ struct dentry *dentry;
+ dentry = container_of(mapping->host->i_dentry.first, struct dentry, d_u.d_alias);
+ pr_warn("name:\"%pd\" ", dentry);
+--
+2.13.7
+
diff --git a/patches.fixes/0001-mm-page_isolation.c-fix-a-wrong-flag-in-set_migratet.patch b/patches.fixes/0001-mm-page_isolation.c-fix-a-wrong-flag-in-set_migratet.patch
new file mode 100644
index 0000000000..dab6ef4481
--- /dev/null
+++ b/patches.fixes/0001-mm-page_isolation.c-fix-a-wrong-flag-in-set_migratet.patch
@@ -0,0 +1,43 @@
+From f5777bc2d9cf0712554228b1a7927b6f13f5c1f0 Mon Sep 17 00:00:00 2001
+From: Qian Cai <cai@lca.pw>
+Date: Thu, 28 Mar 2019 20:44:21 -0700
+Subject: [PATCH] mm/page_isolation.c: fix a wrong flag in
+ set_migratetype_isolate()
+Patch-mainline: v5.1-rc3
+Git-commit: f5777bc2d9cf0712554228b1a7927b6f13f5c1f0
+References: bsc#1131935
+
+Due to has_unmovable_pages() taking an incorrect irqsave flag instead of
+the isolation flag in set_migratetype_isolate(), there are issues with
+HWPOSION and error reporting where dump_page() is not called when there
+is an unmovable page.
+
+Link: http://lkml.kernel.org/r/20190320204941.53731-1-cai@lca.pw
+Fixes: d381c54760dc ("mm: only report isolation failures when offlining memory")
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Signed-off-by: Qian Cai <cai@lca.pw>
+Cc: <stable@vger.kernel.org> [5.0.x]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ mm/page_isolation.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/mm/page_isolation.c b/mm/page_isolation.c
+index bf4159d771c7..019280712e1b 100644
+--- a/mm/page_isolation.c
++++ b/mm/page_isolation.c
+@@ -59,7 +59,8 @@ static int set_migratetype_isolate(struct page *page, int migratetype, int isol_
+ * FIXME: Now, memory hotplug doesn't call shrink_slab() by itself.
+ * We just check MOVABLE pages.
+ */
+- if (!has_unmovable_pages(zone, page, arg.pages_found, migratetype, flags))
++ if (!has_unmovable_pages(zone, page, arg.pages_found, migratetype,
++ isol_flags))
+ ret = 0;
+
+ /*
+--
+2.13.7
+
diff --git a/patches.fixes/It-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape.patch b/patches.fixes/It-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape.patch
new file mode 100644
index 0000000000..174f7dd7bb
--- /dev/null
+++ b/patches.fixes/It-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape.patch
@@ -0,0 +1,31 @@
+From: Xiao Ni <xni@redhat.com>
+Date: Fri, 8 Mar 2019 23:52:05 +0800
+Subject: [PATCH] It's wrong to add len to sector_nr in raid10 reshape twice
+Git-commit: b761dcf1217760a42f7897c31dcb649f59b2333e
+Patch-mainline: v5.1
+References: git-fixes
+
+In reshape_request it already adds len to sector_nr already. It's wrong to add len to
+sector_nr again after adding pages to bio. If there is bad block it can't copy one chunk
+at a time, it needs to goto read_more. Now the sector_nr is wrong. It can cause data
+corruption.
+
+Cc: stable@vger.kernel.org # v3.16+
+Signed-off-by: Xiao Ni <xni@redhat.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ drivers/md/raid10.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/md/raid10.c
++++ b/drivers/md/raid10.c
+@@ -4667,7 +4667,6 @@ read_more:
+ atomic_inc(&r10_bio->remaining);
+ read_bio->bi_next = NULL;
+ generic_make_request(read_bio);
+- sector_nr += nr_sectors;
+ sectors_done += nr_sectors;
+ if (sector_nr <= last)
+ goto read_more;
diff --git a/patches.fixes/NFS-Don-t-recoalesce-on-error-in-nfs_pageio_complete.patch b/patches.fixes/NFS-Don-t-recoalesce-on-error-in-nfs_pageio_complete.patch
new file mode 100644
index 0000000000..ebe3803e56
--- /dev/null
+++ b/patches.fixes/NFS-Don-t-recoalesce-on-error-in-nfs_pageio_complete.patch
@@ -0,0 +1,31 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 15 Feb 2019 16:08:25 -0500
+Subject: [PATCH] NFS: Don't recoalesce on error in
+ nfs_pageio_complete_mirror()
+Git-commit: 8127d82705998568b52ac724e28e00941538083d
+Patch-mainline: v5.1
+References: git-fixes
+
+If the I/O completion failed with a fatal error, then we should just
+exit nfs_pageio_complete_mirror() rather than try to recoalesce.
+
+Fixes: a7d42ddb3099 ("nfs: add mirroring support to pgio layer")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org # v4.0+
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/pagelist.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1241,7 +1241,7 @@ static void nfs_pageio_complete_mirror(s
+ desc->pg_mirror_idx = mirror_idx;
+ for (;;) {
+ nfs_pageio_doio(desc);
+- if (!mirror->pg_recoalesce)
++ if (desc->pg_error < 0 || !mirror->pg_recoalesce)
+ break;
+ if (!nfs_do_recoalesce(desc))
+ break;
diff --git a/patches.fixes/NFS-Don-t-use-page_file_mapping-after-removing-the-p.patch b/patches.fixes/NFS-Don-t-use-page_file_mapping-after-removing-the-p.patch
new file mode 100644
index 0000000000..37451b4407
--- /dev/null
+++ b/patches.fixes/NFS-Don-t-use-page_file_mapping-after-removing-the-p.patch
@@ -0,0 +1,63 @@
+From: Benjamin Coddington <bcodding@redhat.com>
+Date: Wed, 6 Feb 2019 06:09:43 -0500
+Subject: [PATCH] NFS: Don't use page_file_mapping after removing the page
+Git-commit: d2ceb7e57086750ea6198a31fd942d98099a0786
+Patch-mainline: v5.0
+References: git-fixes
+
+If nfs_page_async_flush() removes the page from the mapping, then we can't
+use page_file_mapping() on it as nfs_updatepate() is wont to do when
+receiving an error. Instead, push the mapping to the stack before the page
+is possibly truncated.
+
+Fixes: 8fc75bed96bb ("NFS: Fix up return value on fatal errors in nfs_page_async_flush()")
+Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/write.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -219,9 +219,9 @@ out:
+ }
+
+ /* A writeback failed: mark the page as bad, and invalidate the page cache */
+-static void nfs_set_pageerror(struct page *page)
++static void nfs_set_pageerror(struct address_space *mapping)
+ {
+- nfs_zap_mapping(page_file_mapping(page)->host, page_file_mapping(page));
++ nfs_zap_mapping(mapping->host, mapping);
+ }
+
+ /*
+@@ -1012,7 +1012,7 @@ static void nfs_write_completion(struct
+ nfs_list_remove_request(req);
+ if (test_bit(NFS_IOHDR_ERROR, &hdr->flags) &&
+ (hdr->good_bytes < bytes)) {
+- nfs_set_pageerror(req->wb_page);
++ nfs_set_pageerror(page_file_mapping(req->wb_page));
+ nfs_context_set_write_error(req->wb_context, hdr->error);
+ goto remove_req;
+ }
+@@ -1354,7 +1354,8 @@ int nfs_updatepage(struct file *file, st
+ unsigned int offset, unsigned int count)
+ {
+ struct nfs_open_context *ctx = nfs_file_open_context(file);
+- struct inode *inode = page_file_mapping(page)->host;
++ struct address_space *mapping = page_file_mapping(page);
++ struct inode *inode = mapping->host;
+ int status = 0;
+
+ nfs_inc_stats(inode, NFSIOS_VFSUPDATEPAGE);
+@@ -1372,7 +1373,7 @@ int nfs_updatepage(struct file *file, st
+
+ status = nfs_writepage_setup(ctx, page, offset, count);
+ if (status < 0)
+- nfs_set_pageerror(page);
++ nfs_set_pageerror(mapping);
+ else
+ __set_page_dirty_nobuffers(page);
+ out:
diff --git a/patches.fixes/NFS-Fix-I-O-request-leakages.patch b/patches.fixes/NFS-Fix-I-O-request-leakages.patch
new file mode 100644
index 0000000000..c3e81772ae
--- /dev/null
+++ b/patches.fixes/NFS-Fix-I-O-request-leakages.patch
@@ -0,0 +1,87 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Wed, 13 Feb 2019 09:21:38 -0500
+Subject: [PATCH] NFS: Fix I/O request leakages
+Git-commit: f57dcf4c72113c745d83f1c65f7291299f65c14f
+Patch-mainline: v5.1
+References: git-fixes
+
+When we fail to add the request to the I/O queue, we currently leave it
+to the caller to free the failed request. However since some of the
+requests that fail are actually created by nfs_pageio_add_request()
+itself, and are not passed back the caller, this leads to a leakage
+issue, which can again cause page locks to leak.
+
+This commit addresses the leakage by freeing the created requests on
+error, using desc->pg_completion_ops->error_cleanup()
+
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Fixes: a7d42ddb30997 ("nfs: add mirroring support to pgio layer")
+Cc: stable@vger.kernel.org # v4.0: c18b96a1b862: nfs: clean up rest of reqs
+Cc: stable@vger.kernel.org # v4.0: d600ad1f2bdb: NFS41: pop some layoutget
+Cc: stable@vger.kernel.org # v4.0+
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/pagelist.c | 26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1016,6 +1016,17 @@ static void nfs_pageio_doio(struct nfs_p
+ }
+ }
+
++static void
++nfs_pageio_cleanup_request(struct nfs_pageio_descriptor *desc,
++ struct nfs_page *req)
++{
++ LIST_HEAD(head);
++
++ nfs_list_remove_request(req);
++ nfs_list_add_request(req, &head);
++ desc->pg_completion_ops->error_cleanup(&head);
++}
++
+ /**
+ * nfs_pageio_add_request - Attempt to coalesce a request into a page list.
+ * @desc: destination io descriptor
+@@ -1053,10 +1064,8 @@ static int __nfs_pageio_add_request(stru
+ nfs_page_group_unlock(req);
+ desc->pg_moreio = 1;
+ nfs_pageio_doio(desc);
+- if (desc->pg_error < 0)
+- return 0;
+- if (mirror->pg_recoalesce)
+- return 0;
++ if (desc->pg_error < 0 || mirror->pg_recoalesce)
++ goto out_cleanup_subreq;
+ /* retry add_request for this subreq */
+ nfs_page_group_lock(req, false);
+ continue;
+@@ -1089,6 +1098,10 @@ err_ptr:
+ desc->pg_error = PTR_ERR(subreq);
+ nfs_page_group_unlock(req);
+ return 0;
++out_cleanup_subreq:
++ if (req != subreq)
++ nfs_pageio_cleanup_request(desc, subreq);
++ return 0;
+ }
+
+ static int nfs_do_recoalesce(struct nfs_pageio_descriptor *desc)
+@@ -1196,11 +1209,14 @@ int nfs_pageio_add_request(struct nfs_pa
+ if (nfs_pgio_has_mirroring(desc))
+ desc->pg_mirror_idx = midx;
+ if (!nfs_pageio_add_request_mirror(desc, dupreq))
+- goto out_failed;
++ goto out_cleanup_subreq;
+ }
+
+ return 1;
+
++out_cleanup_subreq:
++ if (req != dupreq)
++ nfs_pageio_cleanup_request(desc, dupreq);
+ out_failed:
+ /* remember fatal errors */
+ if (nfs_error_is_fatal(desc->pg_error))
diff --git a/patches.fixes/NFS-Fix-a-soft-lockup-in-the-delegation-recovery-cod.patch b/patches.fixes/NFS-Fix-a-soft-lockup-in-the-delegation-recovery-cod.patch
new file mode 100644
index 0000000000..2167a4b3dd
--- /dev/null
+++ b/patches.fixes/NFS-Fix-a-soft-lockup-in-the-delegation-recovery-cod.patch
@@ -0,0 +1,75 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Thu, 21 Feb 2019 14:51:25 -0500
+Subject: [PATCH] NFS: Fix a soft lockup in the delegation recovery code
+Git-commit: 6f9449be53f3ce383caed797708b332ede8d952c
+Patch-mainline: v5.1
+References: git-fixes
+
+Fix a soft lockup when NFS client delegation recovery is attempted
+but the inode is in the process of being freed. When the
+igrab(inode) call fails, and we have to restart the recovery process,
+we need to ensure that we won't attempt to recover the same delegation
+again.
+
+Fixes: 45870d6909d5a ("NFSv4.1: Test delegation stateids when server...")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/delegation.c | 20 ++++++++++++--------
+ fs/nfs/delegation.h | 1 +
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+
+--- a/fs/nfs/delegation.c
++++ b/fs/nfs/delegation.c
+@@ -225,6 +225,8 @@ static struct inode *nfs_delegation_grab
+ spin_lock(&delegation->lock);
+ if (delegation->inode != NULL)
+ inode = igrab(delegation->inode);
++ if (!inode)
++ set_bit(NFS_DELEGATION_INODE_FREEING, &delegation->flags);
+ spin_unlock(&delegation->lock);
+ return inode;
+ }
+@@ -903,10 +905,11 @@ restart:
+ list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link) {
+ list_for_each_entry_rcu(delegation, &server->delegations,
+ super_list) {
+- if (test_bit(NFS_DELEGATION_RETURNING,
+- &delegation->flags))
+- continue;
+- if (test_bit(NFS_DELEGATION_NEED_RECLAIM,
++ if (test_bit(NFS_DELEGATION_INODE_FREEING,
++ &delegation->flags) ||
++ test_bit(NFS_DELEGATION_RETURNING,
++ &delegation->flags) ||
++ test_bit(NFS_DELEGATION_NEED_RECLAIM,
+ &delegation->flags) == 0)
+ continue;
+ if (!nfs_sb_active(server->super))
+@@ -1011,10 +1014,11 @@ restart:
+ list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link) {
+ list_for_each_entry_rcu(delegation, &server->delegations,
+ super_list) {
+- if (test_bit(NFS_DELEGATION_RETURNING,
+- &delegation->flags))
+- continue;
+- if (test_bit(NFS_DELEGATION_TEST_EXPIRED,
++ if (test_bit(NFS_DELEGATION_INODE_FREEING,
++ &delegation->flags) ||
++ test_bit(NFS_DELEGATION_RETURNING,
++ &delegation->flags) ||
++ test_bit(NFS_DELEGATION_TEST_EXPIRED,
+ &delegation->flags) == 0)
+ continue;
+ if (!nfs_sb_active(server->super))
+--- a/fs/nfs/delegation.h
++++ b/fs/nfs/delegation.h
+@@ -33,6 +33,7 @@ enum {
+ NFS_DELEGATION_RETURNING,
+ NFS_DELEGATION_REVOKED,
+ NFS_DELEGATION_TEST_EXPIRED,
++ NFS_DELEGATION_INODE_FREEING,
+ };
+
+ int nfs_inode_set_delegation(struct inode *inode, struct rpc_cred *cred, struct nfs_openres *res);
diff --git a/patches.fixes/NFS-Fix-a-typo-in-nfs_init_timeout_values.patch b/patches.fixes/NFS-Fix-a-typo-in-nfs_init_timeout_values.patch
new file mode 100644
index 0000000000..5e17d131d3
--- /dev/null
+++ b/patches.fixes/NFS-Fix-a-typo-in-nfs_init_timeout_values.patch
@@ -0,0 +1,30 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Thu, 21 Mar 2019 17:57:56 -0400
+Subject: [PATCH] NFS: Fix a typo in nfs_init_timeout_values()
+Git-commit: 5a698243930c441afccec04e4d5dc8febfd2b775
+Patch-mainline: v5.1
+References: git-fixes
+
+Specifying a retrans=0 mount parameter to a NFS/TCP mount, is
+inadvertently causing the NFS client to rewrite any specified
+timeout parameter to the default of 60 seconds.
+
+Fixes: a956beda19a6 ("NFS: Allow the mount option retrans=0")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -460,7 +460,7 @@ void nfs_init_timeout_values(struct rpc_
+ case XPRT_TRANSPORT_RDMA:
+ if (retrans == NFS_UNSPEC_RETRANS)
+ to->to_retries = NFS_DEF_TCP_RETRANS;
+- if (timeo == NFS_UNSPEC_TIMEO || to->to_retries == 0)
++ if (timeo == NFS_UNSPEC_TIMEO || to->to_initval == 0)
+ to->to_initval = NFS_DEF_TCP_TIMEO * HZ / 10;
+ if (to->to_initval > NFS_MAX_TCP_TIMEOUT)
+ to->to_initval = NFS_MAX_TCP_TIMEOUT;
diff --git a/patches.fixes/NFS-Fix-an-I-O-request-leakage-in-nfs_do_recoalesce.patch b/patches.fixes/NFS-Fix-an-I-O-request-leakage-in-nfs_do_recoalesce.patch
new file mode 100644
index 0000000000..588e1c7ece
--- /dev/null
+++ b/patches.fixes/NFS-Fix-an-I-O-request-leakage-in-nfs_do_recoalesce.patch
@@ -0,0 +1,29 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 15 Feb 2019 14:59:52 -0500
+Subject: [PATCH] NFS: Fix an I/O request leakage in nfs_do_recoalesce
+Git-commit: 4d91969ed4dbcefd0e78f77494f0cb8fada9048a
+Patch-mainline: v5.1
+References: git-fixes
+
+Whether we need to exit early, or just reprocess the list, we
+must not lost track of the request which failed to get recoalesced.
+
+Fixes: 03d5eb65b538 ("NFS: Fix a memory leak in nfs_do_recoalesce")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org # v4.0+
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/pagelist.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -1120,7 +1120,6 @@ static int nfs_do_recoalesce(struct nfs_
+ struct nfs_page *req;
+
+ req = list_first_entry(&head, struct nfs_page, wb_list);
+- nfs_list_remove_request(req);
+ if (__nfs_pageio_add_request(desc, req))
+ continue;
+ if (desc->pg_error < 0) {
diff --git a/patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch b/patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch
new file mode 100644
index 0000000000..d825757c23
--- /dev/null
+++ b/patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch
@@ -0,0 +1,46 @@
+From: NeilBrown <neilb@suse.com>
+Date: Tue, 19 Mar 2019 11:33:24 +1100
+Subject: [PATCH] NFS: fix mount/umount race in nlmclnt.
+Git-commit: 4a9be28c45bf02fa0436808bb6c0baeba30e120e
+Patch-mainline: v5.1
+References: git-fixes
+
+If the last NFSv3 unmount from a given host races with a mount from the
+same host, we can destroy an nlm_host that is still in use.
+
+Specifically nlmclnt_lookup_host() can increment h_count on
+an nlm_host that nlmclnt_release_host() has just successfully called
+refcount_dec_and_test() on.
+Once nlmclnt_lookup_host() drops the mutex, nlm_destroy_host_lock()
+will be called to destroy the nlmclnt which is now in use again.
+
+The cause of the problem is that the dec_and_test happens outside the
+locked region. This is easily fixed by using
+refcount_dec_and_mutex_lock().
+
+Fixes: 8ea6ecc8b075 ("lockd: Create client-side nlm_host cache")
+Cc: stable@vger.kernel.org (v2.6.38+)
+Signed-off-by: NeilBrown <neilb@suse.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/lockd/host.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/lockd/host.c
++++ b/fs/lockd/host.c
+@@ -289,12 +289,11 @@ void nlmclnt_release_host(struct nlm_hos
+
+ WARN_ON_ONCE(host->h_server);
+
+- if (atomic_dec_and_test(&host->h_count)) {
++ if (atomic_dec_and_mutex_lock(&host->h_count, &nlm_host_mutex)) {
+ WARN_ON_ONCE(!list_empty(&host->h_lockowners));
+ WARN_ON_ONCE(!list_empty(&host->h_granted));
+ WARN_ON_ONCE(!list_empty(&host->h_reclaim));
+
+- mutex_lock(&nlm_host_mutex);
+ nlm_destroy_host_locked(host);
+ mutex_unlock(&nlm_host_mutex);
+ }
diff --git a/patches.fixes/NFS-pnfs-Bulk-destroy-of-layouts-needs-to-be-safe-w..patch b/patches.fixes/NFS-pnfs-Bulk-destroy-of-layouts-needs-to-be-safe-w..patch
new file mode 100644
index 0000000000..aafc98a72f
--- /dev/null
+++ b/patches.fixes/NFS-pnfs-Bulk-destroy-of-layouts-needs-to-be-safe-w..patch
@@ -0,0 +1,87 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 22 Feb 2019 14:20:27 -0500
+Subject: [PATCH] NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t.
+ umount
+Git-commit: 5085607d209102b37b169bc94d0aa39566a9842a
+Patch-mainline: v5.1
+References: git-fixes
+
+If a bulk layout recall or a metadata server reboot coincides with a
+umount, then holding a reference to an inode is unsafe unless we
+also hold a reference to the super block.
+
+Fixes: fd9a8d7160937 ("NFSv4.1: Fix bulk recall and destroy of layouts")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/pnfs.c | 33 +++++++++++++++++++++++----------
+ fs/nfs/pnfs.h | 1 +
+ 2 files changed, 24 insertions(+), 10 deletions(-)
+
+--- a/fs/nfs/pnfs.c
++++ b/fs/nfs/pnfs.c
+@@ -766,22 +766,35 @@ static int
+ pnfs_layout_bulk_destroy_byserver_locked(struct nfs_client *clp,
+ struct nfs_server *server,
+ struct list_head *layout_list)
++ __must_hold(&clp->cl_lock)
++ __must_hold(RCU)
+ {
+ struct pnfs_layout_hdr *lo, *next;
+ struct inode *inode;
+
+ list_for_each_entry_safe(lo, next, &server->layouts, plh_layouts) {
+- if (test_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags))
++ if (test_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags) ||
++ test_bit(NFS_LAYOUT_INODE_FREEING, &lo->plh_flags) ||
++ !list_empty(&lo->plh_bulk_destroy))
+ continue;
++ /* If the sb is being destroyed, just bail */
++ if (!nfs_sb_active(server->super))
++ break;
+ inode = igrab(lo->plh_inode);
+- if (inode == NULL)
+- continue;
+- list_del_init(&lo->plh_layouts);
+- if (pnfs_layout_add_bulk_destroy_list(inode, layout_list))
+- continue;
+- rcu_read_unlock();
+- spin_unlock(&clp->cl_lock);
+- iput(inode);
++ if (inode != NULL) {
++ list_del_init(&lo->plh_layouts);
++ if (pnfs_layout_add_bulk_destroy_list(inode,
++ layout_list))
++ continue;
++ rcu_read_unlock();
++ spin_unlock(&clp->cl_lock);
++ iput(inode);
++ } else {
++ rcu_read_unlock();
++ spin_unlock(&clp->cl_lock);
++ set_bit(NFS_LAYOUT_INODE_FREEING, &lo->plh_flags);
++ }
++ nfs_sb_deactive(server->super);
+ spin_lock(&clp->cl_lock);
+ rcu_read_lock();
+ return -EAGAIN;
+@@ -819,7 +832,7 @@ pnfs_layout_free_bulk_destroy_list(struc
+ /* Free all lsegs that are attached to commit buckets */
+ nfs_commit_inode(inode, 0);
+ pnfs_put_layout_hdr(lo);
+- iput(inode);
++ nfs_iput_and_deactive(inode);
+ }
+ return ret;
+ }
+--- a/fs/nfs/pnfs.h
++++ b/fs/nfs/pnfs.h
+@@ -100,6 +100,7 @@ enum {
+ NFS_LAYOUT_RETURN_REQUESTED, /* Return this layout ASAP */
+ NFS_LAYOUT_INVALID_STID, /* layout stateid id is invalid */
+ NFS_LAYOUT_FIRST_LAYOUTGET, /* Serialize first layoutget */
++ NFS_LAYOUT_INODE_FREEING, /* The inode is being freed */
+ };
+
+ enum layoutdriver_policy_flags {
diff --git a/patches.fixes/NFSv4-flexfiles-Fix-invalid-deref-in-FF_LAYOUT_DEVID.patch b/patches.fixes/NFSv4-flexfiles-Fix-invalid-deref-in-FF_LAYOUT_DEVID.patch
new file mode 100644
index 0000000000..b39288dc21
--- /dev/null
+++ b/patches.fixes/NFSv4-flexfiles-Fix-invalid-deref-in-FF_LAYOUT_DEVID.patch
@@ -0,0 +1,67 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Tue, 26 Feb 2019 11:19:46 -0500
+Subject: [PATCH] NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
+Git-commit: 108bb4afd351d65826648a47f11fa3104e250d9b
+Patch-mainline: v5.1
+References: git-fixes
+
+If the attempt to instantiate the mirror's layout DS pointer failed,
+then that pointer may hold a value of type ERR_PTR(), so we need
+to check that before we dereference it.
+
+Fixes: 65990d1afbd2d ("pNFS/flexfiles: Fix a deadlock on LAYOUTGET")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/flexfilelayout/flexfilelayout.h | 32 +++++++++++++++++++-------------
+ 1 file changed, 19 insertions(+), 13 deletions(-)
+
+--- a/fs/nfs/flexfilelayout/flexfilelayout.h
++++ b/fs/nfs/flexfilelayout/flexfilelayout.h
+@@ -130,16 +130,6 @@ FF_LAYOUT_LSEG(struct pnfs_layout_segmen
+ generic_hdr);
+ }
+
+-static inline struct nfs4_deviceid_node *
+-FF_LAYOUT_DEVID_NODE(struct pnfs_layout_segment *lseg, u32 idx)
+-{
+- if (idx >= FF_LAYOUT_LSEG(lseg)->mirror_array_cnt ||
+- FF_LAYOUT_LSEG(lseg)->mirror_array[idx] == NULL ||
+- FF_LAYOUT_LSEG(lseg)->mirror_array[idx]->mirror_ds == NULL)
+- return NULL;
+- return &FF_LAYOUT_LSEG(lseg)->mirror_array[idx]->mirror_ds->id_node;
+-}
+-
+ static inline struct nfs4_ff_layout_ds *
+ FF_LAYOUT_MIRROR_DS(struct nfs4_deviceid_node *node)
+ {
+@@ -149,9 +139,25 @@ FF_LAYOUT_MIRROR_DS(struct nfs4_deviceid
+ static inline struct nfs4_ff_layout_mirror *
+ FF_LAYOUT_COMP(struct pnfs_layout_segment *lseg, u32 idx)
+ {
+- if (idx >= FF_LAYOUT_LSEG(lseg)->mirror_array_cnt)
+- return NULL;
+- return FF_LAYOUT_LSEG(lseg)->mirror_array[idx];
++ struct nfs4_ff_layout_segment *fls = FF_LAYOUT_LSEG(lseg);
++
++ if (idx < fls->mirror_array_cnt)
++ return fls->mirror_array[idx];
++ return NULL;
++}
++
++static inline struct nfs4_deviceid_node *
++FF_LAYOUT_DEVID_NODE(struct pnfs_layout_segment *lseg, u32 idx)
++{
++ struct nfs4_ff_layout_mirror *mirror = FF_LAYOUT_COMP(lseg, idx);
++
++ if (mirror != NULL) {
++ struct nfs4_ff_layout_ds *mirror_ds = mirror->mirror_ds;
++
++ if (!IS_ERR_OR_NULL(mirror_ds))
++ return &mirror_ds->id_node;
++ }
++ return NULL;
+ }
+
+ static inline u32
diff --git a/patches.fixes/NFSv4.1-Reinitialise-sequence-results-before-retrans.patch b/patches.fixes/NFSv4.1-Reinitialise-sequence-results-before-retrans.patch
new file mode 100644
index 0000000000..203ec7ff0f
--- /dev/null
+++ b/patches.fixes/NFSv4.1-Reinitialise-sequence-results-before-retrans.patch
@@ -0,0 +1,55 @@
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Fri, 1 Mar 2019 12:13:34 -0500
+Subject: [PATCH] NFSv4.1: Reinitialise sequence results before retransmitting
+ a request
+Git-commit: c1dffe0bf7f9c3d57d9f237a7cb2a81e62babd2b
+Patch-mainline: v5.1
+References: git-fixes
+
+If we have to retransmit a request, we should ensure that we reinitialise
+the sequence results structure, since in the event of a signal
+we need to treat the request as if it had not been sent.
+
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/nfs4proc.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -912,6 +912,13 @@ nfs4_sequence_process_interrupted(struct
+
+ #endif /* !CONFIG_NFS_V4_1 */
+
++static void nfs41_sequence_res_init(struct nfs4_sequence_res *res)
++{
++ res->sr_timestamp = jiffies;
++ res->sr_status_flags = 0;
++ res->sr_status = 1;
++}
++
+ static
+ void nfs4_sequence_attach_slot(struct nfs4_sequence_args *args,
+ struct nfs4_sequence_res *res,
+@@ -923,10 +930,6 @@ void nfs4_sequence_attach_slot(struct nf
+ args->sa_slot = slot;
+
+ res->sr_slot = slot;
+- res->sr_timestamp = jiffies;
+- res->sr_status_flags = 0;
+- res->sr_status = 1;
+-
+ }
+
+ int nfs4_setup_sequence(struct nfs_client *client,
+@@ -972,6 +975,7 @@ int nfs4_setup_sequence(struct nfs_clien
+
+ trace_nfs4_setup_sequence(session, args);
+ out_start:
++ nfs41_sequence_res_init(res);
+ rpc_call_start(task);
+ return 0;
+
diff --git a/patches.fixes/NFSv4.1-don-t-free-interrupted-slot-on-open.patch b/patches.fixes/NFSv4.1-don-t-free-interrupted-slot-on-open.patch
new file mode 100644
index 0000000000..44cd428886
--- /dev/null
+++ b/patches.fixes/NFSv4.1-don-t-free-interrupted-slot-on-open.patch
@@ -0,0 +1,32 @@
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Tue, 19 Mar 2019 12:12:13 -0400
+Subject: [PATCH] NFSv4.1 don't free interrupted slot on open
+Git-commit: 0cb98abb5bd13b9a636bde603d952d722688b428
+Patch-mainline: v5.1
+References: git-fixes
+
+Allow the async rpc task for finish and update the open state if needed,
+then free the slot. Otherwise, the async rpc unable to decode the reply.
+
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Fixes: ae55e59da0e4 ("pnfs: Don't release the sequence slot...")
+Cc: stable@vger.kernel.org # v4.18+
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/nfs4proc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -2713,7 +2713,8 @@ static int _nfs4_open_and_get_state(stru
+ nfs4_schedule_stateid_recovery(server, state);
+ }
+ out:
+- nfs4_sequence_free_slot(&opendata->o_res.seq_res);
++ if (!opendata->cancelled)
++ nfs4_sequence_free_slot(&opendata->o_res.seq_res);
+ return ret;
+ }
+
diff --git a/patches.fixes/block-remove-bio_rewind_iter.patch b/patches.fixes/block-remove-bio_rewind_iter.patch
new file mode 100644
index 0000000000..f347fba34c
--- /dev/null
+++ b/patches.fixes/block-remove-bio_rewind_iter.patch
@@ -0,0 +1,154 @@
+From: Ming Lei <ming.lei@redhat.com>
+Date: Wed, 5 Sep 2018 15:45:54 -0600
+Subject: [PATCH] block: remove bio_rewind_iter()
+References: bsc#1131673
+Git-commit: 7759eb23fd9808a2e4498cf36a798ed65cde78ae
+Patch-Mainline: v4.20-rc2
+
+It is pointed that bio_rewind_iter() is one very bad API[1]:
+
+1) bio size may not be restored after rewinding
+
+2) it causes some bogus change, such as 5151842b9d8732 (block: reset
+bi_iter.bi_done after splitting bio)
+
+3) rewinding really makes things complicated wrt. bio splitting
+
+4) unnecessary updating of .bi_done in fast path
+
+[1] https://marc.info/?t=153549924200005&r=1&w=2
+
+So this patch takes Kent's suggestion to restore one bio into its original
+state via saving bio iterator(struct bvec_iter) in bio_integrity_prep(),
+given now bio_rewind_iter() is only used by bio integrity code.
+
+Cc: Dmitry Monakhov <dmonakhov@openvz.org>
+Cc: Hannes Reinecke <hare@suse.com>
+Suggested-by: Kent Overstreet <kent.overstreet@gmail.com>
+Acked-by: Kent Overstreet <kent.overstreet@gmail.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ block/bio-integrity.c | 12 ++++--------
+ block/bio.c | 1 -
+ include/linux/bio.h | 22 ++++------------------
+ include/linux/bvec.h | 3 ---
+ 4 files changed, 8 insertions(+), 30 deletions(-)
+
+diff --git a/block/bio-integrity.c b/block/bio-integrity.c
+index a32e65db6d07..b2a3374da689 100644
+--- a/block/bio-integrity.c
++++ b/block/bio-integrity.c
+@@ -306,6 +306,8 @@ bool bio_integrity_prep(struct bio *bio)
+ if (bio_data_dir(bio) == WRITE) {
+ bio_integrity_process(bio, &bio->bi_iter,
+ bi->profile->generate_fn);
++ } else {
++ bip->bio_iter = bio->bi_iter;
+ }
+ return true;
+
+@@ -331,20 +333,14 @@ static void bio_integrity_verify_fn(struct work_struct *work)
+ container_of(work, struct bio_integrity_payload, bip_work);
+ struct bio *bio = bip->bip_bio;
+ struct blk_integrity *bi = blk_get_integrity(bio->bi_disk);
+- struct bvec_iter iter = bio->bi_iter;
+
+ /*
+ * At the moment verify is called bio's iterator was advanced
+ * during split and completion, we need to rewind iterator to
+ * it's original position.
+ */
+- if (bio_rewind_iter(bio, &iter, iter.bi_done)) {
+- bio->bi_status = bio_integrity_process(bio, &iter,
+- bi->profile->verify_fn);
+- } else {
+- bio->bi_status = BLK_STS_IOERR;
+- }
+-
++ bio->bi_status = bio_integrity_process(bio, &bip->bio_iter,
++ bi->profile->verify_fn);
+ bio_integrity_free(bio);
+ bio_endio(bio);
+ }
+diff --git a/block/bio.c b/block/bio.c
+index 336eb9eab377..25cfc5528bae 100644
+--- a/block/bio.c
++++ b/block/bio.c
+@@ -1921,7 +1921,6 @@ struct bio *bio_split(struct bio *bio, int sectors,
+ bio_integrity_trim(split);
+
+ bio_advance(bio, split->bi_iter.bi_size);
+- bio->bi_iter.bi_done = 0;
+
+ if (bio_flagged(bio, BIO_TRACE_COMPLETION))
+ bio_set_flag(split, BIO_TRACE_COMPLETION);
+diff --git a/include/linux/bio.h b/include/linux/bio.h
+index 44b4947890cf..c8f3140f8ec0 100644
+--- a/include/linux/bio.h
++++ b/include/linux/bio.h
+@@ -165,27 +165,11 @@ static inline void bio_advance_iter(struct bio *bio, struct bvec_iter *iter,
+ {
+ iter->bi_sector += bytes >> 9;
+
+- if (bio_no_advance_iter(bio)) {
++ if (bio_no_advance_iter(bio))
+ iter->bi_size -= bytes;
+- iter->bi_done += bytes;
+- } else {
++ else
+ bvec_iter_advance(bio->bi_io_vec, iter, bytes);
+ /* TODO: It is reasonable to complete bio with error here. */
+- }
+-}
+-
+-static inline bool bio_rewind_iter(struct bio *bio, struct bvec_iter *iter,
+- unsigned int bytes)
+-{
+- iter->bi_sector -= bytes >> 9;
+-
+- if (bio_no_advance_iter(bio)) {
+- iter->bi_size += bytes;
+- iter->bi_done -= bytes;
+- return true;
+- }
+-
+- return bvec_iter_rewind(bio->bi_io_vec, iter, bytes);
+ }
+
+ #define __bio_for_each_segment(bvl, bio, iter, start) \
+@@ -325,6 +309,8 @@ struct bio_integrity_payload {
+ unsigned short bip_max_vcnt; /* integrity bio_vec slots */
+ unsigned short bip_flags; /* control flags */
+
++ struct bvec_iter bio_iter; /* for rewinding parent bio */
++
+ struct work_struct bip_work; /* I/O completion */
+
+ struct bio_vec *bip_vec;
+diff --git a/include/linux/bvec.h b/include/linux/bvec.h
+index ec8a4d7af6bd..b81a0c3b6acb 100644
+--- a/include/linux/bvec.h
++++ b/include/linux/bvec.h
+@@ -40,8 +40,6 @@ struct bvec_iter {
+
+ unsigned int bi_idx; /* current index into bvl_vec */
+
+- unsigned int bi_done; /* number of bytes completed */
+-
+ unsigned int bi_bvec_done; /* number of bytes completed in
+ current bvec */
+ };
+@@ -85,7 +83,6 @@ static inline bool bvec_iter_advance(const struct bio_vec *bv,
+ bytes -= len;
+ iter->bi_size -= len;
+ iter->bi_bvec_done += len;
+- iter->bi_done += len;
+
+ if (iter->bi_bvec_done == __bvec_iter_bvec(bv, *iter)->bv_len) {
+ iter->bi_bvec_done = 0;
+--
+2.16.4
+
diff --git a/patches.fixes/bsg-Do-not-copy-sense-if-no-response-buffer-is-alloc.patch b/patches.fixes/bsg-Do-not-copy-sense-if-no-response-buffer-is-alloc.patch
deleted file mode 100644
index 8d0a6c5aa5..0000000000
--- a/patches.fixes/bsg-Do-not-copy-sense-if-no-response-buffer-is-alloc.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Hannes Reinecke <hare@suse.de>
-Date: Wed, 30 Jan 2019 10:50:10 +0100
-Subject: [PATCH] bsg: Do not copy sense if no response buffer is allocated
-Patch-Mainline: submitted linux-scsi 2019/02/28
-References: bsc#1106811,bsc#1126555
-
-The sense buffer is only allocated for SCSI requests, not for pass-through
-bsg requests. So we should only copy out the sense if we have both, sense
-and response buffer.
-
-Signed-off-by: Hannes Reinecke <hare@suse.com>
----
- block/bsg.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/block/bsg.c b/block/bsg.c
-index 37663b664666..5671c1188245 100644
---- a/block/bsg.c
-+++ b/block/bsg.c
-@@ -401,13 +401,12 @@ static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr,
- if (hdr->device_status || hdr->transport_status || hdr->driver_status)
- hdr->info |= SG_INFO_CHECK;
- hdr->response_len = 0;
--
-- if (req->sense_len && hdr->response) {
-+ if (req->sense && hdr->response) {
- int len = min_t(unsigned int, hdr->max_response_len,
- req->sense_len);
--
-- ret = copy_to_user((void __user *)(unsigned long)hdr->response,
-- req->sense, len);
-+ if (len > 0)
-+ ret = copy_to_user((void __user *)(unsigned long)hdr->response,
-+ req->sense, len);
- if (!ret)
- hdr->response_len = len;
- else
---
-2.16.4
-
diff --git a/patches.fixes/dm-disable-DISCARD-if-the-underlying-storage-no-long.patch b/patches.fixes/dm-disable-DISCARD-if-the-underlying-storage-no-long.patch
new file mode 100644
index 0000000000..c7e7974fcb
--- /dev/null
+++ b/patches.fixes/dm-disable-DISCARD-if-the-underlying-storage-no-long.patch
@@ -0,0 +1,127 @@
+From: Mike Snitzer <snitzer@redhat.com>
+Date: Wed, 3 Apr 2019 12:23:11 -0400
+Subject: [PATCH] dm: disable DISCARD if the underlying storage no longer
+ supports it
+Git-commit: bcb44433bba5eaff293888ef22ffa07f1f0347d6
+Patch-Mainline: v5.1-rc4
+References: bsc#1114638
+
+Storage devices which report supporting discard commands like
+WRITE_SAME_16 with unmap, but reject discard commands sent to the
+storage device. This is a clear storage firmware bug but it doesn't
+change the fact that should a program cause discards to be sent to a
+multipath device layered on this buggy storage, all paths can end up
+failed at the same time from the discards, causing possible I/O loss.
+
+The first discard to a path will fail with Illegal Request, Invalid
+field in cdb, e.g.:
+ kernel: sd 8:0:8:19: [sdfn] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
+ kernel: sd 8:0:8:19: [sdfn] tag#0 Sense Key : Illegal Request [current]
+ kernel: sd 8:0:8:19: [sdfn] tag#0 Add. Sense: Invalid field in cdb
+ kernel: sd 8:0:8:19: [sdfn] tag#0 CDB: Write same(16) 93 08 00 00 00 00 00 a0 08 00 00 00 80 00 00 00
+ kernel: blk_update_request: critical target error, dev sdfn, sector 10487808
+
+The SCSI layer converts this to the BLK_STS_TARGET error number, the sd
+device disables its support for discard on this path, and because of the
+BLK_STS_TARGET error multipath fails the discard without failing any
+path or retrying down a different path. But subsequent discards can
+cause path failures. Any discards sent to the path which already failed
+a discard ends up failing with EIO from blk_cloned_rq_check_limits with
+an "over max size limit" error since the discard limit was set to 0 by
+the sd driver for the path. As the error is EIO, this now fails the
+path and multipath tries to send the discard down the next path. This
+cycle continues as discards are sent until all paths fail.
+
+Fix this by training DM core to disable DISCARD if the underlying
+storage already did so.
+
+Also, fix branching in dm_done() and clone_endio() to reflect the
+mutually exclussive nature of the IO operations in question.
+
+Cc: stable@vger.kernel.org
+Reported-by: David Jeffery <djeffery@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/md/dm-core.h | 1 +
+ drivers/md/dm-rq.c | 11 +++++++----
+ drivers/md/dm.c | 19 +++++++++++++++++--
+ 3 files changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h
+index 203144762f36..9fa7362541a0 100644
+--- a/drivers/md/dm-core.h
++++ b/drivers/md/dm-core.h
+@@ -132,6 +132,7 @@ struct mapped_device {
+ void dm_init_md_queue(struct mapped_device *md);
+ void dm_init_normal_md_queue(struct mapped_device *md);
+ int md_in_flight(struct mapped_device *md);
++void disable_discard(struct mapped_device *md);
+ void disable_write_same(struct mapped_device *md);
+ void disable_write_zeroes(struct mapped_device *md);
+
+diff --git a/drivers/md/dm-rq.c b/drivers/md/dm-rq.c
+index eadfcfd106ff..5c498105ada9 100644
+--- a/drivers/md/dm-rq.c
++++ b/drivers/md/dm-rq.c
+@@ -295,11 +295,14 @@ static void dm_done(struct request *clone, blk_status_t error, bool mapped)
+ }
+
+ if (unlikely(error == BLK_STS_TARGET)) {
+- if (req_op(clone) == REQ_OP_WRITE_SAME &&
+- !clone->q->limits.max_write_same_sectors)
++ if (req_op(clone) == REQ_OP_DISCARD &&
++ !clone->q->limits.max_discard_sectors)
++ disable_discard(tio->md);
++ else if (req_op(clone) == REQ_OP_WRITE_SAME &&
++ !clone->q->limits.max_write_same_sectors)
+ disable_write_same(tio->md);
+- if (req_op(clone) == REQ_OP_WRITE_ZEROES &&
+- !clone->q->limits.max_write_zeroes_sectors)
++ else if (req_op(clone) == REQ_OP_WRITE_ZEROES &&
++ !clone->q->limits.max_write_zeroes_sectors)
+ disable_write_zeroes(tio->md);
+ }
+
+diff --git a/drivers/md/dm.c b/drivers/md/dm.c
+index 55c525ec997c..d2cd75dfacb9 100644
+--- a/drivers/md/dm.c
++++ b/drivers/md/dm.c
+@@ -837,6 +837,18 @@ static void dec_pending(struct dm_io *io, blk_status_t error)
+ }
+ }
+
++void disable_discard(struct mapped_device *md)
++{
++ struct queue_limits *limits = dm_get_queue_limits(md);
++ unsigned long flags;
++
++ /* device doesn't really support DISCARD, disable it */
++ limits->max_discard_sectors = 0;
++ spin_lock_irqsave(md->queue->queue_lock, flags);
++ queue_flag_clear(QUEUE_FLAG_DISCARD, md->queue);
++ spin_unlock_irqrestore(md->queue->queue_lock, flags);
++}
++
+ void disable_write_same(struct mapped_device *md)
+ {
+ struct queue_limits *limits = dm_get_queue_limits(md);
+@@ -862,10 +874,13 @@ static void clone_endio(struct bio *bio)
+ dm_endio_fn endio = tio->ti->type->end_io;
+
+ if (unlikely(error == BLK_STS_TARGET)) {
+- if (bio_op(bio) == REQ_OP_WRITE_SAME &&
++ if (bio_op(bio) == REQ_OP_DISCARD &&
++ !bio->bi_disk->queue->limits.max_discard_sectors)
++ disable_discard(md);
++ else if (bio_op(bio) == REQ_OP_WRITE_SAME &&
+ !bio->bi_disk->queue->limits.max_write_same_sectors)
+ disable_write_same(md);
+- if (bio_op(bio) == REQ_OP_WRITE_ZEROES &&
++ else if (bio_op(bio) == REQ_OP_WRITE_ZEROES &&
+ !bio->bi_disk->queue->limits.max_write_zeroes_sectors)
+ disable_write_zeroes(md);
+ }
+--
+2.16.4
+
diff --git a/patches.fixes/fs-nfs-Fix-nfs_parse_devname-to-not-modify-it-s-argu.patch b/patches.fixes/fs-nfs-Fix-nfs_parse_devname-to-not-modify-it-s-argu.patch
new file mode 100644
index 0000000000..d0d654ee53
--- /dev/null
+++ b/patches.fixes/fs-nfs-Fix-nfs_parse_devname-to-not-modify-it-s-argu.patch
@@ -0,0 +1,32 @@
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Wed, 30 Jan 2019 07:58:38 -0600
+Subject: [PATCH] fs/nfs: Fix nfs_parse_devname to not modify it's argument
+Git-commit: 40cc394be1aa18848b8757e03bd8ed23281f572e
+Patch-mainline: v5.1
+References: git-fixes
+
+In the rare and unsupported case of a hostname list nfs_parse_devname
+will modify dev_name. There is no need to modify dev_name as the all
+that is being computed is the length of the hostname, so the computed
+length can just be shorted.
+
+Fixes: dc04589827f7 ("NFS: Use common device name parsing logic for NFSv4 and NFSv2/v3")
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/super.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/super.c
++++ b/fs/nfs/super.c
+@@ -1932,7 +1932,7 @@ static int nfs_parse_devname(const char
+ /* kill possible hostname list: not supported */
+ comma = strchr(dev_name, ',');
+ if (comma != NULL && comma < end)
+- *comma = 0;
++ len = comma - dev_name;
+ }
+
+ if (len > maxnamlen)
diff --git a/patches.fixes/md-Fix-failed-allocation-of-md_register_thread.patch b/patches.fixes/md-Fix-failed-allocation-of-md_register_thread.patch
new file mode 100644
index 0000000000..f234eddd78
--- /dev/null
+++ b/patches.fixes/md-Fix-failed-allocation-of-md_register_thread.patch
@@ -0,0 +1,46 @@
+From: Aditya Pakki <pakki001@umn.edu>
+Date: Mon, 4 Mar 2019 16:48:54 -0600
+Subject: [PATCH] md: Fix failed allocation of md_register_thread
+Git-commit: e406f12dde1a8375d77ea02d91f313fb1a9c6aec
+Patch-mainline: v5.1
+References: git-fixes
+
+mddev->sync_thread can be set to NULL on kzalloc failure downstream.
+The patch checks for such a scenario and frees allocated resources.
+
+Committer node:
+
+Added similar fix to raid5.c, as suggested by Guoqing.
+
+Cc: stable@vger.kernel.org # v3.16+
+Acked-by: Guoqing Jiang <gqjiang@suse.com>
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+
+---
+ drivers/md/raid10.c | 2 ++
+ drivers/md/raid5.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/md/raid10.c
++++ b/drivers/md/raid10.c
+@@ -3993,6 +3993,8 @@ static int raid10_run(struct mddev *mdde
+ set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
+ mddev->sync_thread = md_register_thread(md_do_sync, mddev,
+ "reshape");
++ if (!mddev->sync_thread)
++ goto out_free_conf;
+ }
+
+ return 0;
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -7384,6 +7384,8 @@ static int raid5_run(struct mddev *mddev
+ set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
+ mddev->sync_thread = md_register_thread(md_do_sync, mddev,
+ "reshape");
++ if (!mddev->sync_thread)
++ goto abort;
+ }
+
+ /* Ok, everything is just fine now */
diff --git a/patches.fixes/md-raid1-don-t-clear-bitmap-bits-on-interrupted-reco.patch b/patches.fixes/md-raid1-don-t-clear-bitmap-bits-on-interrupted-reco.patch
new file mode 100644
index 0000000000..9959abd942
--- /dev/null
+++ b/patches.fixes/md-raid1-don-t-clear-bitmap-bits-on-interrupted-reco.patch
@@ -0,0 +1,83 @@
+From: Nate Dailey <nate.dailey@stratus.com>
+Date: Thu, 7 Feb 2019 14:19:01 -0500
+Subject: [PATCH] md/raid1: don't clear bitmap bits on interrupted recovery.
+Git-commit: dfcc34c99f3ebc16b787b118763bf9cb6b1efc7a
+Patch-mainline: v5.0
+References: git-fixes
+
+sync_request_write no longer submits writes to a Faulty device. This has
+the unfortunate side effect that bitmap bits can be incorrectly cleared
+if a recovery is interrupted (previously, end_sync_write would have
+prevented this). This means the next recovery may not copy everything
+it should, potentially corrupting data.
+
+Add a function for doing the proper md_bitmap_end_sync, called from
+end_sync_write and the Faulty case in sync_request_write.
+
+backport note to 4.14: s/md_bitmap_end_sync/bitmap_end_sync
+
+Cc: stable@vger.kernel.org 4.14+
+Fixes: 0c9d5b127f69 ("md/raid1: avoid reusing a resync bio after error handling.")
+Reviewed-by: Jack Wang <jinpu.wang@cloud.ionos.com>
+Tested-by: Jack Wang <jinpu.wang@cloud.ionos.com>
+Signed-off-by: Nate Dailey <nate.dailey@stratus.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ drivers/md/raid1.c | 29 ++++++++++++++++++-----------
+ 1 file changed, 18 insertions(+), 11 deletions(-)
+
+--- a/drivers/md/raid1.c
++++ b/drivers/md/raid1.c
+@@ -1867,6 +1867,20 @@ static void end_sync_read(struct bio *bi
+ reschedule_retry(r1_bio);
+ }
+
++static void abort_sync_write(struct mddev *mddev, struct r1bio *r1_bio)
++{
++ sector_t sync_blocks = 0;
++ sector_t s = r1_bio->sector;
++ long sectors_to_go = r1_bio->sectors;
++
++ /* make sure these bits don't get cleared. */
++ do {
++ bitmap_end_sync(mddev->bitmap, s, &sync_blocks, 1);
++ s += sync_blocks;
++ sectors_to_go -= sync_blocks;
++ } while (sectors_to_go > 0);
++}
++
+ static void end_sync_write(struct bio *bio)
+ {
+ int uptodate = !bio->bi_status;
+@@ -1878,16 +1892,7 @@ static void end_sync_write(struct bio *b
+ struct md_rdev *rdev = conf->mirrors[find_bio_disk(r1_bio, bio)].rdev;
+
+ if (!uptodate) {
+- sector_t sync_blocks = 0;
+- sector_t s = r1_bio->sector;
+- long sectors_to_go = r1_bio->sectors;
+- /* make sure these bits doesn't get cleared. */
+- do {
+- bitmap_end_sync(mddev->bitmap, s,
+- &sync_blocks, 1);
+- s += sync_blocks;
+- sectors_to_go -= sync_blocks;
+- } while (sectors_to_go > 0);
++ abort_sync_write(mddev, r1_bio);
+ set_bit(WriteErrorSeen, &rdev->flags);
+ if (!test_and_set_bit(WantReplacement, &rdev->flags))
+ set_bit(MD_RECOVERY_NEEDED, &
+@@ -2177,8 +2182,10 @@ static void sync_request_write(struct md
+ (i == r1_bio->read_disk ||
+ !test_bit(MD_RECOVERY_SYNC, &mddev->recovery))))
+ continue;
+- if (test_bit(Faulty, &conf->mirrors[i].rdev->flags))
++ if (test_bit(Faulty, &conf->mirrors[i].rdev->flags)) {
++ abort_sync_write(mddev, r1_bio);
+ continue;
++ }
+
+ bio_set_op_attrs(wbio, REQ_OP_WRITE, 0);
+ if (test_bit(FailFast, &conf->mirrors[i].rdev->flags))
diff --git a/patches.fixes/md-raid5-fix-out-of-memory-during-raid-cache-recover.patch b/patches.fixes/md-raid5-fix-out-of-memory-during-raid-cache-recover.patch
new file mode 100644
index 0000000000..929eeab042
--- /dev/null
+++ b/patches.fixes/md-raid5-fix-out-of-memory-during-raid-cache-recover.patch
@@ -0,0 +1,123 @@
+From: Alexei Naberezhnov <anaberezhnov@fb.com>
+Date: Tue, 27 Mar 2018 16:54:16 -0700
+Subject: [PATCH] md/raid5: fix 'out of memory' during raid cache recovery
+Git-commit: 483cbbeddd5fe2c80fd4141ff0748fa06c4ff146
+Patch-mainline: v5.0
+References: git-fixes
+
+This fixes the case when md array assembly fails because of raid cache recovery
+unable to allocate a stripe, despite attempts to replay stripes and increase
+cache size. This happens because stripes released by r5c_recovery_replay_stripes
+and raid5_set_cache_size don't become available for allocation immediately.
+Released stripes first are placed on conf->released_stripes list and require
+md thread to merge them on conf->inactive_list before they can be allocated.
+
+Patch allows final allocation attempt during cache recovery to wait for
+new stripes to become availabe for allocation.
+
+Cc: linux-raid@vger.kernel.org
+Cc: Shaohua Li <shli@kernel.org>
+Cc: linux-stable <stable@vger.kernel.org> # 4.10+
+Fixes: b4c625c67362 ("md/r5cache: r5cache recovery: part 1")
+Signed-off-by: Alexei Naberezhnov <anaberezhnov@fb.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ drivers/md/raid5-cache.c | 33 ++++++++++++++++++++++-----------
+ drivers/md/raid5.c | 8 ++++++--
+ 2 files changed, 28 insertions(+), 13 deletions(-)
+
+--- a/drivers/md/raid5-cache.c
++++ b/drivers/md/raid5-cache.c
+@@ -1937,12 +1937,14 @@ out:
+ }
+
+ static struct stripe_head *
+-r5c_recovery_alloc_stripe(struct r5conf *conf,
+- sector_t stripe_sect)
++r5c_recovery_alloc_stripe(
++ struct r5conf *conf,
++ sector_t stripe_sect,
++ int noblock)
+ {
+ struct stripe_head *sh;
+
+- sh = raid5_get_active_stripe(conf, stripe_sect, 0, 1, 0);
++ sh = raid5_get_active_stripe(conf, stripe_sect, 0, noblock, 0);
+ if (!sh)
+ return NULL; /* no more stripe available */
+
+@@ -2152,7 +2154,7 @@ r5c_recovery_analyze_meta_block(struct r
+ stripe_sect);
+
+ if (!sh) {
+- sh = r5c_recovery_alloc_stripe(conf, stripe_sect);
++ sh = r5c_recovery_alloc_stripe(conf, stripe_sect, 1);
+ /*
+ * cannot get stripe from raid5_get_active_stripe
+ * try replay some stripes
+@@ -2161,20 +2163,29 @@ r5c_recovery_analyze_meta_block(struct r
+ r5c_recovery_replay_stripes(
+ cached_stripe_list, ctx);
+ sh = r5c_recovery_alloc_stripe(
+- conf, stripe_sect);
++ conf, stripe_sect, 1);
+ }
+ if (!sh) {
++ int new_size = conf->min_nr_stripes * 2;
+ pr_debug("md/raid:%s: Increasing stripe cache size to %d to recovery data on journal.\n",
+ mdname(mddev),
+- conf->min_nr_stripes * 2);
+- raid5_set_cache_size(mddev,
+- conf->min_nr_stripes * 2);
+- sh = r5c_recovery_alloc_stripe(conf,
+- stripe_sect);
++ new_size);
++ ret = raid5_set_cache_size(mddev, new_size);
++ if (conf->min_nr_stripes <= new_size / 2) {
++ pr_err("md/raid:%s: Cannot increase cache size, ret=%d, new_size=%d, min_nr_stripes=%d, max_nr_stripes=%d\n",
++ mdname(mddev),
++ ret,
++ new_size,
++ conf->min_nr_stripes,
++ conf->max_nr_stripes);
++ return -ENOMEM;
++ }
++ sh = r5c_recovery_alloc_stripe(
++ conf, stripe_sect, 0);
+ }
+ if (!sh) {
+ pr_err("md/raid:%s: Cannot get enough stripes due to memory pressure. Recovery failed.\n",
+- mdname(mddev));
++ mdname(mddev));
+ return -ENOMEM;
+ }
+ list_add_tail(&sh->lru, cached_stripe_list);
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -6352,6 +6352,7 @@ raid5_show_stripe_cache_size(struct mdde
+ int
+ raid5_set_cache_size(struct mddev *mddev, int size)
+ {
++ int result = 0;
+ struct r5conf *conf = mddev->private;
+
+ if (size <= 16 || size > 32768)
+@@ -6368,11 +6369,14 @@ raid5_set_cache_size(struct mddev *mddev
+
+ mutex_lock(&conf->cache_size_mutex);
+ while (size > conf->max_nr_stripes)
+- if (!grow_one_stripe(conf, GFP_KERNEL))
++ if (!grow_one_stripe(conf, GFP_KERNEL)) {
++ conf->min_nr_stripes = conf->max_nr_stripes;
++ result = -ENOMEM;
+ break;
++ }
+ mutex_unlock(&conf->cache_size_mutex);
+
+- return 0;
++ return result;
+ }
+ EXPORT_SYMBOL(raid5_set_cache_size);
+
diff --git a/patches.fixes/nfsd4-catch-some-false-session-retries.patch b/patches.fixes/nfsd4-catch-some-false-session-retries.patch
new file mode 100644
index 0000000000..83a4b69d4a
--- /dev/null
+++ b/patches.fixes/nfsd4-catch-some-false-session-retries.patch
@@ -0,0 +1,111 @@
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Tue, 17 Oct 2017 20:38:49 -0400
+Subject: [PATCH] nfsd4: catch some false session retries
+Git-commit: 53da6a53e1d414e05759fa59b7032ee08f4e22d7
+Patch-mainline: v4.15
+References: git-fixes
+
+The spec allows us to return NFS4ERR_SEQ_FALSE_RETRY if we notice that
+the client is making a call that matches a previous (slot, seqid) pair
+but that *isn't* actually a replay, because some detail of the call
+doesn't actually match the previous one.
+
+Catching every such case is difficult, but we may as well catch a few
+easy ones. This also handles the case described in the previous patch,
+in a different way.
+
+The spec does however require us to catch the case where the difference
+is in the rpc credentials. This prevents somebody from snooping another
+user's replies by fabricating retries.
+
+(But the practical value of the attack is limited by the fact that the
+replies with the most sensitive data are READ replies, which are not
+normally cached.)
+
+Tested-by: Olga Kornievskaia <aglo@umich.edu>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfsd/nfs4state.c | 37 ++++++++++++++++++++++++++++++++++++-
+ fs/nfsd/state.h | 1 +
+ 2 files changed, 37 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -1472,8 +1472,10 @@ free_session_slots(struct nfsd4_session
+ {
+ int i;
+
+- for (i = 0; i < ses->se_fchannel.maxreqs; i++)
++ for (i = 0; i < ses->se_fchannel.maxreqs; i++) {
++ free_svc_cred(&ses->se_slots[i]->sl_cred);
+ kfree(ses->se_slots[i]);
++ }
+ }
+
+ /*
+@@ -2334,6 +2336,8 @@ nfsd4_store_cache_entry(struct nfsd4_com
+ slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
+ slot->sl_opcnt = resp->opcnt;
+ slot->sl_status = resp->cstate.status;
++ free_svc_cred(&slot->sl_cred);
++ copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred);
+
+ if (!nfsd4_cache_this(resp)) {
+ slot->sl_flags &= ~NFSD4_SLOT_CACHED;
+@@ -3036,6 +3040,34 @@ static bool nfsd4_request_too_big(struct
+ return xb->len > session->se_fchannel.maxreq_sz;
+ }
+
++static bool replay_matches_cache(struct svc_rqst *rqstp,
++ struct nfsd4_sequence *seq, struct nfsd4_slot *slot)
++{
++ struct nfsd4_compoundargs *argp = rqstp->rq_argp;
++
++ if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) !=
++ (bool)seq->cachethis)
++ return false;
++ /*
++ * If there's an error than the reply can have fewer ops than
++ * the call. But if we cached a reply with *more* ops than the
++ * call you're sending us now, then this new call is clearly not
++ * really a replay of the old one:
++ */
++ if (slot->sl_opcnt < argp->opcnt)
++ return false;
++ /* This is the only check explicitly called by spec: */
++ if (!same_creds(&rqstp->rq_cred, &slot->sl_cred))
++ return false;
++ /*
++ * There may be more comparisons we could actually do, but the
++ * spec doesn't require us to catch every case where the calls
++ * don't match (that would require caching the call as well as
++ * the reply), so we don't bother.
++ */
++ return true;
++}
++
+ __be32
+ nfsd4_sequence(struct svc_rqst *rqstp,
+ struct nfsd4_compound_state *cstate,
+@@ -3095,6 +3127,9 @@ nfsd4_sequence(struct svc_rqst *rqstp,
+ status = nfserr_seq_misordered;
+ if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
+ goto out_put_session;
++ status = nfserr_seq_false_retry;
++ if (!replay_matches_cache(rqstp, seq, slot))
++ goto out_put_session;
+ cstate->slot = slot;
+ cstate->session = session;
+ cstate->clp = clp;
+--- a/fs/nfsd/state.h
++++ b/fs/nfsd/state.h
+@@ -169,6 +169,7 @@ static inline struct nfs4_delegation *de
+ struct nfsd4_slot {
+ u32 sl_seqid;
+ __be32 sl_status;
++ struct svc_cred sl_cred;
+ u32 sl_datalen;
+ u16 sl_opcnt;
+ #define NFSD4_SLOT_INUSE (1 << 0)
diff --git a/patches.fixes/nfsd4-fix-cached-replies-to-solo-SEQUENCE-compounds.patch b/patches.fixes/nfsd4-fix-cached-replies-to-solo-SEQUENCE-compounds.patch
new file mode 100644
index 0000000000..1c5bc7635e
--- /dev/null
+++ b/patches.fixes/nfsd4-fix-cached-replies-to-solo-SEQUENCE-compounds.patch
@@ -0,0 +1,122 @@
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Wed, 18 Oct 2017 16:17:18 -0400
+Subject: [PATCH] nfsd4: fix cached replies to solo SEQUENCE compounds
+Git-commit: 085def3ade52f2ffe3e31f42e98c27dcc222dd37
+Patch-mainline: v4.15
+References: git-fixes
+
+Currently our handling of 4.1+ requests without "cachethis" set is
+confusing and not quite correct.
+
+Suppose a client sends a compound consisting of only a single SEQUENCE
+op, and it matches the seqid in a session slot (so it's a retry), but
+the previous request with that seqid did not have "cachethis" set.
+
+The obvious thing to do might be to return NFS4ERR_RETRY_UNCACHED_REP,
+but the protocol only allows that to be returned on the op following the
+SEQUENCE, and there is no such op in this case.
+
+The protocol permits us to cache replies even if the client didn't ask
+us to. And it's easy to do so in the case of solo SEQUENCE compounds.
+
+So, when we get a solo SEQUENCE, we can either return the previously
+cached reply or NFSERR_SEQ_FALSE_RETRY if we notice it differs in some
+way from the original call.
+
+Currently, we're returning a corrupt reply in the case a solo SEQUENCE
+matches a previous compound with more ops. This actually matters
+because the Linux client recently started doing this as a way to recover
+from lost replies to idempotent operations in the case the process doing
+the original reply was killed: in that case it's difficult to keep the
+original arguments around to do a real retry, and the client no longer
+cares what the result is anyway, but it would like to make sure that the
+slot's sequence id has been incremented, and the solo SEQUENCE assures
+That: if the server never got the original reply, it will increment the
+sequence id. If it did get the original reply, it won't increment, and
+nothing else that about the reply really matters much. But we can at
+least attempt to return valid xdr!
+
+Tested-by: Olga Kornievskaia <aglo@umich.edu>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfsd/nfs4state.c | 20 +++++++++++++++-----
+ fs/nfsd/state.h | 1 +
+ fs/nfsd/xdr4.h | 13 +++++++++++--
+ 3 files changed, 27 insertions(+), 7 deletions(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -2331,14 +2331,16 @@ nfsd4_store_cache_entry(struct nfsd4_com
+
+ dprintk("--> %s slot %p\n", __func__, slot);
+
++ slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
+ slot->sl_opcnt = resp->opcnt;
+ slot->sl_status = resp->cstate.status;
+
+- slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
+- if (nfsd4_not_cached(resp)) {
+- slot->sl_datalen = 0;
++ if (!nfsd4_cache_this(resp)) {
++ slot->sl_flags &= ~NFSD4_SLOT_CACHED;
+ return;
+ }
++ slot->sl_flags |= NFSD4_SLOT_CACHED;
++
+ base = resp->cstate.data_offset;
+ slot->sl_datalen = buf->len - base;
+ if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen))
+@@ -2365,8 +2367,16 @@ nfsd4_enc_sequence_replay(struct nfsd4_c
+ op = &args->ops[resp->opcnt - 1];
+ nfsd4_encode_operation(resp, op);
+
+- /* Return nfserr_retry_uncached_rep in next operation. */
+- if (args->opcnt > 1 && !(slot->sl_flags & NFSD4_SLOT_CACHETHIS)) {
++ if (slot->sl_flags & NFSD4_SLOT_CACHED)
++ return op->status;
++ if (args->opcnt == 1) {
++ /*
++ * The original operation wasn't a solo sequence--we
++ * always cache those--so this retry must not match the
++ * original:
++ */
++ op->status = nfserr_seq_false_retry;
++ } else {
+ op = &args->ops[resp->opcnt++];
+ op->status = nfserr_retry_uncached_rep;
+ nfsd4_encode_operation(resp, op);
+--- a/fs/nfsd/state.h
++++ b/fs/nfsd/state.h
+@@ -174,6 +174,7 @@ struct nfsd4_slot {
+ #define NFSD4_SLOT_INUSE (1 << 0)
+ #define NFSD4_SLOT_CACHETHIS (1 << 1)
+ #define NFSD4_SLOT_INITIALIZED (1 << 2)
++#define NFSD4_SLOT_CACHED (1 << 3)
+ u8 sl_flags;
+ char sl_data[];
+ };
+--- a/fs/nfsd/xdr4.h
++++ b/fs/nfsd/xdr4.h
+@@ -647,9 +647,18 @@ static inline bool nfsd4_is_solo_sequenc
+ return resp->opcnt == 1 && args->ops[0].opnum == OP_SEQUENCE;
+ }
+
+-static inline bool nfsd4_not_cached(struct nfsd4_compoundres *resp)
++/*
++ * The session reply cache only needs to cache replies that the client
++ * actually asked us to. But it's almost free for us to cache compounds
++ * consisting of only a SEQUENCE op, so we may as well cache those too.
++ * Also, the protocol doesn't give us a convenient response in the case
++ * of a replay of a solo SEQUENCE op that wasn't cached
++ * (RETRY_UNCACHED_REP can only be returned in the second op of a
++ * compound).
++ */
++static inline bool nfsd4_cache_this(struct nfsd4_compoundres *resp)
+ {
+- return !(resp->cstate.slot->sl_flags & NFSD4_SLOT_CACHETHIS)
++ return (resp->cstate.slot->sl_flags & NFSD4_SLOT_CACHETHIS)
+ || nfsd4_is_solo_sequence(resp);
+ }
+
diff --git a/patches.fixes/nvme-add-proper-discard-setup-for-the-multipath-devi.patch b/patches.fixes/nvme-add-proper-discard-setup-for-the-multipath-devi.patch
new file mode 100644
index 0000000000..5d92c9683d
--- /dev/null
+++ b/patches.fixes/nvme-add-proper-discard-setup-for-the-multipath-devi.patch
@@ -0,0 +1,51 @@
+From: Christoph Hellwig <hch@lst.de>
+Date: Wed, 13 Mar 2019 18:55:07 +0100
+Subject: [PATCH] nvme: add proper discard setup for the multipath device
+Git-commit: 2631857160ecbea04e54423f5053133fe2b6ea45
+Patch-Mainline: v5.1-rc1
+References: bsc#1114638
+
+Add a gendisk argument to nvme_config_discard so that the call to
+nvme_update_disk_info for the multipath device node updates the
+proper request_queue.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reported-by: Sagi Grimberg <sagi@grimberg.me>
+Reviewed-by: Keith Busch <keith.busch@intel.com>
+Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
+Tested-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/nvme/host/core.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
+index 75d5823f4399..142577713e30 100644
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -1397,10 +1397,10 @@ static void nvme_set_chunk_size(struct nvme_ns *ns)
+ blk_queue_chunk_sectors(ns->queue, rounddown_pow_of_two(chunk_size));
+ }
+
+-static void nvme_config_discard(struct nvme_ns *ns)
++static void nvme_config_discard(struct gendisk *disk, struct nvme_ns *ns)
+ {
+ struct nvme_ctrl *ctrl = ns->ctrl;
+- struct request_queue *queue = ns->queue;
++ struct request_queue *queue = disk->queue;
+ u32 size = queue_logical_block_size(queue);
+ unsigned long flags;
+
+@@ -1488,7 +1488,7 @@ static void nvme_update_disk_info(struct gendisk *disk,
+ capacity = 0;
+
+ set_capacity(disk, capacity);
+- nvme_config_discard(ns);
++ nvme_config_discard(disk, ns);
+ blk_mq_unfreeze_queue(disk->queue);
+ }
+
+--
+2.16.4
+
diff --git a/patches.fixes/nvme-only-reconfigure-discard-if-necessary.patch b/patches.fixes/nvme-only-reconfigure-discard-if-necessary.patch
new file mode 100644
index 0000000000..cfbc324463
--- /dev/null
+++ b/patches.fixes/nvme-only-reconfigure-discard-if-necessary.patch
@@ -0,0 +1,98 @@
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 2 May 2018 11:06:54 -0600
+Subject: [PATCH] nvme: only reconfigure discard if necessary
+Git-commit: 3831761eb859f5599a522f064007b31100510c3a
+Patch-Mainline: v4.18-rc2
+References: bsc#1114638
+
+Currently nvme reconfigures discard for every disk revalidation. This
+is problematic because any O_WRONLY or O_RDWR open will trigger a
+partition scan through udev/systemd, and we will reconfigure discard.
+This blows away any user settings, like discard_max_bytes.
+
+Only re-configure the user settable settings if we need to.
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+[removed redundant queue flag setting]
+Signed-off-by: Keith Busch <keith.busch@intel.com>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/nvme/host/core.c | 35 +++++++++++++++++++++++------------
+ 1 file changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
+index 23271d139514..75d5823f4399 100644
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -1397,13 +1397,22 @@ static void nvme_set_chunk_size(struct nvme_ns *ns)
+ blk_queue_chunk_sectors(ns->queue, rounddown_pow_of_two(chunk_size));
+ }
+
+-static void nvme_config_discard(struct nvme_ctrl *ctrl,
+- unsigned stream_alignment, struct request_queue *queue)
++static void nvme_config_discard(struct nvme_ns *ns)
+ {
++ struct nvme_ctrl *ctrl = ns->ctrl;
++ struct request_queue *queue = ns->queue;
+ u32 size = queue_logical_block_size(queue);
++ unsigned long flags;
++
++ if (!(ctrl->oncs & NVME_CTRL_ONCS_DSM)) {
++ spin_lock_irqsave(queue->queue_lock, flags);
++ queue_flag_clear(QUEUE_FLAG_DISCARD, queue);
++ spin_unlock_irqrestore(queue->queue_lock, flags);
++ return;
++ }
+
+- if (stream_alignment)
+- size *= stream_alignment;
++ if (ctrl->nr_streams && ns->sws && ns->sgs)
++ size *= ns->sws * ns->sgs;
+
+ BUILD_BUG_ON(PAGE_SIZE / sizeof(struct nvme_dsm_range) <
+ NVME_DSM_MAX_RANGES);
+@@ -1411,9 +1420,16 @@ static void nvme_config_discard(struct nvme_ctrl *ctrl,
+ queue->limits.discard_alignment = 0;
+ queue->limits.discard_granularity = size;
+
++ /* If discard is already enabled, don't reset queue limits */
++ spin_lock_irqsave(queue->queue_lock, flags);
++ if (queue_flag_test_and_set(QUEUE_FLAG_DISCARD, queue)) {
++ spin_unlock_irqrestore(queue->queue_lock, flags);
++ return;
++ }
++ spin_unlock_irqrestore(queue->queue_lock, flags);
++
+ blk_queue_max_discard_sectors(queue, UINT_MAX);
+ blk_queue_max_discard_segments(queue, NVME_DSM_MAX_RANGES);
+- queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, queue);
+
+ if (ctrl->quirks & NVME_QUIRK_DEALLOCATE_ZEROES)
+ blk_queue_max_write_zeroes_sectors(queue, UINT_MAX);
+@@ -1457,10 +1473,6 @@ static void nvme_update_disk_info(struct gendisk *disk,
+ {
+ sector_t capacity = le64_to_cpup(&id->nsze) << (ns->lba_shift - 9);
+ unsigned short bs = 1 << ns->lba_shift;
+- unsigned stream_alignment = 0;
+-
+- if (ns->ctrl->nr_streams && ns->sws && ns->sgs)
+- stream_alignment = ns->sws * ns->sgs;
+
+ blk_mq_freeze_queue(disk->queue);
+ blk_integrity_unregister(disk);
+@@ -1474,10 +1486,9 @@ static void nvme_update_disk_info(struct gendisk *disk,
+ nvme_init_integrity(disk, ns->ms, ns->pi_type);
+ if (ns->ms && !nvme_ns_has_pi(ns) && !blk_get_integrity(disk))
+ capacity = 0;
+- set_capacity(disk, capacity);
+
+- if (ns->ctrl->oncs & NVME_CTRL_ONCS_DSM)
+- nvme_config_discard(ns->ctrl, stream_alignment, disk->queue);
++ set_capacity(disk, capacity);
++ nvme_config_discard(ns);
+ blk_mq_unfreeze_queue(disk->queue);
+ }
+
+--
+2.16.4
+
diff --git a/patches.fixes/sunrpc-fix-4-more-call-sites-that-were-using-stack-m.patch b/patches.fixes/sunrpc-fix-4-more-call-sites-that-were-using-stack-m.patch
new file mode 100644
index 0000000000..7adce55de1
--- /dev/null
+++ b/patches.fixes/sunrpc-fix-4-more-call-sites-that-were-using-stack-m.patch
@@ -0,0 +1,166 @@
+From: Scott Mayhew <smayhew@redhat.com>
+Date: Fri, 15 Feb 2019 13:42:02 -0500
+Subject: [PATCH] sunrpc: fix 4 more call sites that were using stack memory
+ with a scatterlist
+Git-commit: e7afe6c1d486b516ed586dcc10b3e7e3e85a9c2b
+Patch-mainline: v5.0
+References: git-fixes
+
+While trying to reproduce a reported kernel panic on arm64, I discovered
+that AUTH_GSS basically doesn't work at all with older enctypes on arm64
+systems with CONFIG_VMAP_STACK enabled. It turns out there still a few
+places using stack memory with scatterlists, causing krb5_encrypt() and
+krb5_decrypt() to produce incorrect results (or a BUG if CONFIG_DEBUG_SG
+is enabled).
+
+Tested with cthon on v4.0/v4.1/v4.2 with krb5/krb5i/krb5p using
+des3-cbc-sha1 and arcfour-hmac-md5.
+
+Signed-off-by: Scott Mayhew <smayhew@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ net/sunrpc/auth_gss/gss_krb5_seqnum.c | 49 ++++++++++++++++++++++++++--------
+ 1 file changed, 38 insertions(+), 11 deletions(-)
+
+--- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c
++++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
+@@ -44,7 +44,7 @@ krb5_make_rc4_seq_num(struct krb5_ctx *k
+ unsigned char *cksum, unsigned char *buf)
+ {
+ struct crypto_skcipher *cipher;
+- unsigned char plain[8];
++ unsigned char *plain;
+ s32 code;
+
+ dprintk("RPC: %s:\n", __func__);
+@@ -53,6 +53,10 @@ krb5_make_rc4_seq_num(struct krb5_ctx *k
+ if (IS_ERR(cipher))
+ return PTR_ERR(cipher);
+
++ plain = kmalloc(8, GFP_NOFS);
++ if (!plain)
++ return -ENOMEM;
++
+ plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
+ plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
+ plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);
+@@ -68,6 +72,7 @@ krb5_make_rc4_seq_num(struct krb5_ctx *k
+
+ code = krb5_encrypt(cipher, cksum, plain, buf, 8);
+ out:
++ kfree(plain);
+ crypto_free_skcipher(cipher);
+ return code;
+ }
+@@ -78,12 +83,17 @@ krb5_make_seq_num(struct krb5_ctx *kctx,
+ u32 seqnum,
+ unsigned char *cksum, unsigned char *buf)
+ {
+- unsigned char plain[8];
++ unsigned char *plain;
++ s32 code;
+
+ if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
+ return krb5_make_rc4_seq_num(kctx, direction, seqnum,
+ cksum, buf);
+
++ plain = kmalloc(8, GFP_NOFS);
++ if (!plain)
++ return -ENOMEM;
++
+ plain[0] = (unsigned char) (seqnum & 0xff);
+ plain[1] = (unsigned char) ((seqnum >> 8) & 0xff);
+ plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);
+@@ -94,7 +104,9 @@ krb5_make_seq_num(struct krb5_ctx *kctx,
+ plain[6] = direction;
+ plain[7] = direction;
+
+- return krb5_encrypt(key, cksum, plain, buf, 8);
++ code = krb5_encrypt(key, cksum, plain, buf, 8);
++ kfree(plain);
++ return code;
+ }
+
+ static s32
+@@ -102,7 +114,7 @@ krb5_get_rc4_seq_num(struct krb5_ctx *kc
+ unsigned char *buf, int *direction, s32 *seqnum)
+ {
+ struct crypto_skcipher *cipher;
+- unsigned char plain[8];
++ unsigned char *plain;
+ s32 code;
+
+ dprintk("RPC: %s:\n", __func__);
+@@ -115,20 +127,28 @@ krb5_get_rc4_seq_num(struct krb5_ctx *kc
+ if (code)
+ goto out;
+
++ plain = kmalloc(8, GFP_NOFS);
++ if (!plain) {
++ code = -ENOMEM;
++ goto out;
++ }
++
+ code = krb5_decrypt(cipher, cksum, buf, plain, 8);
+ if (code)
+- goto out;
++ goto out_plain;
+
+ if ((plain[4] != plain[5]) || (plain[4] != plain[6])
+ || (plain[4] != plain[7])) {
+ code = (s32)KG_BAD_SEQ;
+- goto out;
++ goto out_plain;
+ }
+
+ *direction = plain[4];
+
+ *seqnum = ((plain[0] << 24) | (plain[1] << 16) |
+ (plain[2] << 8) | (plain[3]));
++out_plain:
++ kfree(plain);
+ out:
+ crypto_free_skcipher(cipher);
+ return code;
+@@ -141,7 +161,7 @@ krb5_get_seq_num(struct krb5_ctx *kctx,
+ int *direction, u32 *seqnum)
+ {
+ s32 code;
+- unsigned char plain[8];
++ unsigned char *plain;
+ struct crypto_skcipher *key = kctx->seq;
+
+ dprintk("RPC: krb5_get_seq_num:\n");
+@@ -149,18 +169,25 @@ krb5_get_seq_num(struct krb5_ctx *kctx,
+ if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
+ return krb5_get_rc4_seq_num(kctx, cksum, buf,
+ direction, seqnum);
++ plain = kmalloc(8, GFP_NOFS);
++ if (!plain)
++ return -ENOMEM;
+
+ if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
+- return code;
++ goto out;
+
+ if ((plain[4] != plain[5]) || (plain[4] != plain[6]) ||
+- (plain[4] != plain[7]))
+- return (s32)KG_BAD_SEQ;
++ (plain[4] != plain[7])) {
++ code = (s32)KG_BAD_SEQ;
++ goto out;
++ }
+
+ *direction = plain[4];
+
+ *seqnum = ((plain[0]) |
+ (plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24));
+
+- return 0;
++out:
++ kfree(plain);
++ return code;
+ }
diff --git a/patches.kabi/NFSv4.1-Fix-up-replays-of-interrupted-requests.patch b/patches.kabi/NFSv4.1-Fix-up-replays-of-interrupted-requests.patch
index c3ea25f1cd..6e8334fa2a 100644
--- a/patches.kabi/NFSv4.1-Fix-up-replays-of-interrupted-requests.patch
+++ b/patches.kabi/NFSv4.1-Fix-up-replays-of-interrupted-requests.patch
@@ -29,8 +29,8 @@ Signed-off-by: Neil Brown <neilb@suse.com>
struct rpc_task *task);
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
-@@ -929,11 +929,12 @@ void nfs4_sequence_attach_slot(struct nf
-
+@@ -932,11 +932,12 @@ void nfs4_sequence_attach_slot(struct nf
+ res->sr_slot = slot;
}
-int nfs4_setup_sequence(struct nfs_client *client,
@@ -43,7 +43,7 @@ Signed-off-by: Neil Brown <neilb@suse.com>
struct nfs4_session *session = nfs4_get_session(client);
struct nfs4_slot_table *tbl = client->cl_slot_tbl;
struct nfs4_slot *slot;
-@@ -964,7 +965,7 @@ int nfs4_setup_sequence(struct nfs_clien
+@@ -967,7 +968,7 @@ int nfs4_setup_sequence(struct nfs_clien
if (likely(!slot->interrupted))
break;
diff --git a/patches.kabi/block-kABI-fixes-for-bio_rewind_iter-removal.patch b/patches.kabi/block-kABI-fixes-for-bio_rewind_iter-removal.patch
new file mode 100644
index 0000000000..0dfde969e1
--- /dev/null
+++ b/patches.kabi/block-kABI-fixes-for-bio_rewind_iter-removal.patch
@@ -0,0 +1,214 @@
+From: Hannes Reinecke <hare@suse.de>
+Date: Tue, 9 Apr 2019 09:24:45 +0200
+Subject: [PATCH] block: kABI fixes for bio_rewind_iter() removal
+References: bsc#1131673
+Patch-Mainline: never, SLE15 kABI fix
+
+To stay kABI compliant we simply should not remove bio_rewind_iter(),
+but rather only remove it's usage in bio-integrity.c.
+As the bio_integrity_payload structure is pretty densely packed we
+cannot modify the structure, so I opted for having an internal
+structure in bio-integrity.c which holds the modifications, and
+use outcasts to get from the original payload to the internal one.
+
+Signed-off-by: Hannes Reinecke <hare@suse.com>
+---
+ block/bio-integrity.c | 33 +++++++++++++++++++++++----------
+ block/bio.c | 1 +
+ include/linux/bio.h | 22 ++++++++++++++++++----
+ include/linux/bvec.h | 3 +++
+ 4 files changed, 45 insertions(+), 14 deletions(-)
+
+diff --git a/block/bio-integrity.c b/block/bio-integrity.c
+index b2a3374da689..9562ac6efe6c 100644
+--- a/block/bio-integrity.c
++++ b/block/bio-integrity.c
+@@ -33,6 +33,11 @@
+ static struct kmem_cache *bip_slab;
+ static struct workqueue_struct *kintegrityd_wq;
+
++struct __bio_integrity_payload {
++ struct bvec_iter bio_iter; /* for rewinding parent bio */
++ struct bio_integrity_payload bip_orig;
++};
++
+ void blk_flush_integrity(void)
+ {
+ flush_workqueue(kintegrityd_wq);
+@@ -52,23 +57,25 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio,
+ gfp_t gfp_mask,
+ unsigned int nr_vecs)
+ {
++ struct __bio_integrity_payload *__bip;
+ struct bio_integrity_payload *bip;
+ struct bio_set *bs = bio->bi_pool;
+ unsigned inline_vecs;
+
+ if (!bs || !bs->bio_integrity_pool) {
+- bip = kmalloc(sizeof(struct bio_integrity_payload) +
++ __bip = kmalloc(sizeof(struct __bio_integrity_payload) +
+ sizeof(struct bio_vec) * nr_vecs, gfp_mask);
+ inline_vecs = nr_vecs;
+ } else {
+- bip = mempool_alloc(bs->bio_integrity_pool, gfp_mask);
++ __bip = mempool_alloc(bs->bio_integrity_pool, gfp_mask);
+ inline_vecs = BIP_INLINE_VECS;
+ }
+
+- if (unlikely(!bip))
++ if (unlikely(!__bip))
+ return ERR_PTR(-ENOMEM);
+
+- memset(bip, 0, sizeof(*bip));
++ memset(__bip, 0, sizeof(*__bip));
++ bip = &__bip->bip_orig;
+
+ if (nr_vecs > inline_vecs) {
+ unsigned long idx = 0;
+@@ -90,7 +97,7 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio,
+
+ return bip;
+ err:
+- mempool_free(bip, bs->bio_integrity_pool);
++ mempool_free(__bip, bs->bio_integrity_pool);
+ return ERR_PTR(-ENOMEM);
+ }
+ EXPORT_SYMBOL(bio_integrity_alloc);
+@@ -105,6 +112,8 @@ EXPORT_SYMBOL(bio_integrity_alloc);
+ static void bio_integrity_free(struct bio *bio)
+ {
+ struct bio_integrity_payload *bip = bio_integrity(bio);
++ struct __bio_integrity_payload *__bip =
++ container_of(bip, struct __bio_integrity_payload, bip_orig);
+ struct bio_set *bs = bio->bi_pool;
+
+ if (bip->bip_flags & BIP_BLOCK_INTEGRITY)
+@@ -114,9 +123,9 @@ static void bio_integrity_free(struct bio *bio)
+ if (bs && bs->bio_integrity_pool) {
+ bvec_free(bs->bvec_integrity_pool, bip->bip_vec, bip->bip_slab);
+
+- mempool_free(bip, bs->bio_integrity_pool);
++ mempool_free(__bip, bs->bio_integrity_pool);
+ } else {
+- kfree(bip);
++ kfree(__bip);
+ }
+
+ bio->bi_integrity = NULL;
+@@ -307,7 +316,9 @@ bool bio_integrity_prep(struct bio *bio)
+ bio_integrity_process(bio, &bio->bi_iter,
+ bi->profile->generate_fn);
+ } else {
+- bip->bio_iter = bio->bi_iter;
++ struct __bio_integrity_payload *__bip =
++ container_of(bip, struct __bio_integrity_payload, bip_orig);
++ __bip->bio_iter = bio->bi_iter;
+ }
+ return true;
+
+@@ -331,6 +342,8 @@ static void bio_integrity_verify_fn(struct work_struct *work)
+ {
+ struct bio_integrity_payload *bip =
+ container_of(work, struct bio_integrity_payload, bip_work);
++ struct __bio_integrity_payload *__bip =
++ container_of(bip, struct __bio_integrity_payload, bip_orig);
+ struct bio *bio = bip->bip_bio;
+ struct blk_integrity *bi = blk_get_integrity(bio->bi_disk);
+
+@@ -339,7 +352,7 @@ static void bio_integrity_verify_fn(struct work_struct *work)
+ * during split and completion, we need to rewind iterator to
+ * it's original position.
+ */
+- bio->bi_status = bio_integrity_process(bio, &bip->bio_iter,
++ bio->bi_status = bio_integrity_process(bio, &__bip->bio_iter,
+ bi->profile->verify_fn);
+ bio_integrity_free(bio);
+ bio_endio(bio);
+@@ -478,7 +491,7 @@ void __init bio_integrity_init(void)
+ panic("Failed to create kintegrityd\n");
+
+ bip_slab = kmem_cache_create("bio_integrity_payload",
+- sizeof(struct bio_integrity_payload) +
++ sizeof(struct __bio_integrity_payload) +
+ sizeof(struct bio_vec) * BIP_INLINE_VECS,
+ 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+ }
+diff --git a/block/bio.c b/block/bio.c
+index 25cfc5528bae..336eb9eab377 100644
+--- a/block/bio.c
++++ b/block/bio.c
+@@ -1921,6 +1921,7 @@ struct bio *bio_split(struct bio *bio, int sectors,
+ bio_integrity_trim(split);
+
+ bio_advance(bio, split->bi_iter.bi_size);
++ bio->bi_iter.bi_done = 0;
+
+ if (bio_flagged(bio, BIO_TRACE_COMPLETION))
+ bio_set_flag(split, BIO_TRACE_COMPLETION);
+diff --git a/include/linux/bio.h b/include/linux/bio.h
+index c8f3140f8ec0..44b4947890cf 100644
+--- a/include/linux/bio.h
++++ b/include/linux/bio.h
+@@ -165,11 +165,27 @@ static inline void bio_advance_iter(struct bio *bio, struct bvec_iter *iter,
+ {
+ iter->bi_sector += bytes >> 9;
+
+- if (bio_no_advance_iter(bio))
++ if (bio_no_advance_iter(bio)) {
+ iter->bi_size -= bytes;
+- else
++ iter->bi_done += bytes;
++ } else {
+ bvec_iter_advance(bio->bi_io_vec, iter, bytes);
+ /* TODO: It is reasonable to complete bio with error here. */
++ }
++}
++
++static inline bool bio_rewind_iter(struct bio *bio, struct bvec_iter *iter,
++ unsigned int bytes)
++{
++ iter->bi_sector -= bytes >> 9;
++
++ if (bio_no_advance_iter(bio)) {
++ iter->bi_size += bytes;
++ iter->bi_done -= bytes;
++ return true;
++ }
++
++ return bvec_iter_rewind(bio->bi_io_vec, iter, bytes);
+ }
+
+ #define __bio_for_each_segment(bvl, bio, iter, start) \
+@@ -309,8 +325,6 @@ struct bio_integrity_payload {
+ unsigned short bip_max_vcnt; /* integrity bio_vec slots */
+ unsigned short bip_flags; /* control flags */
+
+- struct bvec_iter bio_iter; /* for rewinding parent bio */
+-
+ struct work_struct bip_work; /* I/O completion */
+
+ struct bio_vec *bip_vec;
+diff --git a/include/linux/bvec.h b/include/linux/bvec.h
+index b81a0c3b6acb..ec8a4d7af6bd 100644
+--- a/include/linux/bvec.h
++++ b/include/linux/bvec.h
+@@ -40,6 +40,8 @@ struct bvec_iter {
+
+ unsigned int bi_idx; /* current index into bvl_vec */
+
++ unsigned int bi_done; /* number of bytes completed */
++
+ unsigned int bi_bvec_done; /* number of bytes completed in
+ current bvec */
+ };
+@@ -83,6 +85,7 @@ static inline bool bvec_iter_advance(const struct bio_vec *bv,
+ bytes -= len;
+ iter->bi_size -= len;
+ iter->bi_bvec_done += len;
++ iter->bi_done += len;
+
+ if (iter->bi_bvec_done == __bvec_iter_bvec(bv, *iter)->bv_len) {
+ iter->bi_bvec_done = 0;
+--
+2.16.4
+
diff --git a/patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch b/patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
new file mode 100644
index 0000000000..9adb96b413
--- /dev/null
+++ b/patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
@@ -0,0 +1,43 @@
+From: Nikolay Borisov <nborisov@suse.com>
+Date: Mon, 18 Mar 2019 17:45:20 +0200
+Subject: btrfs: Avoid possible qgroup_rsv_size overflow in
+ btrfs_calculate_inode_block_rsv_size
+Git-commit: 139a56170de67101791d6e6c8e940c6328393fe9
+Patch-mainline: v5.1-rc3
+References: git-fixes
+
+qgroup_rsv_size is calculated as the product of
+outstanding_extent * fs_info->nodesize. The product is calculated with
+32 bit precision since both variables are defined as u32. Yet
+qgroup_rsv_size expects a 64 bit result.
+
+Avoid possible multiplication overflow by casting outstanding_extent to
+u64. Such overflow would in the worst case (64K nodesize) require more
+than 65536 extents, which is quite large and i'ts not likely that it
+would happen in practice.
+
+Fixes-coverity-id: 1435101
+Fixes: ff6bc37eb7f6 ("btrfs: qgroup: Use independent and accurate per inode qgroup rsv")
+CC: stable@vger.kernel.org # 4.19+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Nikolay Borisov <nborisov@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/extent-tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
+index 1d49694e6ae3..c5880329ae37 100644
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -6174,7 +6174,7 @@ static void btrfs_calculate_inode_block_rsv_size(struct btrfs_fs_info *fs_info,
+ *
+ * This is overestimating in most cases.
+ */
+- qgroup_rsv_size = outstanding_extents * fs_info->nodesize;
++ qgroup_rsv_size = (u64)outstanding_extents * fs_info->nodesize;
+
+ spin_lock(&block_rsv->lock);
+ block_rsv->size = reserve_size;
+
diff --git a/patches.suse/btrfs-fix-bound-checking-in-qgroup_trace_new_subtree_blocks.patch b/patches.suse/btrfs-fix-bound-checking-in-qgroup_trace_new_subtree_blocks.patch
new file mode 100644
index 0000000000..58288fb72b
--- /dev/null
+++ b/patches.suse/btrfs-fix-bound-checking-in-qgroup_trace_new_subtree_blocks.patch
@@ -0,0 +1,41 @@
+From: Nikolay Borisov <nborisov@suse.com>
+Date: Mon, 18 Mar 2019 17:45:19 +0200
+Subject: btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
+Git-commit: 7ff2c2a1a71e83f74574b8001ea88deb3c166ad7
+Patch-mainline: v5.1-rc3
+References: git-fixes
+
+If 'cur_level' is 7 then the bound checking at the top of the function
+will actually pass. Later on, it's possible to dereference
+ds_path->nodes[cur_level+1] which will be an out of bounds.
+
+The correct check will be cur_level >= BTRFS_MAX_LEVEL - 1 .
+
+Fixes-coverty-id: 1440918
+Fixes-coverty-id: 1440911
+Fixes: ea49f3e73c4b ("btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree")
+CC: stable@vger.kernel.org # 4.20+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Nikolay Borisov <nborisov@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/qgroup.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
+index eb680b715dd6..e659d9d61107 100644
+--- a/fs/btrfs/qgroup.c
++++ b/fs/btrfs/qgroup.c
+@@ -1922,8 +1922,8 @@ static int qgroup_trace_new_subtree_blocks(struct btrfs_trans_handle* trans,
+ int i;
+
+ /* Level sanity check */
+- if (cur_level < 0 || cur_level >= BTRFS_MAX_LEVEL ||
+- root_level < 0 || root_level >= BTRFS_MAX_LEVEL ||
++ if (cur_level < 0 || cur_level >= BTRFS_MAX_LEVEL - 1 ||
++ root_level < 0 || root_level >= BTRFS_MAX_LEVEL - 1 ||
+ root_level < cur_level) {
+ btrfs_err_rl(fs_info,
+ "%s: bad levels, cur_level=%d root_level=%d",
+
diff --git a/patches.suse/mpt3sas-check-sense-buffer-before-copying-sense-data.patch b/patches.suse/mpt3sas-check-sense-buffer-before-copying-sense-data.patch
deleted file mode 100644
index c131046117..0000000000
--- a/patches.suse/mpt3sas-check-sense-buffer-before-copying-sense-data.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Hannes Reinecke <hare@suse.de>
-Date: Wed, 30 Jan 2019 09:16:06 +0100
-Subject: [PATCH] mpt3sas: check sense buffer before copying sense data
-References: bsc#1106811
-Patch-Mainline: never, SLE15/SLE12-SP4 specific
-
-Whether or not a sense data is present depends on the caller,
-so we should only copy in the sense data if we actually have
-buffer.
-
-Signed-off-by: Hannes Reinecke <hare@suse.com>
----
- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
---- a/drivers/scsi/mpt3sas/mpt3sas_transport.c
-+++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c
-@@ -2011,8 +2011,12 @@ _transport_smp_handler(struct Scsi_Host
- __func__,
- le16_to_cpu(mpi_reply->ResponseDataLength)));
-
-- memcpy(scsi_req(req)->sense, mpi_reply, sizeof(*mpi_reply));
-- scsi_req(req)->sense_len = sizeof(*mpi_reply);
-+ scsi_req(req)->sense_len = 0;
-+ if (scsi_req(req)->sense) {
-+ memcpy(scsi_req(req)->sense, mpi_reply,
-+ sizeof(*mpi_reply));
-+ scsi_req(req)->sense_len = sizeof(*mpi_reply);
-+ }
- scsi_req(req)->resid_len = 0;
- scsi_req(rsp)->resid_len -=
- le16_to_cpu(mpi_reply->ResponseDataLength);
diff --git a/patches.suse/scsi-libsas-allocate-sense-buffer-for-bsg-queue.patch b/patches.suse/scsi-libsas-allocate-sense-buffer-for-bsg-queue.patch
new file mode 100644
index 0000000000..6970114d63
--- /dev/null
+++ b/patches.suse/scsi-libsas-allocate-sense-buffer-for-bsg-queue.patch
@@ -0,0 +1,60 @@
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: scsi: libsas: allocate sense buffer for bsg queue
+Patch-mainline: Never, SAS was converted to bsg-lib in 4.14
+References: bsc#1131467
+
+Upstream commit 82ed4db499b (block: split scsi_request out of struct request)
+pulled the SCSI-specific components of struct request into a separate
+struct scsi_request. Prior to this commit, blk_execute_rq, bsg, sg_io,
+sg_scsi_ioctl, etc all allocated a static buffer on the stack and assigned
+it to request->sense. After this commit, queue owners became responsible
+for ensuring scsi_request->sense was initialized. The SAS BSG implementation
+was overlooked and scsi_request->sense was never cleared, causing trouble
+later when LLDDs assumed that it was a valid pointer and used it.
+
+This patch follows the convention found in the above commit and adds
+sense buffer allocation to the bsg queue for SAS devices. In 4.14,
+SAS was converted to use the bsg-lib API which does something similar.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+---
+ drivers/scsi/scsi_transport_sas.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_transport_sas.c
++++ b/drivers/scsi/scsi_transport_sas.c
+@@ -214,6 +214,23 @@ static void sas_host_release(struct devi
+ blk_cleanup_queue(q);
+ }
+
++/*
++ * struct scsi_request must be first so that scsi_req works properly.
++ * See commit 82ed4db499b (block: split scsi_request out of struct request).
++ */
++struct sas_scsi_request {
++ struct scsi_request sreq;
++ char sense[SCSI_SENSE_BUFFERSIZE];
++};
++
++static void sas_initialize_rq(struct request *rq)
++{
++ struct sas_scsi_request *req = blk_mq_rq_to_pdu(rq);
++
++ scsi_req_init(&req->sreq);
++ req->sreq.sense = req->sense;
++}
++
+ static int sas_bsg_initialize(struct Scsi_Host *shost, struct sas_rphy *rphy)
+ {
+ struct request_queue *q;
+@@ -231,8 +248,8 @@ static int sas_bsg_initialize(struct Scs
+ q = blk_alloc_queue(GFP_KERNEL);
+ if (!q)
+ return -ENOMEM;
+- q->initialize_rq_fn = scsi_initialize_rq;
+- q->cmd_size = sizeof(struct scsi_request);
++ q->initialize_rq_fn = sas_initialize_rq;
++ q->cmd_size = sizeof(struct sas_scsi_request);
+
+ if (rphy) {
+ q->request_fn = sas_non_host_smp_request;
diff --git a/series.conf b/series.conf
index 0b36859712..90e3e57cb0 100644
--- a/series.conf
+++ b/series.conf
@@ -10291,6 +10291,8 @@
patches.drivers/platform-x86-hp-wmi-Fix-tablet-mode-detection-for-co
patches.drivers/platform-x86-intel_punit_ipc-Fix-resource-ioremap-wa
patches.fixes/SUNRPC-Fix-tracepoint-storage-issues-with-svc_recv-a.patch
+ patches.fixes/nfsd4-fix-cached-replies-to-solo-SEQUENCE-compounds.patch
+ patches.fixes/nfsd4-catch-some-false-session-retries.patch
patches.fixes/0003-lockd-double-unregister-of-inetaddr-notifiers.patch
patches.fixes/0001-svcrdma-Preserve-CB-send-buffer-across-retransmits.patch
patches.fixes/nfsd-deal-with-revoked-delegations-appropriately.patch
@@ -16423,6 +16425,7 @@
patches.suse/0001-block-break-discard-submissions-into-the-user-define.patch
patches.fixes/0001-sbitmap-fix-race-in-wait-batch-accounting.patch
patches.suse/0001-nbd-fix-nbd-device-deletion.patch
+ patches.fixes/nvme-only-reconfigure-discard-if-necessary.patch
patches.fixes/blkdev_report_zones_ioctl-use-vmalloc-to-allocate-large-buffers.patch
patches.fixes/bdi-Move-cgroup-bdi_writeback-to-a-dedicated-low-con.patch
patches.fixes/block-don-t-print-a-message-when-the-device-went-awa.patch
@@ -19479,6 +19482,7 @@
patches.fixes/0006-arm64-lse-remove-fcall-used-x0-flag.patch
patches.fixes/0008-arm64-numa-Report-correct-memblock-range-for-the-dum.patch
patches.fixes/0009-arm64-numa-Unify-common-error-path-in-numa_init.patch
+ patches.fixes/block-remove-bio_rewind_iter.patch
patches.fixes/cdrom-fix-improper-type-cast-which-can-leat-to-infor.patch
patches.fixes/nvme_fc-add-nvme_discovery-sysfs-attribute-to-fc-tra.patch
patches.fixes/nvme-call-nvme_complete_rq-when-nvmf_check_ready-fai.patch
@@ -19531,6 +19535,7 @@
patches.drivers/net-hns3-Fix-for-loopback-selftest-failed-problem.patch
patches.drivers/net-hns3-Fix-ping-exited-problem-when-doing-lp-selft.patch
patches.drivers/net-hns3-Preserve-vlan-0-in-hardware-table.patch
+ patches.fixes/0001-cxgb4-add-per-rx-queue-counter-for-packet-errors.patch
patches.arch/s390-qeth-invoke-softirqs-after-napi_schedule
patches.drivers/net-ibm-fix-return-type-of-ndo_start_xmit-function.patch
patches.drivers/net-hns3-Add-support-for-hns3_nic_netdev_ops.ndo_do_.patch
@@ -21028,6 +21033,7 @@
patches.suse/mm-oom-fix-use-after-free-in-oom_kill_process.patch
patches.suse/mm-hwpoison-use-do_send_sig_info-instead-of-force_sig.patch
patches.suse/mm-migrate-don-t-rely-on-__PageMovable-of-newpage-after-unlocking-it.patch
+ patches.fixes/md-raid5-fix-out-of-memory-during-raid-cache-recover.patch
patches.fixes/blk-mq-fix-a-hung-issue-when-fsync.patch
patches.suse/0002-Btrfs-fix-deadlock-when-allocating-tree-block-during.patch
patches.arch/x86-speculation-remove-redundant-arch_smt_update-invocation.patch
@@ -21116,7 +21122,10 @@
patches.drm/0005-drm-i915-opregion-fix-version-check.patch
patches.drm/0006-drm-i915-opregion-rvda-is-relative-from-opregion-bas.patch
patches.drivers/floppy-check_events-callback-should-not-return-a-neg.patch
+ patches.fixes/md-raid1-don-t-clear-bitmap-bits-on-interrupted-reco.patch
patches.drivers/auxdisplay-ht16k33-fix-potential-user-after-free-on-.patch
+ patches.fixes/NFS-Don-t-use-page_file_mapping-after-removing-the-p.patch
+ patches.fixes/sunrpc-fix-4-more-call-sites-that-were-using-stack-m.patch
patches.drivers/Input-bma150-register-input-device-after-setting-pri.patch
patches.drivers/Input-elantech-enable-3rd-button-support-on-Fujitsu-.patch
patches.drivers/Input-cap11xx-switch-to-using-set_brightness_blockin.patch
@@ -21193,6 +21202,7 @@
patches.drivers/iwlwifi-mvm-avoid-possible-access-out-of-array.patch
patches.drivers/iwlwifi-mvm-fix-A-MPDU-reference-assignment.patch
patches.drivers/mt7601u-bump-supported-EEPROM-version.patch
+ patches.fixes/0001-cxgb4-Mask-out-interrupts-that-are-not-enabled.patch
patches.drivers/iwlwifi-mvm-fix-RSS-config-command.patch
patches.drivers/ath9k-Avoid-OF-no-EEPROM-quirks-without-qca-no-eepro.patch
patches.drivers/iwlwifi-pcie-fix-emergency-path.patch
@@ -21298,6 +21308,9 @@
patches.suse/powerpc-livepatch-relax-reliable-stack-tracer-checks-for-first-frame.patch
patches.suse/powerpc-livepatch-small-cleanups-in-save_stack_trace_tsk_reliable.patch
patches.arch/powerpc-pseries-export-timebase-register-sample-in-l.patch
+ patches.arch/powerpc-hugetlb-Handle-mmap_min_addr-correctly-in-ge.patch
+ patches.arch/powerpc-mm-hash-Handle-mmap_min_addr-correctly-in-ge.patch
+ patches.arch/powerpc-mm-Check-secondary-hash-page-table.patch
patches.fixes/lib-div64.c-off-by-one-in-shift.patch
patches.fixes/sysctl-handle-overflow-for-file-max.patch
patches.drm/drm-dp-mst-Configure-no_stop_bit-correctly-for-remot.patch
@@ -21414,6 +21427,14 @@
patches.fixes/perf-x86-intel-implement-support-for-tsx-force-abort.patch
patches.fixes/fsdevpts-always-delete-dcache-dentry-s-in-dput.patch
patches.fixes/splice-dont-merge-into-linked-buffers.patch
+ patches.fixes/NFS-Fix-I-O-request-leakages.patch
+ patches.fixes/NFS-Fix-an-I-O-request-leakage-in-nfs_do_recoalesce.patch
+ patches.fixes/NFS-Don-t-recoalesce-on-error-in-nfs_pageio_complete.patch
+ patches.fixes/fs-nfs-Fix-nfs_parse_devname-to-not-modify-it-s-argu.patch
+ patches.fixes/NFS-Fix-a-soft-lockup-in-the-delegation-recovery-cod.patch
+ patches.fixes/NFS-pnfs-Bulk-destroy-of-layouts-needs-to-be-safe-w..patch
+ patches.fixes/NFSv4.1-Reinitialise-sequence-results-before-retrans.patch
+ patches.fixes/NFSv4-flexfiles-Fix-invalid-deref-in-FF_LAYOUT_DEVID.patch
patches.suse/Btrfs-fix-corruption-reading-shared-and-compressed-e.patch
patches.suse/btrfs-fix-deadlock-between-clone-dedupe-and-rename.patch
patches.suse/0001-btrfs-check-for-refs-on-snapshot-delete-resume.patch
@@ -21433,6 +21454,7 @@
patches.fixes/libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch
patches.fixes/nfit-ars-Attempt-a-short-ARS-whenever-the-ARS-state-.patch
patches.fixes/nfit-ars-Attempt-short-ARS-even-in-the-no_init_ars-c.patch
+ patches.fixes/0001-crypto-caam-add-missing-put_device-call.patch
patches.drivers/clk-highbank-fix-refcount-leak-in-hb_clk_init.patch
patches.drivers/clk-qoriq-fix-refcount-leak-in-clockgen_init.patch
patches.drivers/clk-socfpga-fix-refcount-leak.patch
@@ -21480,7 +21502,10 @@
patches.drm/fbdev-fbmem-fix-memory-access-if-logo-is-bigger-than.patch
patches.drivers/iommu-amd-fix-null-dereference-bug-in-match_hid_uid
patches.arch/svm-fix-improper-check-when-deactivate-avic
+ patches.fixes/It-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape.patch
+ patches.fixes/md-Fix-failed-allocation-of-md_register_thread.patch
patches.fixes/nvme-fc-reject-reconnect-if-io-queue-count-is-reduce.patch
+ patches.fixes/nvme-add-proper-discard-setup-for-the-multipath-devi.patch
patches.fixes/9p-use-inode-i_lock-to-protect-i_size_write-under-32.patch
patches.fixes/9p-net-fix-memory-leak-in-p9_client_create.patch
patches.fixes/perf-x86-intel-fix-memory-corruption.patch
@@ -21515,7 +21540,12 @@
patches.fixes/ext4-cleanup-bh-release-code-in-ext4_ind_remove_spac.patch
patches.suse/Btrfs-fix-incorrect-file-size-after-shrinking-trunca.patch
patches.suse/btrfs-remove-WARN_ON-in-log_dir_items.patch
+ patches.suse/btrfs-fix-bound-checking-in-qgroup_trace_new_subtree_blocks.patch
+ patches.suse/btrfs-avoid-possible-qgroup_rsv_size-overflow-in-btrfs_calculate_inode_block_rsv_size.patch
patches.suse/Btrfs-fix-assertion-failure-on-fsync-with-NO_HOLES-e.patch
+ patches.fixes/NFS-fix-mount-umount-race-in-nlmclnt.patch
+ patches.fixes/NFSv4.1-don-t-free-interrupted-slot-on-open.patch
+ patches.fixes/NFS-Fix-a-typo-in-nfs_init_timeout_values.patch
patches.drivers/mISDN-hfcpci-Test-both-vendor-device-ID-for-Digium-H.patch
patches.fixes/rhashtable-Still-do-rehash-when-we-get-EEXIST.patch
patches.fixes/bpf-do-not-restore-dst_reg-when-cur_state-is-freed.patch
@@ -21537,6 +21567,8 @@
patches.drivers/iommu-amd-reserve-exclusion-range-in-iova-domain
patches.fixes/mm-Fix-modifying-of-page-protection-by-insert_pfn.patch
patches.fixes/ocfs2-fix-inode-bh-swapping-mixup-in-ocfs2_reflink_i.patch
+ patches.fixes/0001-mm-debug.c-fix-__dump_page-when-mapping-host-is-not-.patch
+ patches.fixes/0001-mm-page_isolation.c-fix-a-wrong-flag-in-set_migratet.patch
patches.drivers/usb-host-xhci-rcar-Add-XHCI_TRUST_TX_LENGTH-quirk.patch
patches.fixes/0001-usb-common-Consider-only-available-nodes-for-dr_mode.patch
patches.drivers/xhci-Fix-port-resume-done-detection-for-SS-ports-wit.patch
@@ -21554,6 +21586,7 @@
patches.drivers/serial-max310x-Fix-to-avoid-potential-NULL-pointer-d.patch
patches.drivers/tty-atmel_serial-fix-a-potential-NULL-pointer-derefe.patch
patches.drivers/serial-sh-sci-Fix-setting-SCSCR_TIE-while-transferri.patch
+ patches.drivers/Disable-kgdboc-failed-by-echo-space-to-sys-module-kg.patch
patches.drivers/staging-rtl8712-uninitialized-memory-in-read_bbreg_h.patch
patches.drivers/gpio-adnp-Fix-testing-wrong-value-in-adnp_gpio_direc.patch
patches.drivers/gpio-of-Fix-of_gpiochip_add-error-path.patch
@@ -21567,6 +21600,7 @@
patches.drivers/ibmvnic-Fix-completion-structure-initialization.patch
patches.drm/drm-i915-gvt-do-not-deliver-a-workload-if-its-creati.patch
patches.drm/0003-drm-i915-gvt-do-not-let-pin-count-of-shadow-mm-go-ne.patch
+ patches.fixes/dm-disable-DISCARD-if-the-underlying-storage-no-long.patch
patches.fixes/mm-huge_memory.c-fix-modifying-of-page-protection-by-insert_pfn_pmd.patch
# davem/net-next
@@ -21584,13 +21618,12 @@
patches.fixes/ext4-close-race-between-direct-IO-and-ext4_break_layouts.patch
patches.arch/powerpc-pseries-Track-LMB-nid-instead-of-using-devic.patch
patches.arch/powerpc-tm-Avoid-machine-crash-on-rt_sigreturn.patch
- patches.suse/mpt3sas-check-sense-buffer-before-copying-sense-data.patch
patches.suse/nvme-multipath-round-robin-I-O-policy.patch
patches.suse/cifs-fix-set-info.patch
- patches.fixes/bsg-Do-not-copy-sense-if-no-response-buffer-is-alloc.patch
patches.fixes/block_dev-fix-crash-on-chained-bios-with-O_DIRECT.patch
patches.fixes/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch
patches.fixes/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
+ patches.suse/scsi-libsas-allocate-sense-buffer-for-bsg-queue.patch
########################################################
# end of sorted patches
@@ -21941,6 +21974,8 @@
# bsc#1120008 kABI fix
patches.kabi/0001-kABI-Preserve-kABI-for-dma_max_mapping_size.patch
+ # bsc#1131673 kABI fix
+ patches.kabi/block-kABI-fixes-for-bio_rewind_iter-removal.patch
########################################################
# DRM/Video