Home Home > GIT Browse > SLE15
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOliver Neukum <oneukum@suse.com>2018-02-06 11:58:10 +0100
committerOliver Neukum <oneukum@suse.com>2018-02-06 11:58:10 +0100
commitb6ee9ae5d4f9657ad807882bd0a7c3783fee24b0 (patch)
tree3a4d1e8c074f00584a4500e473619afed5ecb0bc
parentaf1ac1ab3072993efe86838fff1bdfb3caeed39d (diff)
parentfc68874530b3e0d93f17bc638bb2828bf5b298fa (diff)
Merge remote-tracking branch 'origin/SLE12-SP3' into openSUSE-42.3rpm-4.4.114-42
-rw-r--r--config/ppc64le/debug1
-rw-r--r--config/ppc64le/default1
-rw-r--r--patches.arch/0002-arm64-cpu_errata-Allow-an-erratum-to-be-match-for-al.patch5
-rw-r--r--patches.arch/KVM-s390-Enable-all-facility-bits-that-are-known-goo.patch38
-rw-r--r--patches.arch/KVM-s390-wire-up-bpb-feature.patch131
-rw-r--r--patches.arch/s390-sles12sp3-cpuinfo-show-facilities-as-reported-by-stfle.patch64
-rw-r--r--patches.arch/x86-cpufeature-add-avx512_4vnniw-and-avx512_4fmaps-features.patch2
-rw-r--r--patches.drivers/0001-md-more-open-coded-offset_in_page.patch8
-rw-r--r--patches.drivers/0002-bcache-bch_writeback_thread-is-not-freezable.patch6
-rw-r--r--patches.drivers/0003-bcache-bch_allocator_thread-is-not-freezable.patch6
-rw-r--r--patches.drivers/0004-bcache-documentation-updates-and-corrections.patch246
-rw-r--r--patches.drivers/0005-bcache-documentation-formatting-edited-for-clarity-s.patch261
-rw-r--r--patches.drivers/0006-bcache-partition-support-add-16-minors-per-bcacheN-d.patch (renamed from patches.drivers/0001-bcache-partition-support-add-16-minors-per-bcacheN-d.patch)10
-rw-r--r--patches.drivers/0007-bcache-use-kmalloc-to-allocate-bio-in-bch_data_verif.patch46
-rw-r--r--patches.drivers/0008-bcache.txt-standardize-document-format.patch460
-rw-r--r--patches.drivers/0009-bcache-fix-sequential-large-write-IO-bypass.patch51
-rw-r--r--patches.drivers/0010-bcache-Don-t-reinvent-the-wheel-but-use-existing-lli.patch50
-rw-r--r--patches.drivers/0011-bcache-gc-does-not-work-when-triggering-by-manual-co.patch55
-rw-r--r--patches.drivers/0012-bcache-increase-the-number-of-open-buckets.patch61
-rw-r--r--patches.drivers/0013-bcache-silence-static-checker-warning.patch39
-rw-r--r--patches.drivers/0014-bcache-Update-continue_at-documentation.patch45
-rw-r--r--patches.drivers/0015-bcache-use-llist_for_each_entry_safe-in-__closure_wa.patch73
-rw-r--r--patches.drivers/0016-bcache-Avoid-nested-function-definition.patch68
-rw-r--r--patches.drivers/0017-bcache-fix-a-comments-typo-in-bch_alloc_sectors.patch38
-rw-r--r--patches.drivers/0018-bcache-rewrite-multiple-partitions-support.patch155
-rw-r--r--patches.drivers/0019-bcache-Remove-redundant-set_capacity.patch38
-rw-r--r--patches.drivers/0020-bcache-update-bio-bi_opf-bypass-writeback-REQ_-flag-.patch65
-rw-r--r--patches.drivers/0021-bcache-remove-unused-parameter.patch72
-rw-r--r--patches.drivers/0022-bcache-don-t-write-back-data-if-reading-it-failed.patch52
-rw-r--r--patches.drivers/0023-bcache-implement-PI-controller-for-writeback-rate.patch277
-rw-r--r--patches.drivers/0024-bcache-smooth-writeback-rate-control.patch73
-rw-r--r--patches.drivers/0025-bcache-writeback-rate-shouldn-t-artifically-clamp.patch90
-rw-r--r--patches.drivers/0026-bcache-rearrange-writeback-main-thread-ratelimit.patch58
-rw-r--r--patches.drivers/0027-bcache-safeguard-a-dangerous-addressing-in-closure_q.patch45
-rw-r--r--patches.drivers/0028-bcache-writeback-rate-clamping-make-32-bit-safe.patch40
-rw-r--r--patches.drivers/0029-bcache-update-bucket_in_use-in-real-time.patch161
-rw-r--r--patches.drivers/0030-bcache-add-a-comment-in-journal-bucket-reading.patch55
-rw-r--r--patches.drivers/0031-bcache-check-return-value-of-register_shrinker.patch43
-rw-r--r--patches.drivers/IB-qib-Fix-comparison-error-with-qperf-compare-swap-.patch48
-rw-r--r--patches.drivers/be2net-restore-properly-promisc-mode-after-queues-re.patch53
-rw-r--r--patches.drivers/bnxt_en-Don-t-print-Link-speed-1-no-longer-supported.patch3
-rw-r--r--patches.drivers/bonding-add-802.3ad-support-for-100G-speeds.patch2
-rw-r--r--patches.drivers/bonding-allow-notifications-for-bond_set_slave_link_.patch2
-rw-r--r--patches.drivers/e1000e-Avoid-receiver-overrun-interrupt-bursts.patch106
-rw-r--r--patches.drivers/i40iw-Correct-Q1-XF-object-count-equation.patch34
-rw-r--r--patches.drivers/i40iw-Fix-sequence-number-for-the-first-partial-FPDU.patch41
-rw-r--r--patches.drivers/i40iw-Fix-the-connection-ORD-value-for-loopback.patch105
-rw-r--r--patches.drivers/i40iw-Remove-limit-on-re-posting-AEQ-entries-to-HW.patch46
-rw-r--r--patches.drivers/i40iw-Selectively-teardown-QPs-on-IP-addr-change-eve.patch112
-rw-r--r--patches.drivers/i40iw-Validate-correct-IRD-ORD-connection-parameters.patch43
-rw-r--r--patches.drivers/ibmvnic-Allocate-and-request-vpd-in-init_resources.patch49
-rw-r--r--patches.drivers/ibmvnic-Don-t-handle-RX-interrupts-when-not-up.patch3
-rw-r--r--patches.drivers/ibmvnic-Fix-IP-offload-control-buffer.patch40
-rw-r--r--patches.drivers/ibmvnic-Fix-IPv6-packet-descriptors.patch62
-rw-r--r--patches.drivers/ibmvnic-Fix-pending-MAC-address-changes.patch3
-rw-r--r--patches.drivers/ibmvnic-Include-header-descriptor-support-for-ARP-pa.patch3
-rw-r--r--patches.drivers/ibmvnic-Increase-maximum-number-of-RX-TX-queues.patch3
-rw-r--r--patches.drivers/ibmvnic-Modify-buffer-size-and-number-of-queues-on-f.patch73
-rw-r--r--patches.drivers/ibmvnic-Rename-IBMVNIC_MAX_TX_QUEUES-to-IBMVNIC_MAX_.patch3
-rw-r--r--patches.drivers/ibmvnic-Revert-to-previous-mtu-when-unsupported-valu.patch193
-rw-r--r--patches.drivers/ibmvnic-Wait-for-device-response-when-changing-MAC.patch103
-rw-r--r--patches.drivers/ibmvnic-fix-firmware-version-when-no-firmware-level-.patch44
-rw-r--r--patches.drivers/intel_idle-Use-intel-family-macros.patch2
-rw-r--r--patches.drivers/mm-dax-dax-pmd-vs-thp-pmd-vs-hugetlbfs-pmd.patch29
-rw-r--r--patches.drivers/net-mlx5e-Fix-fixpoint-divide-exception-in-mlx5e_am_.patch44
-rw-r--r--patches.drivers/nvme-fc-merge-error-on-sles12sp3-for-reset_work.patch46
-rw-r--r--patches.drivers/powercap-RAPL-add-support-for-Denverton6
-rw-r--r--patches.drivers/scsi-lpfc-Use-after-free-in-lpfc_rq_buf_free.patch40
-rw-r--r--patches.drivers/x86-powercap-rapl-Reorder-CPU-detection-table4
-rw-r--r--patches.drivers/x86-powercap-rapl-Use-Intel-model-macros-intead-of-o4
-rw-r--r--patches.fixes/0001-CDC-ACM-apply-quirk-for-card-reader.patch35
-rw-r--r--patches.fixes/0001-NFS-Add-a-cond_resched-to-nfs_commit_release_pages.patch31
-rw-r--r--patches.fixes/ACPI-scan-Prefer-devices-without-_HID-for-_ADR-match.patch56
-rw-r--r--patches.fixes/bonding-don-t-use-stale-speed-and-duplex-information.patch4
-rw-r--r--patches.fixes/bonding-fix-802.3ad-aggregator-reselection.patch4
-rw-r--r--patches.fixes/ceph-more-accurate-statfs.patch98
-rw-r--r--patches.fixes/dlm-fix-malfunction-of-dlm_tool-caused-by-debugfs-ch.patch143
-rw-r--r--patches.fixes/ipvlan-remove-excessive-packet-scrubbing.patch51
-rw-r--r--patches.fixes/mm-mprotect-add-a-cond_resched-inside-change_pmd_ran.patch83
-rw-r--r--patches.fixes/rtc-cmos-initialize-hpet-timer-before-irq-is-registe.patch112
-rw-r--r--patches.fixes/scsi-check-for-device-state-in-__scsi_remove_target.patch3
-rw-r--r--patches.fixes/tipc-improve-link-resiliency-when-rps-is-activated.patch351
-rw-r--r--patches.fixes/x86-boot-Fix-early-command-line-parsing-when-matchin.patch126
-rw-r--r--patches.fixes/xfs-reinit-btree-pointer-on-attr-tree-inactivation-walk.patch54
-rw-r--r--patches.fixes/xfs-validate-sb_logsunit-is-a-multiple-of-the-fs-blo.patch57
-rw-r--r--patches.kabi/kabi-KVM-s390-wire-up-bpb-feature.patch57
-rw-r--r--patches.kabi/kabi-protect-struct-bpf_map.patch6
-rw-r--r--patches.kabi/kabi-protect-struct-usbip_device.patch30
-rw-r--r--patches.kabi/partially-revert-tipc-improve-link-resiliency-when-r.patch112
-rw-r--r--patches.kabi/revert-sched-deadline-Use-the-revised-wakeup-rule-fo.patch185
-rw-r--r--patches.kernel.org/4.4.113-001-gcov-disable-for-COMPILE_TEST.patch45
-rw-r--r--patches.kernel.org/4.4.113-002-x86-cpu-AMD-Make-LFENCE-a-serializing-instruc.patch (renamed from patches.suse/0001-x86-cpu-AMD-Make-LFENCE-a-serializing-instruction.patch)12
-rw-r--r--patches.kernel.org/4.4.113-003-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to.patch (renamed from patches.suse/0002-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to-MFENCE.patch)12
-rw-r--r--patches.kernel.org/4.4.113-004-x86-mm-32-Move-setup_clear_cpu_cap-X86_FEATUR.patch (renamed from patches.suse/0003-x86-mm-32-Move-setup_clear_cpu_cap-X86_FEATURE_PCID-.patch)12
-rw-r--r--patches.kernel.org/4.4.113-005-x86-asm-Use-register-variable-to-get-stack-po.patch (renamed from patches.suse/0004-x86-asm-Use-register-variable-to-get-stack-pointer-v.patch)17
-rw-r--r--patches.kernel.org/4.4.113-006-x86-kbuild-enable-modversions-for-symbols-exp.patch (renamed from patches.suse/0005-x86-kbuild-enable-modversions-for-symbols-exported-f.patch)16
-rw-r--r--patches.kernel.org/4.4.113-007-x86-asm-Make-asm-alternative.h-safe-from-asse.patch (renamed from patches.suse/0006-x86-asm-Make-asm-alternative.h-safe-from-assembly.patch)16
-rw-r--r--patches.kernel.org/4.4.113-008-EXPORT_SYMBOL-for-asm.patch (renamed from patches.suse/0007-EXPORT_SYMBOL-for-asm.patch)16
-rw-r--r--patches.kernel.org/4.4.113-009-kconfig.h-use-__is_defined-to-check-if-MODULE.patch (renamed from patches.suse/0008-kconfig.h-use-__is_defined-to-check-if-MODULE-is-def.patch)16
-rw-r--r--patches.kernel.org/4.4.113-010-x86-retpoline-Add-initial-retpoline-support.patch (renamed from patches.suse/0009-x86-retpoline-Add-initial-retpoline-support.patch)30
-rw-r--r--patches.kernel.org/4.4.113-011-x86-spectre-Add-boot-time-option-to-select-Sp.patch (renamed from patches.suse/0010-x86-spectre-Add-boot-time-option-to-select-Spectre-v.patch)17
-rw-r--r--patches.kernel.org/4.4.113-012-x86-retpoline-crypto-Convert-crypto-assembler.patch (renamed from patches.suse/0011-x86-retpoline-crypto-Convert-crypto-assembler-indire.patch)16
-rw-r--r--patches.kernel.org/4.4.113-013-x86-retpoline-entry-Convert-entry-assembler-i.patch (renamed from patches.suse/0012-x86-retpoline-entry-Convert-entry-assembler-indirect.patch)25
-rw-r--r--patches.kernel.org/4.4.113-014-x86-retpoline-ftrace-Convert-ftrace-assembler.patch (renamed from patches.suse/0013-x86-retpoline-ftrace-Convert-ftrace-assembler-indire.patch)18
-rw-r--r--patches.kernel.org/4.4.113-015-x86-retpoline-hyperv-Convert-assembler-indire.patch (renamed from patches.suse/0014-x86-retpoline-hyperv-Convert-assembler-indirect-jump.patch)12
-rw-r--r--patches.kernel.org/4.4.113-016-x86-retpoline-xen-Convert-Xen-hypercall-indir.patch (renamed from patches.suse/0015-x86-retpoline-xen-Convert-Xen-hypercall-indirect-jum.patch)10
-rw-r--r--patches.kernel.org/4.4.113-017-x86-retpoline-checksum32-Convert-assembler-in.patch (renamed from patches.suse/0016-x86-retpoline-checksum32-Convert-assembler-indirect-.patch)10
-rw-r--r--patches.kernel.org/4.4.113-018-x86-retpoline-irq32-Convert-assembler-indirec.patch (renamed from patches.suse/0017-x86-retpoline-irq32-Convert-assembler-indirect-jumps.patch)12
-rw-r--r--patches.kernel.org/4.4.113-019-x86-retpoline-Fill-return-stack-buffer-on-vme.patch (renamed from patches.suse/0018-x86-retpoline-Fill-return-stack-buffer-on-vmexit.patch)16
-rw-r--r--patches.kernel.org/4.4.113-020-x86-retpoline-Remove-compile-time-warning.patch (renamed from patches.suse/0019-x86-retpoline-Remove-compile-time-warning.patch)10
-rw-r--r--patches.kernel.org/4.4.113-021-scsi-sg-disable-SET_FORCE_LOW_DMA.patch118
-rw-r--r--patches.kernel.org/4.4.113-022-futex-Prevent-overflow-by-strengthen-input-va.patch45
-rw-r--r--patches.kernel.org/4.4.113-023-ALSA-pcm-Remove-yet-superfluous-WARN_ON.patch (renamed from patches.drivers/ALSA-pcm-Remove-yet-superfluous-WARN_ON)20
-rw-r--r--patches.kernel.org/4.4.113-024-ALSA-hda-Apply-headphone-noise-quirk-for-anot.patch (renamed from patches.drivers/ALSA-hda-Apply-headphone-noise-quirk-for-another-Del)25
-rw-r--r--patches.kernel.org/4.4.113-025-ALSA-hda-Apply-the-existing-quirk-to-iMac-14-.patch (renamed from patches.drivers/ALSA-hda-Apply-the-existing-quirk-to-iMac-14-1)22
-rw-r--r--patches.kernel.org/4.4.113-026-af_key-fix-buffer-overread-in-verify_address_.patch68
-rw-r--r--patches.kernel.org/4.4.113-027-af_key-fix-buffer-overread-in-parse_exthdrs.patch58
-rw-r--r--patches.kernel.org/4.4.113-028-scsi-hpsa-fix-volume-offline-state.patch (renamed from patches.drivers/scsi-hpsa-fix-volume-offline-state.patch)21
-rw-r--r--patches.kernel.org/4.4.113-029-sched-deadline-Zero-out-positive-runtime-afte.patch (renamed from patches.suse/sched-deadline-Zero-out-positive-runtime-after-throt.patch)19
-rw-r--r--patches.kernel.org/4.4.113-030-x86-retpoline-Add-LFENCE-to-the-retpoline-RSB.patch97
-rw-r--r--patches.kernel.org/4.4.113-031-module-Add-retpoline-tag-to-VERMAGIC.patch58
-rw-r--r--patches.kernel.org/4.4.113-032-pipe-avoid-round_pipe_size-nr_pages-overflow-.patch120
-rw-r--r--patches.kernel.org/4.4.113-033-x86-apic-vector-Fix-off-by-one-in-error-path.patch61
-rw-r--r--patches.kernel.org/4.4.113-034-Input-88pm860x-ts-fix-child-node-lookup.patch77
-rw-r--r--patches.kernel.org/4.4.113-035-Input-twl6040-vibra-fix-DT-node-memory-manage.patch42
-rw-r--r--patches.kernel.org/4.4.113-036-Input-twl6040-vibra-fix-child-node-lookup.patch47
-rw-r--r--patches.kernel.org/4.4.113-037-Input-twl4030-vibra-fix-sibling-node-lookup.patch48
-rw-r--r--patches.kernel.org/4.4.113-038-tracing-Fix-converting-enum-s-from-the-map-in.patch100
-rw-r--r--patches.kernel.org/4.4.113-039-phy-work-around-phys-references-to-usb-nop-xc.patch84
-rw-r--r--patches.kernel.org/4.4.113-040-ARM-dts-kirkwood-fix-pin-muxing-of-MPP7-on-Op.patch81
-rw-r--r--patches.kernel.org/4.4.113-041-can-peak-fix-potential-bug-in-packet-fragment.patch75
-rw-r--r--patches.kernel.org/4.4.113-042-libata-apply-MAX_SEC_1024-to-all-LITEON-EP1-s.patch37
-rw-r--r--patches.kernel.org/4.4.113-043-dm-btree-fix-serious-bug-in-btree_split_benea.patch77
-rw-r--r--patches.kernel.org/4.4.113-044-dm-thin-metadata-THIN_MAX_CONCURRENT_LOCKS-sh.patch59
-rw-r--r--patches.kernel.org/4.4.113-045-arm64-KVM-Fix-SMCCC-handling-of-unimplemented.patch (renamed from patches.suse/0030-arm64-KVM-Fix-SMCCC-handling-of-unimplemented-SMC-HV.patch)21
-rw-r--r--patches.kernel.org/4.4.113-046-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-proc.patch51
-rw-r--r--patches.kernel.org/4.4.113-047-kbuild-modversions-for-EXPORT_SYMBOL-for-asm.patch169
-rw-r--r--patches.kernel.org/4.4.113-048-x86-mce-Make-machine-check-speculation-protec.patch72
-rw-r--r--patches.kernel.org/4.4.113-049-retpoline-Introduce-start-end-markers-of-indi.patch80
-rw-r--r--patches.kernel.org/4.4.113-050-kprobes-x86-Blacklist-indirect-thunk-function.patch45
-rw-r--r--patches.kernel.org/4.4.113-051-kprobes-x86-Disable-optimizing-on-the-functio.patch86
-rw-r--r--patches.kernel.org/4.4.113-052-x86-pti-Document-fix-wrong-index.patch37
-rw-r--r--patches.kernel.org/4.4.113-053-x86-retpoline-Optimize-inline-assembler-for-v.patch62
-rw-r--r--patches.kernel.org/4.4.113-054-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-.patch64
-rw-r--r--patches.kernel.org/4.4.113-055-Linux-4.4.113.patch27
-rw-r--r--patches.kernel.org/4.4.114-001-x86-asm-32-Make-sync_core-handle-missing-CPUI.patch50
-rw-r--r--patches.kernel.org/4.4.114-002-usbip-prevent-vhci_hcd-driver-from-leaking-a-.patch132
-rw-r--r--patches.kernel.org/4.4.114-003-usbip-Fix-implicit-fallthrough-warning.patch40
-rw-r--r--patches.kernel.org/4.4.114-004-usbip-Fix-potential-format-overflow-in-usersp.patch113
-rw-r--r--patches.kernel.org/4.4.114-005-x86-microcode-intel-Fix-BDW-late-loading-revi.patch33
-rw-r--r--patches.kernel.org/4.4.114-006-x86-cpu-intel-Introduce-macros-for-Intel-fami.patch (renamed from patches.arch/x86-cpu-intel-introduce-macros-for-intel-family-numbers)27
-rw-r--r--patches.kernel.org/4.4.114-007-x86-retpoline-Fill-RSB-on-context-switch-for-.patch216
-rw-r--r--patches.kernel.org/4.4.114-008-sched-deadline-Use-the-revised-wakeup-rule-fo.patch284
-rw-r--r--patches.kernel.org/4.4.114-009-can-af_can-can_rcv-replace-WARN_ONCE-by-pr_wa.patch53
-rw-r--r--patches.kernel.org/4.4.114-010-can-af_can-canfd_rcv-replace-WARN_ONCE-by-pr_.patch54
-rw-r--r--patches.kernel.org/4.4.114-011-PM-sleep-declare-__tracedata-symbols-as-char-.patch (renamed from patches.fixes/PM-sleep-declare-__tracedata-symbols-as-char-rather-.patch)12
-rw-r--r--patches.kernel.org/4.4.114-012-time-Avoid-undefined-behaviour-in-ktime_add_s.patch (renamed from patches.fixes/time-Avoid-undefined-behaviour-in-ktime_add_safe.patch)23
-rw-r--r--patches.kernel.org/4.4.114-013-timers-Plug-locking-race-vs.-timer-migration.patch (renamed from patches.fixes/timers-Plug-locking-race-vs.-timer-migration.patch)20
-rw-r--r--patches.kernel.org/4.4.114-014-Prevent-timer-value-0-for-MWAITX.patch (renamed from patches.arch/0001-Prevent-timer-value-0-for-MWAITX.patch)14
-rw-r--r--patches.kernel.org/4.4.114-015-drivers-base-cacheinfo-fix-x86-with-CONFIG_OF.patch (renamed from patches.drivers/0001-drivers-base-cacheinfo-fix-x86-with-CONFIG_OF-enable.patch)16
-rw-r--r--patches.kernel.org/4.4.114-016-drivers-base-cacheinfo-fix-boot-error-message.patch (renamed from patches.drivers/0001-drivers-base-cacheinfo-fix-boot-error-message-when-a.patch)15
-rw-r--r--patches.kernel.org/4.4.114-017-PCI-layerscape-Add-fsl-ls2085a-pcie-compatibl.patch (renamed from patches.arch/arm64-0001-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch)13
-rw-r--r--patches.kernel.org/4.4.114-018-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch (renamed from patches.arch/arm64-0002-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch)13
-rw-r--r--patches.kernel.org/4.4.114-019-mmc-sdhci-of-esdhc-add-remove-some-quirks-acc.patch (renamed from patches.arch/arm64-mmc-sdhci-of-esdhc-add-remove-some-quirks-according-.patch)13
-rw-r--r--patches.kernel.org/4.4.114-020-fs-select-add-vmalloc-fallback-for-select-2.patch (renamed from patches.fixes/fs-select-add-vmalloc-fallback-for-select2.patch)23
-rw-r--r--patches.kernel.org/4.4.114-021-mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-.patch (renamed from patches.fixes/mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-holes-i.patch)21
-rw-r--r--patches.kernel.org/4.4.114-022-hwpoison-memcg-forcibly-uncharge-LRU-pages.patch (renamed from patches.fixes/hwpoison-memcg-forcibly-uncharge-LRU-pages.patch)18
-rw-r--r--patches.kernel.org/4.4.114-023-cma-fix-calculation-of-aligned-offset.patch (renamed from patches.fixes/cma-fix-calculation-of-aligned-offset.patch)21
-rw-r--r--patches.kernel.org/4.4.114-024-mm-page_alloc-fix-potential-false-positive-in.patch (renamed from patches.fixes/mm-page_alloc-fix-potential-false-positive-in-_zone_watermark_ok.patch)22
-rw-r--r--patches.kernel.org/4.4.114-025-ipc-msg-make-msgrcv-work-with-LONG_MIN.patch (renamed from patches.fixes/ipc-msg-make-msgrcv-work-with-LONG_MIN.patch)18
-rw-r--r--patches.kernel.org/4.4.114-026-x86-ioapic-Fix-incorrect-pointers-in-ioapic_s.patch (renamed from patches.fixes/0001-x86-ioapic-Fix-incorrect-pointers-in-ioapic_setup_re.patch)19
-rw-r--r--patches.kernel.org/4.4.114-027-ACPI-processor-Avoid-reserving-IO-regions-too.patch (renamed from patches.fixes/acpi-processor-avoid-reserving-io-regions-too-early)21
-rw-r--r--patches.kernel.org/4.4.114-028-ACPI-scan-Prefer-devices-without-_HID-_CID-fo.patch63
-rw-r--r--patches.kernel.org/4.4.114-029-ACPICA-Namespace-fix-operand-cache-leak.patch (renamed from patches.fixes/0001-ACPICA-Namespace-fix-operand-cache-leak.patch)19
-rw-r--r--patches.kernel.org/4.4.114-030-netfilter-x_tables-speed-up-jump-target-valid.patch (renamed from patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch)39
-rw-r--r--patches.kernel.org/4.4.114-031-netfilter-arp_tables-fix-invoking-32bit-iptab.patch (renamed from patches.fixes/netfilter-arp_tables-fix-invoking-32bit-iptable-P-IN.patch)13
-rw-r--r--patches.kernel.org/4.4.114-032-netfilter-nf_dup_ipv6-set-again-FLOWI_FLAG_KN.patch (renamed from patches.fixes/netfilter-nf_dup_ipv6-set-again-FLOWI_FLAG_KNOWN_NH-.patch)14
-rw-r--r--patches.kernel.org/4.4.114-033-netfilter-nf_ct_expect-remove-the-redundant-s.patch (renamed from patches.fixes/netfilter-nf_ct_expect-remove-the-redundant-slash-wh.patch)16
-rw-r--r--patches.kernel.org/4.4.114-034-netfilter-nfnetlink_queue-reject-verdict-requ.patch (renamed from patches.fixes/netfilter-nfnetlink_queue-reject-verdict-request-fro.patch)18
-rw-r--r--patches.kernel.org/4.4.114-035-netfilter-restart-search-if-moved-to-other-ch.patch (renamed from patches.fixes/netfilter-restart-search-if-moved-to-other-chain.patch)13
-rw-r--r--patches.kernel.org/4.4.114-036-netfilter-nf_conntrack_sip-extend-request-lin.patch (renamed from patches.fixes/netfilter-nf_conntrack_sip-extend-request-line-valid.patch)13
-rw-r--r--patches.kernel.org/4.4.114-037-netfilter-use-fwmark_reflect-in-nf_send_reset.patch (renamed from patches.fixes/netfilter-use-fwmark_reflect-in-nf_send_reset.patch)13
-rw-r--r--patches.kernel.org/4.4.114-038-netfilter-fix-IS_ERR_VALUE-usage.patch (renamed from patches.fixes/netfilter-fix-IS_ERR_VALUE-usage.patch)13
-rw-r--r--patches.kernel.org/4.4.114-039-netfilter-nfnetlink_cthelper-Add-missing-perm.patch (renamed from patches.fixes/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch)24
-rw-r--r--patches.kernel.org/4.4.114-040-netfilter-xt_osf-Add-missing-permission-check.patch (renamed from patches.fixes/netfilter-xt_osf-Add-missing-permission-checks.patch)13
-rw-r--r--patches.kernel.org/4.4.114-041-ext2-Don-t-clear-SGID-when-inheriting-ACLs.patch (renamed from patches.fixes/ext2-Don-t-clear-SGID-when-inheriting-ACLs.patch)37
-rw-r--r--patches.kernel.org/4.4.114-042-reiserfs-fix-race-in-prealloc-discard.patch (renamed from patches.fixes/reiserfs-fix-race-in-prealloc-discard.patch)22
-rw-r--r--patches.kernel.org/4.4.114-043-reiserfs-don-t-preallocate-blocks-for-extende.patch (renamed from patches.fixes/reiserfs-don-t-preallocate-blocks-for-extended-attributes.patch)21
-rw-r--r--patches.kernel.org/4.4.114-044-reiserfs-Don-t-clear-SGID-when-inheriting-ACL.patch (renamed from patches.fixes/reiserfs-Don-t-clear-SGID-when-inheriting-ACLs.patch)26
-rw-r--r--patches.kernel.org/4.4.114-045-fs-fcntl-f_setown-avoid-undefined-behaviour.patch (renamed from patches.fixes/0002-fs-fcntl-f_setown-avoid-undefined-behaviour.patch)20
-rw-r--r--patches.kernel.org/4.4.114-046-scsi-libiscsi-fix-shifting-of-DID_REQUEUE-hos.patch (renamed from patches.drivers/scsi-libiscsi-fix-shifting-of-DID_REQUEUE-host-byte.patch)16
-rw-r--r--patches.kernel.org/4.4.114-047-Revert-module-Add-retpoline-tag-to-VERMAGIC.patch56
-rw-r--r--patches.kernel.org/4.4.114-048-Input-trackpoint-force-3-buttons-if-0-button-.patch50
-rw-r--r--patches.kernel.org/4.4.114-049-usb-usbip-Fix-possible-deadlocks-reported-by-.patch634
-rw-r--r--patches.kernel.org/4.4.114-050-usbip-fix-stub_rx-get_pipe-to-validate-endpoi.patch76
-rw-r--r--patches.kernel.org/4.4.114-051-usbip-fix-stub_rx-harden-CMD_SUBMIT-path-to-h.patch100
-rw-r--r--patches.kernel.org/4.4.114-052-usbip-prevent-leaking-socket-pointer-address-.patch91
-rw-r--r--patches.kernel.org/4.4.114-053-um-link-vmlinux-with-no-pie.patch37
-rw-r--r--patches.kernel.org/4.4.114-054-vsyscall-Fix-permissions-for-emulate-mode-wit.patch77
-rw-r--r--patches.kernel.org/4.4.114-055-eventpoll.h-add-missing-epoll-event-masks.patch53
-rw-r--r--patches.kernel.org/4.4.114-056-x86-microcode-intel-Extend-BDW-late-loading-f.patch96
-rw-r--r--patches.kernel.org/4.4.114-057-hrtimer-Reset-hrtimer-cpu-base-proper-on-CPU-.patch71
-rw-r--r--patches.kernel.org/4.4.114-058-dccp-don-t-restart-ccid2_hc_tx_rto_expire-if-.patch50
-rw-r--r--patches.kernel.org/4.4.114-059-ipv6-Fix-getsockopt-for-sockets-with-default-.patch72
-rw-r--r--patches.kernel.org/4.4.114-060-ipv6-fix-udpv6-sendmsg-crash-caused-by-too-sm.patch99
-rw-r--r--patches.kernel.org/4.4.114-061-ipv6-ip6_make_skb-needs-to-clear-cork.base.ds.patch (renamed from patches.suse/ipv6-ip6_make_skb-needs-to-clear-cork.base.dst.patch)18
-rw-r--r--patches.kernel.org/4.4.114-062-lan78xx-Fix-failure-in-USB-Full-Speed.patch36
-rw-r--r--patches.kernel.org/4.4.114-063-net-igmp-fix-source-address-check-for-IGMPv3-.patch47
-rw-r--r--patches.kernel.org/4.4.114-064-tcp-__tcp_hdrlen-helper.patch44
-rw-r--r--patches.kernel.org/4.4.114-065-net-qdisc_pkt_len_init-should-be-more-robust.patch66
-rw-r--r--patches.kernel.org/4.4.114-066-pppoe-take-needed_headroom-of-lower-device-in.patch132
-rw-r--r--patches.kernel.org/4.4.114-067-r8169-fix-memory-corruption-on-retrieval-of-h.patch53
-rw-r--r--patches.kernel.org/4.4.114-068-sctp-do-not-allow-the-v4-socket-to-bind-a-v4m.patch62
-rw-r--r--patches.kernel.org/4.4.114-069-sctp-return-error-if-the-asoc-has-been-peeled.patch93
-rw-r--r--patches.kernel.org/4.4.114-070-vmxnet3-repair-memory-leak.patch63
-rw-r--r--patches.kernel.org/4.4.114-071-net-Allow-neigh-contructor-functions-ability-.patch46
-rw-r--r--patches.kernel.org/4.4.114-072-ipv4-Make-neigh-lookup-keys-for-loopback-poin.patch66
-rw-r--r--patches.kernel.org/4.4.114-073-flow_dissector-properly-cap-thoff-field.patch100
-rw-r--r--patches.kernel.org/4.4.114-074-net-tcp-close-sock-if-net-namespace-is-exitin.patch129
-rw-r--r--patches.kernel.org/4.4.114-075-nfsd-auth-Fix-gid-sorting-when-rootsquash-ena.patch51
-rw-r--r--patches.kernel.org/4.4.114-076-Linux-4.4.114.patch27
-rw-r--r--patches.suse/0001-Documentation-document-array_ptr.patch169
-rw-r--r--patches.suse/0001-arm64-sysreg-Fix-unprotected-macro-argmuent-in-write.patch33
-rw-r--r--patches.suse/0001-bcache-force-trigger-gc.patch36
-rw-r--r--patches.suse/0001-locking-barriers-introduce-new-memory-barrier-gmb.patch20
-rw-r--r--patches.suse/0002-arm64-factor-out-PAGE_-and-CONT_-definitions.patch102
-rw-r--r--patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch82
-rw-r--r--patches.suse/0002-bcache-fix-calling-ida_simple_remove-with-incorrect-minor.patch65
-rw-r--r--patches.suse/0003-x86-implement-array_ptr_mask.patch56
-rw-r--r--patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch96
-rw-r--r--patches.suse/0005-x86-__get_user-use-__uaccess_begin_nospec.patch176
-rw-r--r--patches.suse/0006-x86-get_user-use-pointer-masking-to-limit-speculatio.patch113
-rw-r--r--patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch55
-rw-r--r--patches.suse/0008-vfs-fdtable-prevent-bounds-check-bypass-via-speculat.patch46
-rw-r--r--patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch61
-rw-r--r--patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch92
-rw-r--r--patches.suse/0012-fs-prevent-speculative-execution.patch12
-rw-r--r--patches.suse/0027-arm64-Branch-predictor-hardening-for-Cavium-ThunderX.patch75
-rw-r--r--patches.suse/0029-arm64-Don-t-force-KPTI-for-CPUs-that-are-not-vulnera.patch35
-rw-r--r--patches.suse/0029-arm64-Turn-on-KPTI-only-on-CPUs-that-need-it.patch42
-rw-r--r--patches.suse/0030-arm64-Move-BP-hardening-to-check_and_switch_context.patch57
-rw-r--r--patches.suse/01-x86-feature-enable-the-x86-feature-to-control-speculation.patch6
-rw-r--r--patches.suse/kaiser-clear-thread-stack.patch44
-rw-r--r--patches.suse/kgr-0034-kgraft-bcache-Do-not-block-livepatching-in-the-write.patch13
-rw-r--r--patches.suse/powerpc-64s-Add-support-for-RFI-flush-of-L1-D-cache.patch6
-rw-r--r--patches.suse/powerpc-64s-Allow-control-of-RFI-flush-via-debugfs.patch8
-rw-r--r--patches.suse/powerpc-64s-Simple-RFI-macro-conversions.patch6
-rw-r--r--patches.suse/powerpc-64s-Support-disabling-RFI-flush-with-no_rfi_.patch6
-rw-r--r--patches.suse/powerpc-64s-Wire-up-cpu_show_meltdown.patch61
-rw-r--r--patches.suse/powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch3
-rw-r--r--patches.suse/powerpc-pseries-rfi-flush-Call-setup_rfi_flush-after.patch106
-rw-r--r--patches.suse/powerpc-rfi-flush-Make-setup_rfi_flush-not-__init.patch44
-rw-r--r--patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch6
-rw-r--r--patches.suse/powerpc-rfi-flush-Move-the-logic-to-avoid-a-redo-int.patch16
-rw-r--r--patches.suse/powerpc-rfi-flush-prevent-crash-when-changing-flush-.patch49
-rw-r--r--patches.suse/retpolines-disable-ibrs-on-non-skl.patch103
-rw-r--r--patches.suse/stack-unwind.patch30
-rw-r--r--patches.suse/sysfs-spectre_v1-is-mitigated.patch27
-rw-r--r--patches.suse/sysfs-spectre_v2-handle-spec_ctrl.patch24
-rw-r--r--patches.suse/x86-cpu-Rename-Merrifield2-to-Moorefield.patch59
-rw-r--r--patches.suse/x86-cpu-Rename-WESTMERE2-family-to-NEHALEM_G.patch62
-rw-r--r--series.conf476
262 files changed, 14133 insertions, 1204 deletions
diff --git a/config/ppc64le/debug b/config/ppc64le/debug
index 7fcf8f53ff..f023c33b5c 100644
--- a/config/ppc64le/debug
+++ b/config/ppc64le/debug
@@ -1403,6 +1403,7 @@ CONFIG_DEV_COREDUMP=y
# CONFIG_DEBUG_DEVRES is not set
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
CONFIG_REGMAP_IRQ=y
diff --git a/config/ppc64le/default b/config/ppc64le/default
index baff3c8c65..3bef7be049 100644
--- a/config/ppc64le/default
+++ b/config/ppc64le/default
@@ -1392,6 +1392,7 @@ CONFIG_DEV_COREDUMP=y
# CONFIG_DEBUG_DEVRES is not set
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
CONFIG_REGMAP_IRQ=y
diff --git a/patches.arch/0002-arm64-cpu_errata-Allow-an-erratum-to-be-match-for-al.patch b/patches.arch/0002-arm64-cpu_errata-Allow-an-erratum-to-be-match-for-al.patch
index 9dd054f932..5d4c254537 100644
--- a/patches.arch/0002-arm64-cpu_errata-Allow-an-erratum-to-be-match-for-al.patch
+++ b/patches.arch/0002-arm64-cpu_errata-Allow-an-erratum-to-be-match-for-al.patch
@@ -2,9 +2,8 @@ From: Marc Zyngier <marc.zyngier@arm.com>
Date: Wed, 1 Feb 2017 14:38:46 +0000
Subject: arm64: cpu_errata: Allow an erratum to be match for all revisions of
a core
-Git-commit: 8b8ebca44292a59789c612c0e060c58cb7e0be40
-Patch-mainline: Queued
-Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+Git-commit: 06f1494f837da8997d670a1ba87add7963b08922
+Patch-mainline: v4.12-rc1
References: fate#322150
Some minor erratum may not be fixed in further revisions of a core,
diff --git a/patches.arch/KVM-s390-Enable-all-facility-bits-that-are-known-goo.patch b/patches.arch/KVM-s390-Enable-all-facility-bits-that-are-known-goo.patch
new file mode 100644
index 0000000000..b96fe182f6
--- /dev/null
+++ b/patches.arch/KVM-s390-Enable-all-facility-bits-that-are-known-goo.patch
@@ -0,0 +1,38 @@
+From ed8dda0bf74b4fb8e73d8880c78effabd3285fd8 Mon Sep 17 00:00:00 2001
+From: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
+Date: Thu, 31 Mar 2016 13:48:52 +0300
+Subject: [PATCH] KVM: s390: Enable all facility bits that are known good for
+ passthrough
+Git-commit: ed8dda0bf74b4fb8e73d8880c78effabd3285fd8
+Patch-mainline: v4.7-rc1
+References: bsc#1076805
+
+Some facility bits are in a range that is defined to be "ok for guests
+without any necessary hypervisor changes". Enable those bits.
+
+Signed-off-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
+Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Acked-by: Liang Yan <lyan@suse.com>
+---
+ arch/s390/kvm/kvm-s390.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
+index d94310ad5bbf..76826fd3d958 100644
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -118,8 +118,8 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
+
+ /* upper facilities limit for kvm */
+ unsigned long kvm_s390_fac_list_mask[] = {
+- 0xffe6fffbfcfdfc40UL,
+- 0x005e800000000000UL,
++ 0xffe6ffffffffffffUL,
++ 0x005effffffffffffUL,
+ };
+
+ unsigned long kvm_s390_fac_list_mask_size(void)
+--
+2.16.1
+
diff --git a/patches.arch/KVM-s390-wire-up-bpb-feature.patch b/patches.arch/KVM-s390-wire-up-bpb-feature.patch
new file mode 100644
index 0000000000..43c77c4f2f
--- /dev/null
+++ b/patches.arch/KVM-s390-wire-up-bpb-feature.patch
@@ -0,0 +1,131 @@
+From 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60 Mon Sep 17 00:00:00 2001
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+Date: Wed, 17 Jan 2018 14:44:34 +0100
+Subject: [PATCH] KVM: s390: wire up bpb feature
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60
+Patch-mainline: v4.15-rc9
+References: bsc#1076805
+
+The new firmware interfaces for branch prediction behaviour changes
+are transparently available for the guest. Nevertheless, there is
+new state attached that should be migrated and properly resetted.
+Provide a mechanism for handling reset, migration and VSIE.
+
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+[Changed capability number to 152. - Radim]
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Acked-by: Liang Yan <lyan@suse.com>
+---
+ arch/s390/include/asm/kvm_host.h | 3 ++-
+ arch/s390/include/uapi/asm/kvm.h | 2 ++
+ arch/s390/kvm/kvm-s390.c | 13 +++++++++++++
+ include/uapi/linux/kvm.h | 1 +
+ 4 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
+index bbdc539..76737b6 100644
+--- a/arch/s390/include/asm/kvm_host.h
++++ b/arch/s390/include/asm/kvm_host.h
+@@ -136,7 +136,8 @@ struct kvm_s390_sie_block {
+ __u16 ipa; /* 0x0056 */
+ __u32 ipb; /* 0x0058 */
+ __u32 scaoh; /* 0x005c */
+- __u8 reserved60; /* 0x0060 */
++#define FPF_BPBC 0x20
++ __u8 fpf; /* 0x0060 */
+ __u8 ecb; /* 0x0061 */
+ __u8 ecb2; /* 0x0062 */
+ #define ECB3_AES 0x04
+diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h
+index ef1a5fc..60f92c0 100644
+--- a/arch/s390/include/uapi/asm/kvm.h
++++ b/arch/s390/include/uapi/asm/kvm.h
+@@ -151,6 +151,7 @@ struct kvm_guest_debug_arch {
+ #define KVM_SYNC_ARCH0 (1UL << 4)
+ #define KVM_SYNC_PFAULT (1UL << 5)
+ #define KVM_SYNC_VRS (1UL << 6)
++#define KVM_SYNC_BPBC (1UL << 10)
+ /* definition of registers in kvm_run */
+ struct kvm_sync_regs {
+ __u64 prefix; /* prefix register */
+@@ -168,6 +169,7 @@ struct kvm_sync_regs {
+ __u64 vrs[32][2]; /* vector registers */
+ __u8 reserved[512]; /* for future vector expansion */
+ __u32 fpc; /* only valid with vector registers */
++ __u8 bpbc : 1; /* bp mode */
+ };
+
+ #define KVM_REG_S390_TODPR (KVM_REG_S390 | KVM_REG_SIZE_U32 | 0x1)
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
+index 76826fd..e363677 100644
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -257,6 +257,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
+ case KVM_CAP_S390_VECTOR_REGISTERS:
+ r = MACHINE_HAS_VX;
+ break;
++ case KVM_CAP_S390_BPB:
++ r = test_facility(82);
++ break;
+ default:
+ r = 0;
+ }
+@@ -1273,7 +1276,10 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
+ KVM_SYNC_ARCH0 |
+ KVM_SYNC_PFAULT;
+ if (test_kvm_facility(vcpu->kvm, 129))
++
+ vcpu->run->kvm_valid_regs |= KVM_SYNC_VRS;
++ if (test_kvm_facility(vcpu->kvm, 82))
++ vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC;
+
+ if (kvm_is_ucontrol(vcpu->kvm))
+ return __kvm_ucontrol_vcpu_init(vcpu);
+@@ -1337,6 +1343,7 @@ static void kvm_s390_vcpu_initial_reset(struct kvm_vcpu *vcpu)
+ current->thread.fpu.fpc = 0;
+ vcpu->arch.sie_block->gbea = 1;
+ vcpu->arch.sie_block->pp = 0;
++ vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
+ vcpu->arch.pfault_token = KVM_S390_PFAULT_TOKEN_INVALID;
+ kvm_clear_async_pf_completion_queue(vcpu);
+ if (!kvm_s390_user_cpu_state_ctrl(vcpu->kvm))
+@@ -2155,6 +2162,11 @@ static void sync_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+ if (vcpu->arch.pfault_token == KVM_S390_PFAULT_TOKEN_INVALID)
+ kvm_clear_async_pf_completion_queue(vcpu);
+ }
++ if ((kvm_run->kvm_dirty_regs & KVM_SYNC_BPBC) &&
++ test_kvm_facility(vcpu->kvm, 82)) {
++ vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
++ vcpu->arch.sie_block->fpf |= kvm_run->s.regs.bpbc ? FPF_BPBC : 0;
++ }
+ kvm_run->kvm_dirty_regs = 0;
+ }
+
+@@ -2172,6 +2184,7 @@ static void store_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+ kvm_run->s.regs.pft = vcpu->arch.pfault_token;
+ kvm_run->s.regs.pfs = vcpu->arch.pfault_select;
+ kvm_run->s.regs.pfc = vcpu->arch.pfault_compare;
++ kvm_run->s.regs.bpbc = (vcpu->arch.sie_block->fpf & FPF_BPBC) == FPF_BPBC;
+ }
+
+ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
+index 5ecce34..14bcb68 100644
+--- a/include/uapi/linux/kvm.h
++++ b/include/uapi/linux/kvm.h
+@@ -839,6 +839,7 @@ struct kvm_ppc_smmu_info {
+ #define KVM_CAP_MSI_DEVID 131
+ #define KVM_CAP_X86_GUEST_MWAIT 143
+ #define KVM_CAP_ARM_USER_IRQ (0x1000 | 137) /* Will only be fixed in 4.12 */
++#define KVM_CAP_S390_BPB 152
+
+ #ifdef KVM_CAP_IRQ_ROUTING
+
+--
+2.15.1
+
diff --git a/patches.arch/s390-sles12sp3-cpuinfo-show-facilities-as-reported-by-stfle.patch b/patches.arch/s390-sles12sp3-cpuinfo-show-facilities-as-reported-by-stfle.patch
new file mode 100644
index 0000000000..d17f5d7449
--- /dev/null
+++ b/patches.arch/s390-sles12sp3-cpuinfo-show-facilities-as-reported-by-stfle.patch
@@ -0,0 +1,64 @@
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+Subject: s390/cpuinfo: show facilities as reported by stfle
+Patch-mainline: v4.12-rc1
+Git-commit: 157467ba9fb7e379f0540707dd89111de441e45e
+References: bnc#1076847, LTC#163740
+
+Add a new line to /proc/cpuinfo which shows all available facilities
+as reported by the stfle instruction:
+
+> cat /proc/cpuinfo
+...
+facilities : 0 1 2 3 4 6 7 ...
+...
+
+Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ arch/s390/kernel/processor.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+--- a/arch/s390/kernel/processor.c
++++ b/arch/s390/kernel/processor.c
+@@ -11,8 +11,10 @@
+ #include <linux/seq_file.h>
+ #include <linux/delay.h>
+ #include <linux/cpu.h>
++#include <linux/bitops.h>
+ #include <asm/diag.h>
+ #include <asm/elf.h>
++#include <asm/facility.h>
+ #include <asm/lowcore.h>
+ #include <asm/param.h>
+ #include <asm/smp.h>
+@@ -52,6 +54,20 @@ int cpu_have_feature(unsigned int num)
+ }
+ EXPORT_SYMBOL(cpu_have_feature);
+
++static void show_facilities(struct seq_file *m)
++{
++ unsigned int bit;
++ long *facilities;
++
++ facilities = (long *)&S390_lowcore.stfle_fac_list;
++ seq_puts(m, "facilities :");
++ for (bit = find_first_bit_inv(facilities, MAX_FACILITY_BIT);
++ bit < MAX_FACILITY_BIT;
++ bit = find_next_bit_inv(facilities, MAX_FACILITY_BIT, bit + 1))
++ seq_printf(m, " %d", bit);
++ seq_putc(m, '\n');
++}
++
+ /*
+ * show_cpuinfo - Get information on one CPU for use by procfs.
+ */
+@@ -83,6 +99,7 @@ static int show_cpuinfo(struct seq_file
+ if (int_hwcap_str[i] && (int_hwcap & (1UL << i)))
+ seq_printf(m, "%s ", int_hwcap_str[i]);
+ seq_puts(m, "\n");
++ show_facilities(m);
+ show_cacheinfo(m);
+ }
+ get_online_cpus();
diff --git a/patches.arch/x86-cpufeature-add-avx512_4vnniw-and-avx512_4fmaps-features.patch b/patches.arch/x86-cpufeature-add-avx512_4vnniw-and-avx512_4fmaps-features.patch
index 542459cddb..4375831fb8 100644
--- a/patches.arch/x86-cpufeature-add-avx512_4vnniw-and-avx512_4fmaps-features.patch
+++ b/patches.arch/x86-cpufeature-add-avx512_4vnniw-and-avx512_4fmaps-features.patch
@@ -48,9 +48,9 @@ Acked-by: Borislav Petkov <bp@suse.de>
#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */
+#define X86_FEATURE_AVX512_4VNNIW (7*32+16) /* AVX-512 Neural Network Instructions */
+#define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */
+ #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */
#define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */
- #define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -42,6 +42,8 @@ void init_scattered_cpuid_features(struc
diff --git a/patches.drivers/0001-md-more-open-coded-offset_in_page.patch b/patches.drivers/0001-md-more-open-coded-offset_in_page.patch
index 0add688d03..109fa19f3c 100644
--- a/patches.drivers/0001-md-more-open-coded-offset_in_page.patch
+++ b/patches.drivers/0001-md-more-open-coded-offset_in_page.patch
@@ -4,16 +4,18 @@ Date: Sat, 2 Jan 2016 13:30:54 -0500
Subject: [PATCH] md: more open-coded offset_in_page()
Git-commit: 93bbf5831dd1742a98c57b6415ee84ce35425067
Patch-mainline: v4.5-rc1
+References: bsc#1076110
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Coly Li <colyli@suse.de>
+
---
drivers/md/bcache/util.c | 2 +-
drivers/md/dm-io.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c
-index db3ae4c..dde6172 100644
+index db3ae4c2b223..dde6172f3f10 100644
--- a/drivers/md/bcache/util.c
+++ b/drivers/md/bcache/util.c
@@ -230,7 +230,7 @@ void bch_bio_map(struct bio *bio, void *base)
@@ -26,7 +28,7 @@ index db3ae4c..dde6172 100644
for (; size; bio->bi_vcnt++, bv++) {
diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
-index 81c5e1a..06d426e 100644
+index 81c5e1a1f363..06d426eb5a30 100644
--- a/drivers/md/dm-io.c
+++ b/drivers/md/dm-io.c
@@ -246,7 +246,7 @@ static void vm_dp_init(struct dpages *dp, void *data)
@@ -48,5 +50,5 @@ index 81c5e1a..06d426e 100644
}
--
-2.6.6
+2.15.1
diff --git a/patches.drivers/0002-bcache-bch_writeback_thread-is-not-freezable.patch b/patches.drivers/0002-bcache-bch_writeback_thread-is-not-freezable.patch
index aac55e0094..5dc5a601d8 100644
--- a/patches.drivers/0002-bcache-bch_writeback_thread-is-not-freezable.patch
+++ b/patches.drivers/0002-bcache-bch_writeback_thread-is-not-freezable.patch
@@ -4,6 +4,7 @@ Date: Tue, 24 May 2016 16:38:10 +0200
Subject: [PATCH] bcache: bch_writeback_thread() is not freezable
Git-commit: 7c87df9c159aa1d228f0d77b37942216cff34922
Patch-mainline: v4.7-rc1
+References: bsc#1076110
bch_writeback_thread() is calling try_to_freeze(), but that's just an
expensive no-op given the fact that the thread is not marked freezable.
@@ -15,12 +16,13 @@ finalizing the image write-out.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Coly Li <colyli@suse.de>
+
---
drivers/md/bcache/writeback.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
-index b9346cd..6012367 100644
+index b9346cd9cda1..60123677b382 100644
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -12,7 +12,6 @@
@@ -48,5 +50,5 @@ index b9346cd..6012367 100644
continue;
}
--
-2.6.6
+2.15.1
diff --git a/patches.drivers/0003-bcache-bch_allocator_thread-is-not-freezable.patch b/patches.drivers/0003-bcache-bch_allocator_thread-is-not-freezable.patch
index 3a408e95be..fad40f113a 100644
--- a/patches.drivers/0003-bcache-bch_allocator_thread-is-not-freezable.patch
+++ b/patches.drivers/0003-bcache-bch_allocator_thread-is-not-freezable.patch
@@ -4,6 +4,7 @@ Date: Tue, 24 May 2016 16:38:15 +0200
Subject: [PATCH] bcache: bch_allocator_thread() is not freezable
Git-commit: 770b8ce400123af89ac469361d7912f458915547
Patch-mainline: v4.7-rc1
+References: bsc#1076110
bch_allocator_thread() is calling try_to_freeze(), but that's just an
expensive no-op given the fact that the thread is not marked freezable.
@@ -15,12 +16,13 @@ hibernation image to a swap device served by bcache).
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Coly Li <colyli@suse.de>
+
---
drivers/md/bcache/alloc.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
-index 8eeab72..ca4abe1 100644
+index 8eeab72b93e2..ca4abe1ccd8d 100644
--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -64,7 +64,6 @@
@@ -40,5 +42,5 @@ index 8eeab72..ca4abe1 100644
mutex_lock(&(ca)->set->bucket_lock); \
} \
--
-2.6.6
+2.15.1
diff --git a/patches.drivers/0004-bcache-documentation-updates-and-corrections.patch b/patches.drivers/0004-bcache-documentation-updates-and-corrections.patch
new file mode 100644
index 0000000000..87d7be5e3f
--- /dev/null
+++ b/patches.drivers/0004-bcache-documentation-updates-and-corrections.patch
@@ -0,0 +1,246 @@
+From c9b2ffc02287771e70eb27132c47df6d5c7d91fb Mon Sep 17 00:00:00 2001
+From: Marc MERLIN <marc@merlins.org>
+Date: Fri, 11 Mar 2016 23:04:19 -0800
+Subject: [PATCH] bcache: documentation updates and corrections
+Git-commit: c9b2ffc02287771e70eb27132c47df6d5c7d91fb
+Patch-mainline: v4.8-rc1
+References: bsc#1076110
+
+Bcache documentation updates:
+- Added new HOWTO/COOKBOOK section
+- fixed a few typos
+- /sys/block/bcache0/cache_mode is /sys/block/bcache0/bcache/cache_mode
+
+Signed-off-by: Marc MERLIN <marc@merlins.org>
+Signed-off-by: Jonathan Corbet <corbet@lwn.net>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ Documentation/bcache.txt | 160 ++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 152 insertions(+), 8 deletions(-)
+
+diff --git a/Documentation/bcache.txt b/Documentation/bcache.txt
+index 32b6c3189d98..0aba405d3368 100644
+--- a/Documentation/bcache.txt
++++ b/Documentation/bcache.txt
+@@ -1,4 +1,4 @@
+-Say you've got a big slow raid 6, and an X-25E or three. Wouldn't it be
++Say you've got a big slow raid 6, and an ssd or three. Wouldn't it be
+ nice if you could use them as cache... Hence bcache.
+
+ Wiki and git repositories are at:
+@@ -8,7 +8,7 @@ Wiki and git repositories are at:
+
+ It's designed around the performance characteristics of SSDs - it only allocates
+ in erase block sized buckets, and it uses a hybrid btree/log to track cached
+-extants (which can be anywhere from a single sector to the bucket size). It's
++extents (which can be anywhere from a single sector to the bucket size). It's
+ designed to avoid random writes at all costs; it fills up an erase block
+ sequentially, then issues a discard before reusing it.
+
+@@ -55,7 +55,10 @@ immediately. Without udev, you can manually register devices like this:
+ Registering the backing device makes the bcache device show up in /dev; you can
+ now format it and use it as normal. But the first time using a new bcache
+ device, it'll be running in passthrough mode until you attach it to a cache.
+-See the section on attaching.
++If you are thinking about using bcache later, it is recommended to setup all your
++slow devices as bcache backing devices without a cache, and you can choose to add
++a caching device later.
++See 'ATTACHING' section below.
+
+ The devices show up as:
+
+@@ -72,12 +75,14 @@ To get started:
+ mount /dev/bcache0 /mnt
+
+ You can control bcache devices through sysfs at /sys/block/bcache<N>/bcache .
++You can also control them through /sys/fs//bcache/<cset-uuid>/ .
+
+ Cache devices are managed as sets; multiple caches per set isn't supported yet
+ but will allow for mirroring of metadata and dirty data in the future. Your new
+ cache set shows up as /sys/fs/bcache/<UUID>
+
+-ATTACHING:
++ATTACHING
++---------
+
+ After your cache device and backing device are registered, the backing device
+ must be attached to your cache set to enable caching. Attaching a backing
+@@ -105,7 +110,8 @@ but all the cached data will be invalidated. If there was dirty data in the
+ cache, don't expect the filesystem to be recoverable - you will have massive
+ filesystem corruption, though ext4's fsck does work miracles.
+
+-ERROR HANDLING:
++ERROR HANDLING
++--------------
+
+ Bcache tries to transparently handle IO errors to/from the cache device without
+ affecting normal operation; if it sees too many errors (the threshold is
+@@ -127,7 +133,143 @@ the backing devices to passthrough mode.
+ writeback mode). It currently doesn't do anything intelligent if it fails to
+ read some of the dirty data, though.
+
+-TROUBLESHOOTING PERFORMANCE:
++
++HOWTO/COOKBOOK
++--------------
++
++A) Your bcache doesn't start.
++ Starting and starting a bcache with a missing caching device
++
++Registering the backing device doesn't help, it's already there, you just need
++to force it to run without the cache:
++host:~# echo /dev/sdb1 > /sys/fs/bcache/register
++[ 119.844831] bcache: register_bcache() error opening /dev/sdb1: device already registered
++
++Next, you try to register your caching device if it's present. However if it's
++absent, or registration fails for some reason, you can still start your bcache
++without its cache, like so:
++host:/sys/block/sdb/sdb1/bcache# echo 1 > running
++
++
++B) Bcache not finding its cache and not starting
++
++This does not work:
++host:/sys/block/md5/bcache# echo 0226553a-37cf-41d5-b3ce-8b1e944543a8 > attach
++[ 1933.455082] bcache: bch_cached_dev_attach() Couldn't find uuid for md5 in set
++[ 1933.478179] bcache: __cached_dev_store() Can't attach 0226553a-37cf-41d5-b3ce-8b1e944543a8
++[ 1933.478179] : cache set not found
++
++In this case, the caching device was simply not registered at boot or
++disappeared and came back, and needs to be (re-)registered:
++host:/sys/block/md5/bcache# echo /dev/sdh2 > /sys/fs/bcache/register
++
++
++C) Corrupt bcache caching device crashes the kernel on startup/boot
++
++You'll have to wipe the caching device, start the backing device without the
++cache, and you can re-attach the cleaned up caching device then. This does
++require booting with a kernel/rescue media where bcache is disabled
++since it will otherwise try to access your device and probably crash
++again before you have a chance to wipe it.
++(or if you plan ahead, compile a backup kernel with bcache disabled and keep it
++in your grub config for a rainy day)
++If bcache is not available in the kernel, a filesystem on the backing device is
++still available at an 8KiB offset. So either via a loopdev of the backing device
++created with --offset 8K or by temporarily increasing the start sector of the
++partition by 16 (512byte sectors).
++
++This is how you wipe the caching device:
++host:~# wipefs -a /dev/sdh2
++16 bytes were erased at offset 0x1018 (bcache)
++they were: c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
++
++After you boot back with bcache enabled, you recreate the cache and attach it:
++host:~# make-bcache -C /dev/sdh2
++UUID: 7be7e175-8f4c-4f99-94b2-9c904d227045
++Set UUID: 5bc072a8-ab17-446d-9744-e247949913c1
++version: 0
++nbuckets: 106874
++block_size: 1
++bucket_size: 1024
++nr_in_set: 1
++nr_this_dev: 0
++first_bucket: 1
++[ 650.511912] bcache: run_cache_set() invalidating existing data
++[ 650.549228] bcache: register_cache() registered cache device sdh2
++
++start backing device with missing cache:
++host:/sys/block/md5/bcache# echo 1 > running
++
++attach new cache:
++host:/sys/block/md5/bcache# echo 5bc072a8-ab17-446d-9744-e247949913c1 > attach
++[ 865.276616] bcache: bch_cached_dev_attach() Caching md5 as bcache0 on set 5bc072a8-ab17-446d-9744-e247949913c1
++
++
++D) Remove or replace a caching device
++
++host:/sys/block/sda/sda7/bcache# echo 1 > detach
++[ 695.872542] bcache: cached_dev_detach_finish() Caching disabled for sda7
++
++host:~# wipefs -a /dev/nvme0n1p4
++wipefs: error: /dev/nvme0n1p4: probing initialization failed: Device or resource busy
++Ooops, it's disabled, but not unregistered, so it's still protected
++
++We need to go and unregister it:
++host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# ls -l cache0
++lrwxrwxrwx 1 root root 0 Feb 25 18:33 cache0 -> ../../../devices/pci0000:00/0000:00:1d.0/0000:70:00.0/nvme/nvme0/nvme0n1/nvme0n1p4/bcache/
++host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# echo 1 > stop
++kernel: [ 917.041908] bcache: cache_set_free() Cache set b7ba27a1-2398-4649-8ae3-0959f57ba128 unregistered
++
++Now we can wipe it:
++host:~# wipefs -a /dev/nvme0n1p4
++/dev/nvme0n1p4: 16 bytes were erased at offset 0x00001018 (bcache): c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
++
++
++E) dmcrypt and bcache
++
++First setup bcache unencrypted and then install dmcrypt on top of /dev/bcache<N>
++This will work faster than if you dmcrypt both the backing and caching
++devices and then install bcache on top.
++
++
++F) Stop/free a registered bcache to wipe and/or recreate it
++(or maybe you need to free up all bcache references so that you can have fdisk
++run and re-register a changed partition table, which won't work if there are any
++active backing or caching devices left on it)
++
++1) Is it present in /dev/bcache* ? (there are times where it won't be)
++If so, it's easy:
++host:/sys/block/bcache0/bcache# echo 1 > stop
++
++2) But if your backing device is gone, this won't work:
++host:/sys/block/bcache0# cd bcache
++bash: cd: bcache: No such file or directory
++
++In this case, you may have to unregister the dmcrypt block device that
++references this bcache to free it up:
++host:~# dmsetup remove oldds1
++bcache: bcache_device_free() bcache0 stopped
++bcache: cache_set_free() Cache set 5bc072a8-ab17-446d-9744-e247949913c1 unregistered
++
++This causes the backing bcache to be removed from /sys/fs/bcache and then it can
++be reused
++
++3) In other cases, you can also look in /sys/fs/bcache/:
++host:/sys/fs/bcache# ls -l */{cache?,bdev?}
++lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/bdev1 -> ../../../devices/virtual/block/dm-1/bcache/
++lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/cache0 -> ../../../devices/virtual/block/dm-4/bcache/
++lrwxrwxrwx 1 root root 0 Mar 5 09:39 5bc072a8-ab17-446d-9744-e247949913c1/cache0 -> ../../../devices/pci0000:00/0000:00:01.0/0000:01:00.0/ata10/host9/target9:0:0/9:0:0:0/block/sdl/sdl2/bcache/
++
++The device names will show which UUID is relevant, cd in that directory
++and stop the cache:
++host:/sys/fs/bcache/5bc072a8-ab17-446d-9744-e247949913c1# echo 1 > stop
++this will free up bcache references and let you reuse the partition for other
++purposes.
++
++
++
++TROUBLESHOOTING PERFORMANCE
++---------------------------
+
+ Bcache has a bunch of config options and tunables. The defaults are intended to
+ be reasonable for typical desktop and server workloads, but they're not what you
+@@ -140,7 +282,7 @@ want for getting the best possible numbers when benchmarking.
+ maturity, but simply because in writeback mode you'll lose data if something
+ happens to your SSD)
+
+- # echo writeback > /sys/block/bcache0/cache_mode
++ # echo writeback > /sys/block/bcache0/bcache/cache_mode
+
+ - Bad performance, or traffic not going to the SSD that you'd expect
+
+@@ -193,7 +335,9 @@ want for getting the best possible numbers when benchmarking.
+ Solution: warm the cache by doing writes, or use the testing branch (there's
+ a fix for the issue there).
+
+-SYSFS - BACKING DEVICE:
++
++SYSFS - BACKING DEVICE
++----------------------
+
+ Available at /sys/block/<bdev>/bcache, /sys/block/bcache*/bcache and
+ (if attached) /sys/fs/bcache/<cset-uuid>/bdev*
+--
+2.15.1
+
diff --git a/patches.drivers/0005-bcache-documentation-formatting-edited-for-clarity-s.patch b/patches.drivers/0005-bcache-documentation-formatting-edited-for-clarity-s.patch
new file mode 100644
index 0000000000..841f8140b7
--- /dev/null
+++ b/patches.drivers/0005-bcache-documentation-formatting-edited-for-clarity-s.patch
@@ -0,0 +1,261 @@
+From c0b8c9a3447ad379869f21884b86ec97c7b8db7a Mon Sep 17 00:00:00 2001
+From: Eric Wheeler <git@linux.ewheeler.net>
+Date: Fri, 11 Mar 2016 23:43:47 -0800
+Subject: [PATCH] bcache: documentation formatting, edited for clarity, stripe
+ alignment notes
+Git-commit: c0b8c9a3447ad379869f21884b86ec97c7b8db7a
+Patch-mainline: v4.8-rc1
+References: bsc#1076110
+
+Signed-off-by: Eric Wheeler <bcache@linux.ewheeler.net>
+Cc: Marc MERLIN <marc@merlins.org>
+Signed-off-by: Jonathan Corbet <corbet@lwn.net>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ Documentation/bcache.txt | 161 ++++++++++++++++++++++++++++-------------------
+ 1 file changed, 97 insertions(+), 64 deletions(-)
+
+diff --git a/Documentation/bcache.txt b/Documentation/bcache.txt
+index 0aba405d3368..a9259b562d5c 100644
+--- a/Documentation/bcache.txt
++++ b/Documentation/bcache.txt
+@@ -137,48 +137,60 @@ the backing devices to passthrough mode.
+ HOWTO/COOKBOOK
+ --------------
+
+-A) Your bcache doesn't start.
+- Starting and starting a bcache with a missing caching device
++A) Starting a bcache with a missing caching device
+
+-Registering the backing device doesn't help, it's already there, you just need
++If registering the backing device doesn't help, it's already there, you just need
+ to force it to run without the cache:
+-host:~# echo /dev/sdb1 > /sys/fs/bcache/register
+-[ 119.844831] bcache: register_bcache() error opening /dev/sdb1: device already registered
++ host:~# echo /dev/sdb1 > /sys/fs/bcache/register
++ [ 119.844831] bcache: register_bcache() error opening /dev/sdb1: device already registered
+
+-Next, you try to register your caching device if it's present. However if it's
+-absent, or registration fails for some reason, you can still start your bcache
+-without its cache, like so:
+-host:/sys/block/sdb/sdb1/bcache# echo 1 > running
++Next, you try to register your caching device if it's present. However
++if it's absent, or registration fails for some reason, you can still
++start your bcache without its cache, like so:
++ host:/sys/block/sdb/sdb1/bcache# echo 1 > running
+
++Note that this may cause data loss if you were running in writeback mode.
+
+-B) Bcache not finding its cache and not starting
+
+-This does not work:
+-host:/sys/block/md5/bcache# echo 0226553a-37cf-41d5-b3ce-8b1e944543a8 > attach
+-[ 1933.455082] bcache: bch_cached_dev_attach() Couldn't find uuid for md5 in set
+-[ 1933.478179] bcache: __cached_dev_store() Can't attach 0226553a-37cf-41d5-b3ce-8b1e944543a8
+-[ 1933.478179] : cache set not found
++B) Bcache does not find its cache
+
+-In this case, the caching device was simply not registered at boot or
+-disappeared and came back, and needs to be (re-)registered:
+-host:/sys/block/md5/bcache# echo /dev/sdh2 > /sys/fs/bcache/register
++ host:/sys/block/md5/bcache# echo 0226553a-37cf-41d5-b3ce-8b1e944543a8 > attach
++ [ 1933.455082] bcache: bch_cached_dev_attach() Couldn't find uuid for md5 in set
++ [ 1933.478179] bcache: __cached_dev_store() Can't attach 0226553a-37cf-41d5-b3ce-8b1e944543a8
++ [ 1933.478179] : cache set not found
+
++In this case, the caching device was simply not registered at boot
++or disappeared and came back, and needs to be (re-)registered:
++ host:/sys/block/md5/bcache# echo /dev/sdh2 > /sys/fs/bcache/register
+
+-C) Corrupt bcache caching device crashes the kernel on startup/boot
+
+-You'll have to wipe the caching device, start the backing device without the
+-cache, and you can re-attach the cleaned up caching device then. This does
+-require booting with a kernel/rescue media where bcache is disabled
+-since it will otherwise try to access your device and probably crash
+-again before you have a chance to wipe it.
+-(or if you plan ahead, compile a backup kernel with bcache disabled and keep it
+-in your grub config for a rainy day)
+-If bcache is not available in the kernel, a filesystem on the backing device is
+-still available at an 8KiB offset. So either via a loopdev of the backing device
+-created with --offset 8K or by temporarily increasing the start sector of the
+-partition by 16 (512byte sectors).
++C) Corrupt bcache crashes the kernel at device registration time:
++
++This should never happen. If it does happen, then you have found a bug!
++Please report it to the bcache development list: linux-bcache@vger.kernel.org
++
++Be sure to provide as much information that you can including kernel dmesg
++output if available so that we may assist.
++
++
++D) Recovering data without bcache:
++
++If bcache is not available in the kernel, a filesystem on the backing
++device is still available at an 8KiB offset. So either via a loopdev
++of the backing device created with --offset 8K, or any value defined by
++--data-offset when you originally formatted bcache with `make-bcache`.
++
++For example:
++ losetup -o 8192 /dev/loop0 /dev/your_bcache_backing_dev
++
++This should present your unmodified backing device data in /dev/loop0
++
++If your cache is in writethrough mode, then you can safely discard the
++cache device without loosing data.
++
++
++E) Wiping a cache device
+
+-This is how you wipe the caching device:
+ host:~# wipefs -a /dev/sdh2
+ 16 bytes were erased at offset 0x1018 (bcache)
+ they were: c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
+@@ -205,56 +217,60 @@ host:/sys/block/md5/bcache# echo 5bc072a8-ab17-446d-9744-e247949913c1 > attach
+ [ 865.276616] bcache: bch_cached_dev_attach() Caching md5 as bcache0 on set 5bc072a8-ab17-446d-9744-e247949913c1
+
+
+-D) Remove or replace a caching device
++F) Remove or replace a caching device
+
+-host:/sys/block/sda/sda7/bcache# echo 1 > detach
+-[ 695.872542] bcache: cached_dev_detach_finish() Caching disabled for sda7
++ host:/sys/block/sda/sda7/bcache# echo 1 > detach
++ [ 695.872542] bcache: cached_dev_detach_finish() Caching disabled for sda7
+
+-host:~# wipefs -a /dev/nvme0n1p4
+-wipefs: error: /dev/nvme0n1p4: probing initialization failed: Device or resource busy
+-Ooops, it's disabled, but not unregistered, so it's still protected
++ host:~# wipefs -a /dev/nvme0n1p4
++ wipefs: error: /dev/nvme0n1p4: probing initialization failed: Device or resource busy
++ Ooops, it's disabled, but not unregistered, so it's still protected
+
+ We need to go and unregister it:
+-host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# ls -l cache0
+-lrwxrwxrwx 1 root root 0 Feb 25 18:33 cache0 -> ../../../devices/pci0000:00/0000:00:1d.0/0000:70:00.0/nvme/nvme0/nvme0n1/nvme0n1p4/bcache/
+-host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# echo 1 > stop
+-kernel: [ 917.041908] bcache: cache_set_free() Cache set b7ba27a1-2398-4649-8ae3-0959f57ba128 unregistered
++ host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# ls -l cache0
++ lrwxrwxrwx 1 root root 0 Feb 25 18:33 cache0 -> ../../../devices/pci0000:00/0000:00:1d.0/0000:70:00.0/nvme/nvme0/nvme0n1/nvme0n1p4/bcache/
++ host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# echo 1 > stop
++ kernel: [ 917.041908] bcache: cache_set_free() Cache set b7ba27a1-2398-4649-8ae3-0959f57ba128 unregistered
+
+ Now we can wipe it:
+-host:~# wipefs -a /dev/nvme0n1p4
+-/dev/nvme0n1p4: 16 bytes were erased at offset 0x00001018 (bcache): c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
++ host:~# wipefs -a /dev/nvme0n1p4
++ /dev/nvme0n1p4: 16 bytes were erased at offset 0x00001018 (bcache): c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
++
+
++G) dm-crypt and bcache
+
+-E) dmcrypt and bcache
++First setup bcache unencrypted and then install dmcrypt on top of
++/dev/bcache<N> This will work faster than if you dmcrypt both the backing
++and caching devices and then install bcache on top. [benchmarks?]
+
+-First setup bcache unencrypted and then install dmcrypt on top of /dev/bcache<N>
+-This will work faster than if you dmcrypt both the backing and caching
+-devices and then install bcache on top.
+
++H) Stop/free a registered bcache to wipe and/or recreate it
+
+-F) Stop/free a registered bcache to wipe and/or recreate it
+-(or maybe you need to free up all bcache references so that you can have fdisk
+-run and re-register a changed partition table, which won't work if there are any
+-active backing or caching devices left on it)
++Suppose that you need to free up all bcache references so that you can
++fdisk run and re-register a changed partition table, which won't work
++if there are any active backing or caching devices left on it:
+
+ 1) Is it present in /dev/bcache* ? (there are times where it won't be)
++
+ If so, it's easy:
+-host:/sys/block/bcache0/bcache# echo 1 > stop
++ host:/sys/block/bcache0/bcache# echo 1 > stop
+
+ 2) But if your backing device is gone, this won't work:
+-host:/sys/block/bcache0# cd bcache
+-bash: cd: bcache: No such file or directory
++ host:/sys/block/bcache0# cd bcache
++ bash: cd: bcache: No such file or directory
+
+ In this case, you may have to unregister the dmcrypt block device that
+ references this bcache to free it up:
+-host:~# dmsetup remove oldds1
+-bcache: bcache_device_free() bcache0 stopped
+-bcache: cache_set_free() Cache set 5bc072a8-ab17-446d-9744-e247949913c1 unregistered
++ host:~# dmsetup remove oldds1
++ bcache: bcache_device_free() bcache0 stopped
++ bcache: cache_set_free() Cache set 5bc072a8-ab17-446d-9744-e247949913c1 unregistered
+
+-This causes the backing bcache to be removed from /sys/fs/bcache and then it can
+-be reused
++This causes the backing bcache to be removed from /sys/fs/bcache and
++then it can be reused. This would be true of any block device stacking
++where bcache is a lower device.
+
+ 3) In other cases, you can also look in /sys/fs/bcache/:
++
+ host:/sys/fs/bcache# ls -l */{cache?,bdev?}
+ lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/bdev1 -> ../../../devices/virtual/block/dm-1/bcache/
+ lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/cache0 -> ../../../devices/virtual/block/dm-4/bcache/
+@@ -262,9 +278,10 @@ lrwxrwxrwx 1 root root 0 Mar 5 09:39 5bc072a8-ab17-446d-9744-e247949913c1/cache
+
+ The device names will show which UUID is relevant, cd in that directory
+ and stop the cache:
+-host:/sys/fs/bcache/5bc072a8-ab17-446d-9744-e247949913c1# echo 1 > stop
+-this will free up bcache references and let you reuse the partition for other
+-purposes.
++ host:/sys/fs/bcache/5bc072a8-ab17-446d-9744-e247949913c1# echo 1 > stop
++
++This will free up bcache references and let you reuse the partition for
++other purposes.
+
+
+
+@@ -275,6 +292,22 @@ Bcache has a bunch of config options and tunables. The defaults are intended to
+ be reasonable for typical desktop and server workloads, but they're not what you
+ want for getting the best possible numbers when benchmarking.
+
++ - Backing device alignment
++
++ The default metadata size in bcache is 8k. If your backing device is
++ RAID based, then be sure to align this by a multiple of your stride
++ width using `make-bcache --data-offset`. If you intend to expand your
++ disk array in the future, then multiply a series of primes by your
++ raid stripe size to get the disk multiples that you would like.
++
++ For example: If you have a 64k stripe size, then the following offset
++ would provide alignment for many common RAID5 data spindle counts:
++ 64k * 2*2*2*3*3*5*7 bytes = 161280k
++
++ That space is wasted, but for only 157.5MB you can grow your RAID 5
++ volume to the following data-spindle counts without re-aligning:
++ 3,4,5,6,7,8,9,10,12,14,15,18,20,21 ...
++
+ - Bad write performance
+
+ If write performance is not what you expected, you probably wanted to be
+@@ -382,7 +415,7 @@ sequential_merge
+ against all new requests to determine which new requests are sequential
+ continuations of previous requests for the purpose of determining sequential
+ cutoff. This is necessary if the sequential cutoff value is greater than the
+- maximum acceptable sequential size for any single request.
++ maximum acceptable sequential size for any single request.
+
+ state
+ The backing device can be in one of four different states:
+@@ -469,7 +502,7 @@ bucket_size
+ Size of buckets
+
+ cache<0..n>
+- Symlink to each of the cache devices comprising this cache set.
++ Symlink to each of the cache devices comprising this cache set.
+
+ cache_available_percent
+ Percentage of cache device which doesn't contain dirty data, and could
+--
+2.15.1
+
diff --git a/patches.drivers/0001-bcache-partition-support-add-16-minors-per-bcacheN-d.patch b/patches.drivers/0006-bcache-partition-support-add-16-minors-per-bcacheN-d.patch
index 510b54dfbe..2f15abe1c2 100644
--- a/patches.drivers/0001-bcache-partition-support-add-16-minors-per-bcacheN-d.patch
+++ b/patches.drivers/0006-bcache-partition-support-add-16-minors-per-bcacheN-d.patch
@@ -1,19 +1,21 @@
+From b8c0d911ac5285e6be8967713271a51bdc5a936a Mon Sep 17 00:00:00 2001
From: Eric Wheeler <git@linux.ewheeler.net>
Date: Sun, 23 Oct 2016 18:19:20 -0700
Subject: [PATCH] bcache: partition support: add 16 minors per bcacheN device
Git-commit: b8c0d911ac5285e6be8967713271a51bdc5a936a
-Patch-mainline: v4.10-rc1
-References: bsc#1019784
+Patch-mainline: v4.10-rc1
+References: bsc#1076110, bsc#1019784
Signed-off-by: Eric Wheeler <bcache@linux.ewheeler.net>
Tested-by: Wido den Hollander <wido@widodh.nl>
Signed-off-by: Coly Li <colyli@suse.de>
+
---
drivers/md/bcache/super.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
-index b33dd3b..3a19cbc 100644
+index b33dd3bd104f..3a19cbc8b230 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -58,6 +58,7 @@ static wait_queue_head_t unregister_wait;
@@ -37,5 +39,5 @@ index b33dd3b..3a19cbc 100644
return -ENOMEM;
}
--
-2.6.6
+2.15.1
diff --git a/patches.drivers/0007-bcache-use-kmalloc-to-allocate-bio-in-bch_data_verif.patch b/patches.drivers/0007-bcache-use-kmalloc-to-allocate-bio-in-bch_data_verif.patch
new file mode 100644
index 0000000000..af33a2fe52
--- /dev/null
+++ b/patches.drivers/0007-bcache-use-kmalloc-to-allocate-bio-in-bch_data_verif.patch
@@ -0,0 +1,46 @@
+From 5a136fdf5a0ab3c021ef6d989bb56a361e132234 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.com>
+Date: Sun, 18 Jun 2017 14:38:59 +1000
+Subject: [PATCH] bcache: use kmalloc to allocate bio in bch_data_verify()
+Git-commit: 5a136fdf5a0ab3c021ef6d989bb56a361e132234
+Patch-mainline: v4.13-rc1
+References: bsc#1076110
+
+This function allocates a bio, then a collection
+of pages. It copes with failure.
+
+It currently uses a mempool() to allocate the bio,
+but alloc_page() to allocate the pages. These fail
+in different ways, so the usage is inconsistent.
+
+Change the bio_clone() to bio_clone_kmalloc()
+so that no pool is used either for the bio or the pages.
+
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Acked-by: Kent Overstreet <kent.overstreet@gmail.com>
+Reviewed-by : Ming Lei <ming.lei@redhat.com>
+
+Signed-off-by: NeilBrown <neilb@suse.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/debug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c
+index 06f55056aaae..35a5a7210e51 100644
+--- a/drivers/md/bcache/debug.c
++++ b/drivers/md/bcache/debug.c
+@@ -110,7 +110,7 @@ void bch_data_verify(struct cached_dev *dc, struct bio *bio)
+ struct bio_vec bv, cbv;
+ struct bvec_iter iter, citer = { 0 };
+
+- check = bio_clone(bio, GFP_NOIO);
++ check = bio_clone_kmalloc(bio, GFP_NOIO);
+ if (!check)
+ return;
+ check->bi_opf = REQ_OP_READ;
+--
+2.15.1
+
diff --git a/patches.drivers/0008-bcache.txt-standardize-document-format.patch b/patches.drivers/0008-bcache.txt-standardize-document-format.patch
new file mode 100644
index 0000000000..6772517907
--- /dev/null
+++ b/patches.drivers/0008-bcache.txt-standardize-document-format.patch
@@ -0,0 +1,460 @@
+From a966ac73d7772a2b067c50fa16bbbfe418fc6374 Mon Sep 17 00:00:00 2001
+From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Date: Sun, 14 May 2017 07:49:15 -0300
+Subject: [PATCH] bcache.txt: standardize document format
+Git-commit: a966ac73d7772a2b067c50fa16bbbfe418fc6374
+Patch-mainline: v4.13-rc1
+References: bsc#1076110
+
+Each text file under Documentation follows a different
+format. Some doesn't even have titles!
+
+Change its representation to follow the adopted standard,
+using ReST markups for it to be parseable by Sphinx:
+
+- Add a title for the document;
+- Use a list for the listed URLs;
+- mark literal blocks;
+- adjust whitespaces;
+- Don't capitalize section titles.
+
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Jonathan Corbet <corbet@lwn.net>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ Documentation/bcache.txt | 190 ++++++++++++++++++++++++++---------------------
+ 1 file changed, 107 insertions(+), 83 deletions(-)
+
+diff --git a/Documentation/bcache.txt b/Documentation/bcache.txt
+index a9259b562d5c..c0ce64d75bbf 100644
+--- a/Documentation/bcache.txt
++++ b/Documentation/bcache.txt
+@@ -1,10 +1,15 @@
++============================
++A block layer cache (bcache)
++============================
++
+ Say you've got a big slow raid 6, and an ssd or three. Wouldn't it be
+ nice if you could use them as cache... Hence bcache.
+
+ Wiki and git repositories are at:
+- http://bcache.evilpiepirate.org
+- http://evilpiepirate.org/git/linux-bcache.git
+- http://evilpiepirate.org/git/bcache-tools.git
++
++ - http://bcache.evilpiepirate.org
++ - http://evilpiepirate.org/git/linux-bcache.git
++ - http://evilpiepirate.org/git/bcache-tools.git
+
+ It's designed around the performance characteristics of SSDs - it only allocates
+ in erase block sized buckets, and it uses a hybrid btree/log to track cached
+@@ -37,17 +42,19 @@ to be flushed.
+
+ Getting started:
+ You'll need make-bcache from the bcache-tools repository. Both the cache device
+-and backing device must be formatted before use.
++and backing device must be formatted before use::
++
+ make-bcache -B /dev/sdb
+ make-bcache -C /dev/sdc
+
+ make-bcache has the ability to format multiple devices at the same time - if
+ you format your backing devices and cache device at the same time, you won't
+-have to manually attach:
++have to manually attach::
++
+ make-bcache -B /dev/sda /dev/sdb -C /dev/sdc
+
+ bcache-tools now ships udev rules, and bcache devices are known to the kernel
+-immediately. Without udev, you can manually register devices like this:
++immediately. Without udev, you can manually register devices like this::
+
+ echo /dev/sdb > /sys/fs/bcache/register
+ echo /dev/sdc > /sys/fs/bcache/register
+@@ -60,16 +67,16 @@ slow devices as bcache backing devices without a cache, and you can choose to ad
+ a caching device later.
+ See 'ATTACHING' section below.
+
+-The devices show up as:
++The devices show up as::
+
+ /dev/bcache<N>
+
+-As well as (with udev):
++As well as (with udev)::
+
+ /dev/bcache/by-uuid/<uuid>
+ /dev/bcache/by-label/<label>
+
+-To get started:
++To get started::
+
+ mkfs.ext4 /dev/bcache0
+ mount /dev/bcache0 /mnt
+@@ -81,13 +88,13 @@ Cache devices are managed as sets; multiple caches per set isn't supported yet
+ but will allow for mirroring of metadata and dirty data in the future. Your new
+ cache set shows up as /sys/fs/bcache/<UUID>
+
+-ATTACHING
++Attaching
+ ---------
+
+ After your cache device and backing device are registered, the backing device
+ must be attached to your cache set to enable caching. Attaching a backing
+ device to a cache set is done thusly, with the UUID of the cache set in
+-/sys/fs/bcache:
++/sys/fs/bcache::
+
+ echo <CSET-UUID> > /sys/block/bcache0/bcache/attach
+
+@@ -97,7 +104,7 @@ your bcache devices. If a backing device has data in a cache somewhere, the
+ important if you have writeback caching turned on.
+
+ If you're booting up and your cache device is gone and never coming back, you
+-can force run the backing device:
++can force run the backing device::
+
+ echo 1 > /sys/block/sdb/bcache/running
+
+@@ -110,7 +117,7 @@ but all the cached data will be invalidated. If there was dirty data in the
+ cache, don't expect the filesystem to be recoverable - you will have massive
+ filesystem corruption, though ext4's fsck does work miracles.
+
+-ERROR HANDLING
++Error Handling
+ --------------
+
+ Bcache tries to transparently handle IO errors to/from the cache device without
+@@ -134,25 +141,27 @@ the backing devices to passthrough mode.
+ read some of the dirty data, though.
+
+
+-HOWTO/COOKBOOK
++Howto/cookbook
+ --------------
+
+ A) Starting a bcache with a missing caching device
+
+ If registering the backing device doesn't help, it's already there, you just need
+-to force it to run without the cache:
++to force it to run without the cache::
++
+ host:~# echo /dev/sdb1 > /sys/fs/bcache/register
+ [ 119.844831] bcache: register_bcache() error opening /dev/sdb1: device already registered
+
+ Next, you try to register your caching device if it's present. However
+ if it's absent, or registration fails for some reason, you can still
+-start your bcache without its cache, like so:
++start your bcache without its cache, like so::
++
+ host:/sys/block/sdb/sdb1/bcache# echo 1 > running
+
+ Note that this may cause data loss if you were running in writeback mode.
+
+
+-B) Bcache does not find its cache
++B) Bcache does not find its cache::
+
+ host:/sys/block/md5/bcache# echo 0226553a-37cf-41d5-b3ce-8b1e944543a8 > attach
+ [ 1933.455082] bcache: bch_cached_dev_attach() Couldn't find uuid for md5 in set
+@@ -160,7 +169,8 @@ B) Bcache does not find its cache
+ [ 1933.478179] : cache set not found
+
+ In this case, the caching device was simply not registered at boot
+-or disappeared and came back, and needs to be (re-)registered:
++or disappeared and came back, and needs to be (re-)registered::
++
+ host:/sys/block/md5/bcache# echo /dev/sdh2 > /sys/fs/bcache/register
+
+
+@@ -180,7 +190,8 @@ device is still available at an 8KiB offset. So either via a loopdev
+ of the backing device created with --offset 8K, or any value defined by
+ --data-offset when you originally formatted bcache with `make-bcache`.
+
+-For example:
++For example::
++
+ losetup -o 8192 /dev/loop0 /dev/your_bcache_backing_dev
+
+ This should present your unmodified backing device data in /dev/loop0
+@@ -191,33 +202,38 @@ cache device without loosing data.
+
+ E) Wiping a cache device
+
+-host:~# wipefs -a /dev/sdh2
+-16 bytes were erased at offset 0x1018 (bcache)
+-they were: c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
++::
++
++ host:~# wipefs -a /dev/sdh2
++ 16 bytes were erased at offset 0x1018 (bcache)
++ they were: c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
++
++After you boot back with bcache enabled, you recreate the cache and attach it::
+
+-After you boot back with bcache enabled, you recreate the cache and attach it:
+-host:~# make-bcache -C /dev/sdh2
+-UUID: 7be7e175-8f4c-4f99-94b2-9c904d227045
+-Set UUID: 5bc072a8-ab17-446d-9744-e247949913c1
+-version: 0
+-nbuckets: 106874
+-block_size: 1
+-bucket_size: 1024
+-nr_in_set: 1
+-nr_this_dev: 0
+-first_bucket: 1
+-[ 650.511912] bcache: run_cache_set() invalidating existing data
+-[ 650.549228] bcache: register_cache() registered cache device sdh2
++ host:~# make-bcache -C /dev/sdh2
++ UUID: 7be7e175-8f4c-4f99-94b2-9c904d227045
++ Set UUID: 5bc072a8-ab17-446d-9744-e247949913c1
++ version: 0
++ nbuckets: 106874
++ block_size: 1
++ bucket_size: 1024
++ nr_in_set: 1
++ nr_this_dev: 0
++ first_bucket: 1
++ [ 650.511912] bcache: run_cache_set() invalidating existing data
++ [ 650.549228] bcache: register_cache() registered cache device sdh2
+
+-start backing device with missing cache:
+-host:/sys/block/md5/bcache# echo 1 > running
++start backing device with missing cache::
+
+-attach new cache:
+-host:/sys/block/md5/bcache# echo 5bc072a8-ab17-446d-9744-e247949913c1 > attach
+-[ 865.276616] bcache: bch_cached_dev_attach() Caching md5 as bcache0 on set 5bc072a8-ab17-446d-9744-e247949913c1
++ host:/sys/block/md5/bcache# echo 1 > running
+
++attach new cache::
+
+-F) Remove or replace a caching device
++ host:/sys/block/md5/bcache# echo 5bc072a8-ab17-446d-9744-e247949913c1 > attach
++ [ 865.276616] bcache: bch_cached_dev_attach() Caching md5 as bcache0 on set 5bc072a8-ab17-446d-9744-e247949913c1
++
++
++F) Remove or replace a caching device::
+
+ host:/sys/block/sda/sda7/bcache# echo 1 > detach
+ [ 695.872542] bcache: cached_dev_detach_finish() Caching disabled for sda7
+@@ -226,13 +242,15 @@ F) Remove or replace a caching device
+ wipefs: error: /dev/nvme0n1p4: probing initialization failed: Device or resource busy
+ Ooops, it's disabled, but not unregistered, so it's still protected
+
+-We need to go and unregister it:
++We need to go and unregister it::
++
+ host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# ls -l cache0
+ lrwxrwxrwx 1 root root 0 Feb 25 18:33 cache0 -> ../../../devices/pci0000:00/0000:00:1d.0/0000:70:00.0/nvme/nvme0/nvme0n1/nvme0n1p4/bcache/
+ host:/sys/fs/bcache/b7ba27a1-2398-4649-8ae3-0959f57ba128# echo 1 > stop
+ kernel: [ 917.041908] bcache: cache_set_free() Cache set b7ba27a1-2398-4649-8ae3-0959f57ba128 unregistered
+
+-Now we can wipe it:
++Now we can wipe it::
++
+ host:~# wipefs -a /dev/nvme0n1p4
+ /dev/nvme0n1p4: 16 bytes were erased at offset 0x00001018 (bcache): c6 85 73 f6 4e 1a 45 ca 82 65 f5 7f 48 ba 6d 81
+
+@@ -252,40 +270,44 @@ if there are any active backing or caching devices left on it:
+
+ 1) Is it present in /dev/bcache* ? (there are times where it won't be)
+
+-If so, it's easy:
++ If so, it's easy::
++
+ host:/sys/block/bcache0/bcache# echo 1 > stop
+
+-2) But if your backing device is gone, this won't work:
++2) But if your backing device is gone, this won't work::
++
+ host:/sys/block/bcache0# cd bcache
+ bash: cd: bcache: No such file or directory
+
+-In this case, you may have to unregister the dmcrypt block device that
+-references this bcache to free it up:
++ In this case, you may have to unregister the dmcrypt block device that
++ references this bcache to free it up::
++
+ host:~# dmsetup remove oldds1
+ bcache: bcache_device_free() bcache0 stopped
+ bcache: cache_set_free() Cache set 5bc072a8-ab17-446d-9744-e247949913c1 unregistered
+
+-This causes the backing bcache to be removed from /sys/fs/bcache and
+-then it can be reused. This would be true of any block device stacking
+-where bcache is a lower device.
++ This causes the backing bcache to be removed from /sys/fs/bcache and
++ then it can be reused. This would be true of any block device stacking
++ where bcache is a lower device.
++
++3) In other cases, you can also look in /sys/fs/bcache/::
+
+-3) In other cases, you can also look in /sys/fs/bcache/:
++ host:/sys/fs/bcache# ls -l */{cache?,bdev?}
++ lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/bdev1 -> ../../../devices/virtual/block/dm-1/bcache/
++ lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/cache0 -> ../../../devices/virtual/block/dm-4/bcache/
++ lrwxrwxrwx 1 root root 0 Mar 5 09:39 5bc072a8-ab17-446d-9744-e247949913c1/cache0 -> ../../../devices/pci0000:00/0000:00:01.0/0000:01:00.0/ata10/host9/target9:0:0/9:0:0:0/block/sdl/sdl2/bcache/
+
+-host:/sys/fs/bcache# ls -l */{cache?,bdev?}
+-lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/bdev1 -> ../../../devices/virtual/block/dm-1/bcache/
+-lrwxrwxrwx 1 root root 0 Mar 5 09:39 0226553a-37cf-41d5-b3ce-8b1e944543a8/cache0 -> ../../../devices/virtual/block/dm-4/bcache/
+-lrwxrwxrwx 1 root root 0 Mar 5 09:39 5bc072a8-ab17-446d-9744-e247949913c1/cache0 -> ../../../devices/pci0000:00/0000:00:01.0/0000:01:00.0/ata10/host9/target9:0:0/9:0:0:0/block/sdl/sdl2/bcache/
++ The device names will show which UUID is relevant, cd in that directory
++ and stop the cache::
+
+-The device names will show which UUID is relevant, cd in that directory
+-and stop the cache:
+ host:/sys/fs/bcache/5bc072a8-ab17-446d-9744-e247949913c1# echo 1 > stop
+
+-This will free up bcache references and let you reuse the partition for
+-other purposes.
++ This will free up bcache references and let you reuse the partition for
++ other purposes.
+
+
+
+-TROUBLESHOOTING PERFORMANCE
++Troubleshooting performance
+ ---------------------------
+
+ Bcache has a bunch of config options and tunables. The defaults are intended to
+@@ -301,11 +323,13 @@ want for getting the best possible numbers when benchmarking.
+ raid stripe size to get the disk multiples that you would like.
+
+ For example: If you have a 64k stripe size, then the following offset
+- would provide alignment for many common RAID5 data spindle counts:
++ would provide alignment for many common RAID5 data spindle counts::
++
+ 64k * 2*2*2*3*3*5*7 bytes = 161280k
+
+ That space is wasted, but for only 157.5MB you can grow your RAID 5
+- volume to the following data-spindle counts without re-aligning:
++ volume to the following data-spindle counts without re-aligning::
++
+ 3,4,5,6,7,8,9,10,12,14,15,18,20,21 ...
+
+ - Bad write performance
+@@ -313,9 +337,9 @@ want for getting the best possible numbers when benchmarking.
+ If write performance is not what you expected, you probably wanted to be
+ running in writeback mode, which isn't the default (not due to a lack of
+ maturity, but simply because in writeback mode you'll lose data if something
+- happens to your SSD)
++ happens to your SSD)::
+
+- # echo writeback > /sys/block/bcache0/bcache/cache_mode
++ # echo writeback > /sys/block/bcache0/bcache/cache_mode
+
+ - Bad performance, or traffic not going to the SSD that you'd expect
+
+@@ -325,13 +349,13 @@ want for getting the best possible numbers when benchmarking.
+ accessed data out of your cache.
+
+ But if you want to benchmark reads from cache, and you start out with fio
+- writing an 8 gigabyte test file - so you want to disable that.
++ writing an 8 gigabyte test file - so you want to disable that::
+
+- # echo 0 > /sys/block/bcache0/bcache/sequential_cutoff
++ # echo 0 > /sys/block/bcache0/bcache/sequential_cutoff
+
+- To set it back to the default (4 mb), do
++ To set it back to the default (4 mb), do::
+
+- # echo 4M > /sys/block/bcache0/bcache/sequential_cutoff
++ # echo 4M > /sys/block/bcache0/bcache/sequential_cutoff
+
+ - Traffic's still going to the spindle/still getting cache misses
+
+@@ -344,10 +368,10 @@ want for getting the best possible numbers when benchmarking.
+ throttles traffic if the latency exceeds a threshold (it does this by
+ cranking down the sequential bypass).
+
+- You can disable this if you need to by setting the thresholds to 0:
++ You can disable this if you need to by setting the thresholds to 0::
+
+- # echo 0 > /sys/fs/bcache/<cache set>/congested_read_threshold_us
+- # echo 0 > /sys/fs/bcache/<cache set>/congested_write_threshold_us
++ # echo 0 > /sys/fs/bcache/<cache set>/congested_read_threshold_us
++ # echo 0 > /sys/fs/bcache/<cache set>/congested_write_threshold_us
+
+ The default is 2000 us (2 milliseconds) for reads, and 20000 for writes.
+
+@@ -369,7 +393,7 @@ want for getting the best possible numbers when benchmarking.
+ a fix for the issue there).
+
+
+-SYSFS - BACKING DEVICE
++Sysfs - backing device
+ ----------------------
+
+ Available at /sys/block/<bdev>/bcache, /sys/block/bcache*/bcache and
+@@ -454,7 +478,8 @@ writeback_running
+ still be added to the cache until it is mostly full; only meant for
+ benchmarking. Defaults to on.
+
+-SYSFS - BACKING DEVICE STATS:
++Sysfs - backing device stats
++~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ There are directories with these numbers for a running total, as well as
+ versions that decay over the past day, hour and 5 minutes; they're also
+@@ -463,14 +488,11 @@ aggregated in the cache set directory as well.
+ bypassed
+ Amount of IO (both reads and writes) that has bypassed the cache
+
+-cache_hits
+-cache_misses
+-cache_hit_ratio
++cache_hits, cache_misses, cache_hit_ratio
+ Hits and misses are counted per individual IO as bcache sees them; a
+ partial hit is counted as a miss.
+
+-cache_bypass_hits
+-cache_bypass_misses
++cache_bypass_hits, cache_bypass_misses
+ Hits and misses for IO that is intended to skip the cache are still counted,
+ but broken out here.
+
+@@ -482,7 +504,8 @@ cache_miss_collisions
+ cache_readaheads
+ Count of times readahead occurred.
+
+-SYSFS - CACHE SET:
++Sysfs - cache set
++~~~~~~~~~~~~~~~~~
+
+ Available at /sys/fs/bcache/<cset-uuid>
+
+@@ -520,8 +543,7 @@ flash_vol_create
+ Echoing a size to this file (in human readable units, k/M/G) creates a thinly
+ provisioned volume backed by the cache set.
+
+-io_error_halflife
+-io_error_limit
++io_error_halflife, io_error_limit
+ These determines how many errors we accept before disabling the cache.
+ Each error is decayed by the half life (in # ios). If the decaying count
+ reaches io_error_limit dirty data is written out and the cache is disabled.
+@@ -545,7 +567,8 @@ unregister
+ Detaches all backing devices and closes the cache devices; if dirty data is
+ present it will disable writeback caching and wait for it to be flushed.
+
+-SYSFS - CACHE SET INTERNAL:
++Sysfs - cache set internal
++~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ This directory also exposes timings for a number of internal operations, with
+ separate files for average duration, average frequency, last occurrence and max
+@@ -574,7 +597,8 @@ cache_read_races
+ trigger_gc
+ Writing to this file forces garbage collection to run.
+
+-SYSFS - CACHE DEVICE:
++Sysfs - Cache device
++~~~~~~~~~~~~~~~~~~~~
+
+ Available at /sys/block/<cdev>/bcache
+
+--
+2.15.1
+
diff --git a/patches.drivers/0009-bcache-fix-sequential-large-write-IO-bypass.patch b/patches.drivers/0009-bcache-fix-sequential-large-write-IO-bypass.patch
new file mode 100644
index 0000000000..365fab31e3
--- /dev/null
+++ b/patches.drivers/0009-bcache-fix-sequential-large-write-IO-bypass.patch
@@ -0,0 +1,51 @@
+From c81ffa32a214c84b08900fbc9d432187bd948eba Mon Sep 17 00:00:00 2001
+From: Tang Junhui <tang.junhui@zte.com.cn>
+Date: Wed, 6 Sep 2017 14:25:52 +0800
+Subject: [PATCH] bcache: fix sequential large write IO bypass
+Git-commit: c81ffa32a214c84b08900fbc9d432187bd948eba
+Patch-mainline: v4.14-rc1
+References: bsc#1076110
+
+Sequential write IOs were tested with bs=1M by FIO in writeback cache
+mode, these IOs were expected to be bypassed, but actually they did not.
+We debug the code, and find in check_should_bypass():
+ if (!congested &&
+ mode == CACHE_MODE_WRITEBACK &&
+ op_is_write(bio_op(bio)) &&
+ (bio->bi_opf & REQ_SYNC))
+ goto rescale
+that means, If in writeback mode, a write IO with REQ_SYNC flag will not
+be bypassed though it is a sequential large IO, It's not a correct thing
+to do actually, so this patch remove these codes.
+
+Signed-off-by: tang.junhui <tang.junhui@zte.com.cn>
+Reviewed-by: Kent Overstreet <kent.overstreet@gmail.com>
+Reviewed-by: Eric Wheeler <bcache@linux.ewheeler.net>
+Cc: stable@vger.kernel.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/request.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
+index 0e1463d0c334..de97d86ddff4 100644
+--- a/drivers/md/bcache/request.c
++++ b/drivers/md/bcache/request.c
+@@ -400,12 +400,6 @@ static bool check_should_bypass(struct cached_dev *dc, struct bio *bio)
+ if (!congested && !dc->sequential_cutoff)
+ goto rescale;
+
+- if (!congested &&
+- mode == CACHE_MODE_WRITEBACK &&
+- op_is_write(bio->bi_opf) &&
+- op_is_sync(bio->bi_opf))
+- goto rescale;
+-
+ spin_lock(&dc->io_lock);
+
+ hlist_for_each_entry(i, iohash(dc, bio->bi_iter.bi_sector), hash)
+--
+2.15.1
+
diff --git a/patches.drivers/0010-bcache-Don-t-reinvent-the-wheel-but-use-existing-lli.patch b/patches.drivers/0010-bcache-Don-t-reinvent-the-wheel-but-use-existing-lli.patch
new file mode 100644
index 0000000000..ad4721b6b8
--- /dev/null
+++ b/patches.drivers/0010-bcache-Don-t-reinvent-the-wheel-but-use-existing-lli.patch
@@ -0,0 +1,50 @@
+From 09b3efec81def807fb225359e34a8e72866dd9c4 Mon Sep 17 00:00:00 2001
+From: Byungchul Park <byungchul.park@lge.com>
+Date: Wed, 6 Sep 2017 14:25:54 +0800
+Subject: [PATCH] bcache: Don't reinvent the wheel but use existing llist API
+Git-commit: 09b3efec81def807fb225359e34a8e72866dd9c4
+Patch-mainline: v4.14-rc1
+References: bsc#1076110
+
+Although llist provides proper APIs, they are not used. Make them used.
+
+Signed-off-by: Byungchul Park <byungchul.park@lge.com>
+Acked-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/closure.c | 15 ++-------------
+ 1 file changed, 2 insertions(+), 13 deletions(-)
+
+diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c
+index 864e673aec39..7d5286b05036 100644
+--- a/drivers/md/bcache/closure.c
++++ b/drivers/md/bcache/closure.c
+@@ -70,21 +70,10 @@ void __closure_wake_up(struct closure_waitlist *wait_list)
+ list = llist_del_all(&wait_list->list);
+
+ /* We first reverse the list to preserve FIFO ordering and fairness */
+-
+- while (list) {
+- struct llist_node *t = list;
+- list = llist_next(list);
+-
+- t->next = reverse;
+- reverse = t;
+- }
++ reverse = llist_reverse_order(list);
+
+ /* Then do the wakeups */
+-
+- while (reverse) {
+- cl = container_of(reverse, struct closure, list);
+- reverse = llist_next(reverse);
+-
++ llist_for_each_entry(cl, reverse, list) {
+ closure_set_waiting(cl, 0);
+ closure_sub(cl, CLOSURE_WAITING + 1);
+ }
+--
+2.15.1
+
diff --git a/patches.drivers/0011-bcache-gc-does-not-work-when-triggering-by-manual-co.patch b/patches.drivers/0011-bcache-gc-does-not-work-when-triggering-by-manual-co.patch
new file mode 100644
index 0000000000..fc6a81f553
--- /dev/null
+++ b/patches.drivers/0011-bcache-gc-does-not-work-when-triggering-by-manual-co.patch
@@ -0,0 +1,55 @@
+From 0b43f49dc4d6d3789e936731dc16af94cb57d568 Mon Sep 17 00:00:00 2001
+From: Tang Junhui <tang.junhui@zte.com.cn>
+Date: Wed, 6 Sep 2017 14:25:55 +0800
+Subject: [PATCH] bcache: gc does not work when triggering by manual command
+Git-commit: 0b43f49dc4d6d3789e936731dc16af94cb57d568
+Patch-mainline: v4.14-rc1
+References: bsc#1076110, bsc#1038078
+
+I try to execute the following command to trigger gc thread:
+[root@localhost internal]# echo 1 > trigger_gc
+But it does not work, I debug the code in gc_should_run(), It works only
+if in invalidating or sectors_to_gc < 0. So set sectors_to_gc to -1 to
+meet the condition when we trigger gc by manual command.
+
+(Code comments aded by Coly Li)
+
+Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/sysfs.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
+index f90f13616980..09295c07ea88 100644
+--- a/drivers/md/bcache/sysfs.c
++++ b/drivers/md/bcache/sysfs.c
+@@ -615,8 +615,21 @@ STORE(__bch_cache_set)
+ bch_cache_accounting_clear(&c->accounting);
+ }
+
+- if (attr == &sysfs_trigger_gc)
++ if (attr == &sysfs_trigger_gc) {
++ /*
++ * Garbage collection thread only works when sectors_to_gc < 0,
++ * when users write to sysfs entry trigger_gc, most of time
++ * they want to forcibly triger gargage collection. Here -1 is
++ * set to c->sectors_to_gc, to make gc_should_run() give a
++ * chance to permit gc thread to run. "give a chance" means
++ * before going into gc_should_run(), there is still chance
++ * that c->sectors_to_gc being set to other positive value. So
++ * writing sysfs entry trigger_gc won't always make sure gc
++ * thread takes effect.
++ */
++ atomic_set(&c->sectors_to_gc, -1);
+ wake_up_gc(c);
++ }
+
+ if (attr == &sysfs_prune_cache) {
+ struct shrink_control sc;
+--
+2.15.1
+
diff --git a/patches.drivers/0012-bcache-increase-the-number-of-open-buckets.patch b/patches.drivers/0012-bcache-increase-the-number-of-open-buckets.patch
new file mode 100644
index 0000000000..07e64cdc1d
--- /dev/null
+++ b/patches.drivers/0012-bcache-increase-the-number-of-open-buckets.patch
@@ -0,0 +1,61 @@
+From 89b1fc54c257104df007c5888e3705e52b973d45 Mon Sep 17 00:00:00 2001
+From: Tang Junhui <tang.junhui@zte.com.cn>
+Date: Wed, 6 Sep 2017 14:25:58 +0800
+Subject: [PATCH] bcache: increase the number of open buckets
+Git-commit: 89b1fc54c257104df007c5888e3705e52b973d45
+Patch-mainline: v4.14-rc1
+References: bsc#1076110
+
+In currently, we only alloc 6 open buckets for each cache set,
+but in usually, we always attach about 10 or so backend devices for
+each cache set, and the each bcache device are always accessed by
+about 10 or so threads in top application layer. So 6 open buckets
+are too few, It has led to that each of the same thread write data
+to different buckets, which would cause low efficiency write-back,
+and also cause buckets inefficient, and would be Very easy to run
+out of.
+
+I add debug message in bch_open_buckets_alloc() to print alloc bucket
+info, and test with ten bcache devices with a cache set, and each
+bcache device is accessed by ten threads.
+
+From the debug message, we can see that, after the modification, One
+bucket is more likely to assign to the same thread, and the data from
+the same thread are more likely to write the same bucket. Usually the
+same thread always write/read the same backend device, so it is good
+for write-back and also promote the usage efficiency of buckets.
+
+Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/alloc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
+index ca4abe1ccd8d..cacbe2dbd5c3 100644
+--- a/drivers/md/bcache/alloc.c
++++ b/drivers/md/bcache/alloc.c
+@@ -68,6 +68,8 @@
+ #include <linux/random.h>
+ #include <trace/events/bcache.h>
+
++#define MAX_OPEN_BUCKETS 128
++
+ /* Bucket heap / gen */
+
+ uint8_t bch_inc_gen(struct cache *ca, struct bucket *b)
+@@ -671,7 +673,7 @@ int bch_open_buckets_alloc(struct cache_set *c)
+
+ spin_lock_init(&c->data_bucket_lock);
+
+- for (i = 0; i < 6; i++) {
++ for (i = 0; i < MAX_OPEN_BUCKETS; i++) {
+ struct open_bucket *b = kzalloc(sizeof(*b), GFP_KERNEL);
+ if (!b)
+ return -ENOMEM;
+--
+2.15.1
+
diff --git a/patches.drivers/0013-bcache-silence-static-checker-warning.patch b/patches.drivers/0013-bcache-silence-static-checker-warning.patch
new file mode 100644
index 0000000000..03b5f4b4ef
--- /dev/null
+++ b/patches.drivers/0013-bcache-silence-static-checker-warning.patch
@@ -0,0 +1,39 @@
+From da22f0eea555baf9b0a84b52afe56db2052cfe8d Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 6 Sep 2017 14:26:00 +0800
+Subject: [PATCH] bcache: silence static checker warning
+Git-commit: da22f0eea555baf9b0a84b52afe56db2052cfe8d
+Patch-mainline: v4.14-rc1
+References: bsc#1076110
+
+In olden times, closure_return() used to have a hidden return built in.
+We removed the hidden return but forgot to add a new return here. If
+"c" were NULL we would oops on the next line, but fortunately "c" is
+never NULL. Let's just remove the if statement.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/super.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
+index 3b724fa2b68d..1ae63374366c 100644
+--- a/drivers/md/bcache/super.c
++++ b/drivers/md/bcache/super.c
+@@ -1376,9 +1376,6 @@ static void cache_set_flush(struct closure *cl)
+ struct btree *b;
+ unsigned i;
+
+- if (!c)
+- closure_return(cl);
+-
+ bch_cache_accounting_destroy(&c->accounting);
+
+ kobject_put(&c->internal);
+--
+2.15.1
+
diff --git a/patches.drivers/0014-bcache-Update-continue_at-documentation.patch b/patches.drivers/0014-bcache-Update-continue_at-documentation.patch
new file mode 100644
index 0000000000..575f017532
--- /dev/null
+++ b/patches.drivers/0014-bcache-Update-continue_at-documentation.patch
@@ -0,0 +1,45 @@
+From 7b6a8570e02a20d0b6cadb9689e4b2e6217c390c Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 6 Sep 2017 14:26:01 +0800
+Subject: [PATCH] bcache: Update continue_at() documentation
+Git-commit: 7b6a8570e02a20d0b6cadb9689e4b2e6217c390c
+Patch-mainline: v4.14-rc1
+References: bsc#1076110
+
+continue_at() doesn't have a return statement anymore.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Coly Li <colyli@suse.de>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/closure.h | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h
+index 1ec84ca81146..295b7e43f92c 100644
+--- a/drivers/md/bcache/closure.h
++++ b/drivers/md/bcache/closure.h
+@@ -312,8 +312,6 @@ static inline void closure_wake_up(struct closure_waitlist *list)
+ * been dropped with closure_put()), it will resume execution at @fn running out
+ * of @wq (or, if @wq is NULL, @fn will be called by closure_put() directly).
+ *
+- * NOTE: This macro expands to a return in the calling function!
+- *
+ * This is because after calling continue_at() you no longer have a ref on @cl,
+ * and whatever @cl owns may be freed out from under you - a running closure fn
+ * has a ref on its own closure which continue_at() drops.
+@@ -340,8 +338,6 @@ do { \
+ * Causes @fn to be executed out of @cl, in @wq context (or called directly if
+ * @wq is NULL).
+ *
+- * NOTE: like continue_at(), this macro expands to a return in the caller!
+- *
+ * The ref the caller of continue_at_nobarrier() had on @cl is now owned by @fn,
+ * thus it's not safe to touch anything protected by @cl after a
+ * continue_at_nobarrier().
+--
+2.15.1
+
diff --git a/patches.drivers/0015-bcache-use-llist_for_each_entry_safe-in-__closure_wa.patch b/patches.drivers/0015-bcache-use-llist_for_each_entry_safe-in-__closure_wa.patch
new file mode 100644
index 0000000000..825d092d2a
--- /dev/null
+++ b/patches.drivers/0015-bcache-use-llist_for_each_entry_safe-in-__closure_wa.patch
@@ -0,0 +1,73 @@
+From a5f3d8a5eaaf917878f07998e6f1ea46024e6bab Mon Sep 17 00:00:00 2001
+From: Coly Li <colyli@suse.de>
+Date: Tue, 26 Sep 2017 17:54:12 +0800
+Subject: [PATCH] bcache: use llist_for_each_entry_safe() in
+ __closure_wake_up()
+Git-commit: a5f3d8a5eaaf917878f07998e6f1ea46024e6bab
+Patch-mainline: v4.14-rc4
+References: bsc#1076110
+
+Commit 09b3efec ("bcache: Don't reinvent the wheel but use existing llist
+API") replaces the following while loop by llist_for_each_entry(),
+
+-
+- while (reverse) {
+- cl = container_of(reverse, struct closure, list);
+- reverse = llist_next(reverse);
+-
++ llist_for_each_entry(cl, reverse, list) {
+ closure_set_waiting(cl, 0);
+ closure_sub(cl, CLOSURE_WAITING + 1);
+ }
+
+This modification introduces a potential race by iterating a corrupted
+list. Here is how it happens.
+
+In the above modification, closure_sub() may wake up a process which is
+waiting on reverse list. If this process decides to wait again by calling
+closure_wait(), its cl->list will be added to another wait list. Then
+when llist_for_each_entry() continues to iterate next node, it will travel
+on another new wait list which is added in closure_wait(), not the
+original reverse list in __closure_wake_up(). It is more probably to
+happen on UP machine because the waked up process may preempt the process
+which wakes up it.
+
+Use llist_for_each_entry_safe() will fix the issue, the safe version fetch
+next node before waking up a process. Then the copy of next node will make
+sure list iteration stays on original reverse list.
+
+Fixes: 09b3efec81de ("bcache: Don't reinvent the wheel but use existing llist API")
+Signed-off-by: Coly Li <colyli@suse.de>
+Reported-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Byungchul Park <byungchul.park@lge.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+
+---
+ drivers/md/bcache/closure.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c
+index 7d5286b05036..1841d0359bac 100644
+--- a/drivers/md/bcache/closure.c
++++ b/drivers/md/bcache/closure.c
+@@ -64,7 +64,7 @@ EXPORT_SYMBOL(closure_put);
+ void __closure_wake_up(struct closure_waitlist *wait_list)
+ {
+ struct llist_node *list;
+- struct closure *cl;
++ struct closure *cl, *t;
+ struct llist_node *reverse = NULL;
+
+ list = llist_del_all(&wait_list->list);
+@@ -73,7 +73,7 @@ void __closure_wake_up(struct closure_waitlist *wait_list)
+ reverse = llist_reverse_order(list);
+
+ /* Then do the wakeups */
+- llist_for_each_entry(cl, reverse, list) {
++ llist_for_each_entry_safe(cl, t, reverse, list) {
+ closure_set_waiting(cl, 0);
+ closure_sub(cl, CLOSURE_WAITING + 1);
+ }
+--
+2.15.1
+
diff --git a/patches.drivers/0016-bcache-Avoid-nested-function-definition.patch b/patches.drivers/0016-bcache-Avoid-nested-function-definition.patch
new file mode 100644
index 0000000000..f0f619a9c3
--- /dev/null
+++ b/patches.drivers/0016-bcache-Avoid-nested-function-definition.patch
@@ -0,0 +1,68 @@
+From 58f913dce2814a9ea7260e93ed3a949e0d5565e3 Mon Sep 17 00:00:00 2001
+From: Peter Foley <pefoley2@pefoley.com>
+Date: Fri, 13 Oct 2017 16:35:28 -0700
+Subject: [PATCH] bcache: Avoid nested function definition
+Git-commit: 58f913dce2814a9ea7260e93ed3a949e0d5565e3
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+Fixes below error with clang:
+../drivers/md/bcache/sysfs.c:759:3: error: function definition is not allowed here
+ { return *((uint16_t *) r) - *((uint16_t *) l); }
+ ^
+../drivers/md/bcache/sysfs.c:789:32: error: use of undeclared identifier 'cmp'
+ sort(p, n, sizeof(uint16_t), cmp, NULL);
+ ^
+2 errors generated.
+
+V2:
+rename function to __bch_cache_cmp
+
+Signed-off-by: Peter Foley <pefoley2@pefoley.com>
+Reviewed-by: Coly Li <colyli@suse.de>
+Reviewed-by: Michael Lyle <mlyle@lyle.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/sysfs.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
+index 104c57cd666c..69f355b9650c 100644
+--- a/drivers/md/bcache/sysfs.c
++++ b/drivers/md/bcache/sysfs.c
+@@ -745,6 +745,11 @@ static struct attribute *bch_cache_set_internal_files[] = {
+ };
+ KTYPE(bch_cache_set_internal);
+
++static int __bch_cache_cmp(const void *l, const void *r)
++{
++ return *((uint16_t *)r) - *((uint16_t *)l);
++}
++
+ SHOW(__bch_cache)
+ {
+ struct cache *ca = container_of(kobj, struct cache, kobj);
+@@ -769,9 +774,6 @@ SHOW(__bch_cache)
+ CACHE_REPLACEMENT(&ca->sb));
+
+ if (attr == &sysfs_priority_stats) {
+- int cmp(const void *l, const void *r)
+- { return *((uint16_t *) r) - *((uint16_t *) l); }
+-
+ struct bucket *b;
+ size_t n = ca->sb.nbuckets, i;
+ size_t unused = 0, available = 0, dirty = 0, meta = 0;
+@@ -800,7 +802,7 @@ SHOW(__bch_cache)
+ p[i] = ca->buckets[i].prio;
+ mutex_unlock(&ca->set->bucket_lock);
+
+- sort(p, n, sizeof(uint16_t), cmp, NULL);
++ sort(p, n, sizeof(uint16_t), __bch_cache_cmp, NULL);
+
+ while (n &&
+ !cached[n - 1])
+--
+2.15.1
+
diff --git a/patches.drivers/0017-bcache-fix-a-comments-typo-in-bch_alloc_sectors.patch b/patches.drivers/0017-bcache-fix-a-comments-typo-in-bch_alloc_sectors.patch
new file mode 100644
index 0000000000..c895e2371d
--- /dev/null
+++ b/patches.drivers/0017-bcache-fix-a-comments-typo-in-bch_alloc_sectors.patch
@@ -0,0 +1,38 @@
+From b1e8139e48b58e3bc1234e619c750ffd1394be2f Mon Sep 17 00:00:00 2001
+From: Coly Li <colyli@suse.de>
+Date: Fri, 13 Oct 2017 16:35:30 -0700
+Subject: [PATCH] bcache: fix a comments typo in bch_alloc_sectors()
+Git-commit: b1e8139e48b58e3bc1234e619c750ffd1394be2f
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+Code comments in alloc.c:bch_alloc_sectors() mentions a function
+name find_data_bucket(), the correct function name should be
+pick_data_bucket() indeed. bch_alloc_sectors() is a quite important
+function in bcache allocation code, fixing the typo may help
+other people to have less confusion.
+
+Signed-off-by: Coly Li <colyli@suse.de>
+Reviewed-by: Tang Junhui <tang.junhui@zte.com.cn>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+
+---
+ drivers/md/bcache/alloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
+index e1a4205caa2e..4c40870e99f5 100644
+--- a/drivers/md/bcache/alloc.c
++++ b/drivers/md/bcache/alloc.c
+@@ -601,7 +601,7 @@ bool bch_alloc_sectors(struct cache_set *c, struct bkey *k, unsigned sectors,
+
+ /*
+ * If we had to allocate, we might race and not need to allocate the
+- * second time we call find_data_bucket(). If we allocated a bucket but
++ * second time we call pick_data_bucket(). If we allocated a bucket but
+ * didn't use it, drop the refcount bch_bucket_alloc_set() took:
+ */
+ if (KEY_PTRS(&alloc.key))
+--
+2.15.1
+
diff --git a/patches.drivers/0018-bcache-rewrite-multiple-partitions-support.patch b/patches.drivers/0018-bcache-rewrite-multiple-partitions-support.patch
new file mode 100644
index 0000000000..e25f728c63
--- /dev/null
+++ b/patches.drivers/0018-bcache-rewrite-multiple-partitions-support.patch
@@ -0,0 +1,155 @@
+From 1dbe32ad0a82f39c6dfb7667c5da5c23b9333664 Mon Sep 17 00:00:00 2001
+From: Coly Li <colyli@suse.de>
+Date: Fri, 13 Oct 2017 16:35:31 -0700
+Subject: [PATCH] bcache: rewrite multiple partitions support
+Git-commit: 1dbe32ad0a82f39c6dfb7667c5da5c23b9333664
+Patch-mainline: v4.15-rc1
+References: bsc#1076110, bsc#1038085
+
+Current partition support of bcache is confusing and buggy. It tries to
+trace non-continuous device minor numbers by an ida bit string, and
+mistakenly mixed bcache device index with minor numbers. This design
+generates several negative results,
+- Index of bcache device name is not consecutive under /dev/. If there are
+ 3 bcache devices, they name will be,
+ /dev/bcache0, /dev/bcache16, /dev/bcache32
+ Only bcache code indexes bcache device name is such an interesting way.
+- First minor number of each bcache device is traced by ida bit string.
+ One bcache device will occupy 16 bits, this is not a good idea. Indeed
+ only one bit is enough.
+- Because minor number and bcache device index are mixed, a device index
+ is allocated by ida_simple_get(), but an first minor number is sent into
+ ida_simple_remove() to release the device. It confused original author
+ too.
+
+Root cause of the above errors is, bcache code should not handle device
+minor numbers at all! A standard process to support multiple partitions in
+Linux kernel is,
+- Device driver provides major device number, and indexes multiple device
+ instances.
+- Device driver does not allocat nor trace device minor number, only
+ provides a first minor number of a given device instance, and sets how
+ many minor numbers (paritions) the device instance may have.
+All rested stuffs are handled by block layer code, most of the details can
+be found from block/{genhd, partition-generic}.c files.
+
+This patch re-writes multiple partitions support for bcache. It makes
+whole things to be more clear, and uses ida bit string in a more efficeint
+way.
+- Ida bit string only traces bcache device index, not minor number. For a
+ bcache device with 128 partitions, only one bit in ida bit string is
+ enough.
+- Device minor number and device index are separated in concept. Device
+ index is used for /dev node naming, and ida bit string trace. Minor
+ number is calculated from device index and only used to initialize
+ first_minor of a bcache device.
+- It does not follow any standard for 16 partitions on a bcache device.
+ This patch sets 128 partitions on single bcache device at max, this is
+ the limitation from GPT (GUID Partition Table) and supported by fdisk.
+
+Considering a typical device minor number is 20 bits width, each bcache
+device may have 128 partitions (7 bits), there can be 8192 bcache devices
+existing on system. For most common deployment for a single server in
+now days, it should be enough.
+
+[minor spelling fixes in commit message by Michael Lyle]
+(Coly Li: rebase for SLE12-SP3 kernel)
+
+Signed-off-by: Coly Li <colyli@suse.de>
+Cc: Eric Wheeler <bcache@lists.ewheeler.net>
+Cc: Junhui Tang <tang.junhui@zte.com.cn>
+Reviewed-by: Michael Lyle <mlyle@lyle.org>
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+
+---
+ drivers/md/bcache/super.c | 37 +++++++++++++++++++++++++------------
+ 1 file changed, 25 insertions(+), 12 deletions(-)
+
+--- a/drivers/md/bcache/super.c
++++ b/drivers/md/bcache/super.c
+@@ -53,12 +53,15 @@ LIST_HEAD(bch_cache_sets);
+ static LIST_HEAD(uncached_devices);
+
+ static int bcache_major;
+-static DEFINE_IDA(bcache_minor);
++static DEFINE_IDA(bcache_device_idx);
+ static wait_queue_head_t unregister_wait;
+ struct workqueue_struct *bcache_wq;
+
+ #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE)
+-#define BCACHE_MINORS 16 /* partition support */
++/* limitation of partitions number on single bcache device */
++#define BCACHE_MINORS 128
++/* limitation of bcache devices number on single system */
++#define BCACHE_DEVICE_IDX_MAX ((1U << MINORBITS)/BCACHE_MINORS)
+
+ /* Superblock */
+
+@@ -721,6 +724,16 @@ static void bcache_device_attach(struct
+ closure_get(&c->caching);
+ }
+
++static inline int first_minor_to_idx(int first_minor)
++{
++ return (first_minor/BCACHE_MINORS);
++}
++
++static inline int idx_to_first_minor(int idx)
++{
++ return (idx * BCACHE_MINORS);
++}
++
+ static void bcache_device_free(struct bcache_device *d)
+ {
+ lockdep_assert_held(&bch_register_lock);
+@@ -734,7 +747,8 @@ static void bcache_device_free(struct bc
+ if (d->disk && d->disk->queue)
+ blk_cleanup_queue(d->disk->queue);
+ if (d->disk) {
+- ida_simple_remove(&bcache_minor, d->disk->first_minor);
++ ida_simple_remove(&bcache_device_idx,
++ first_minor_to_idx(d->disk->first_minor));
+ put_disk(d->disk);
+ }
+
+@@ -751,7 +765,7 @@ static int bcache_device_init(struct bca
+ {
+ struct request_queue *q;
+ size_t n;
+- int minor;
++ int idx;
+
+ if (!d->stripe_size)
+ d->stripe_size = 1 << 31;
+@@ -776,23 +790,22 @@ static int bcache_device_init(struct bca
+ if (!d->full_dirty_stripes)
+ return -ENOMEM;
+
+- minor = ida_simple_get(&bcache_minor, 0, MINORMASK + 1, GFP_KERNEL);
+- if (minor < 0)
+- return minor;
+-
+- minor *= BCACHE_MINORS;
++ idx = ida_simple_get(&bcache_device_idx, 0,
++ BCACHE_DEVICE_IDX_MAX, GFP_KERNEL);
++ if (idx < 0)
++ return idx;
+
+ if (!(d->bio_split = bioset_create(4, offsetof(struct bbio, bio))) ||
+ !(d->disk = alloc_disk(BCACHE_MINORS))) {
+- ida_simple_remove(&bcache_minor, minor);
++ ida_simple_remove(&bcache_device_idx, idx);
+ return -ENOMEM;
+ }
+
+ set_capacity(d->disk, sectors);
+- snprintf(d->disk->disk_name, DISK_NAME_LEN, "bcache%i", minor);
++ snprintf(d->disk->disk_name, DISK_NAME_LEN, "bcache%i", idx);
+
+ d->disk->major = bcache_major;
+- d->disk->first_minor = minor;
++ d->disk->first_minor = idx_to_first_minor(idx);
+ d->disk->fops = &bcache_ops;
+ d->disk->private_data = d;
+
diff --git a/patches.drivers/0019-bcache-Remove-redundant-set_capacity.patch b/patches.drivers/0019-bcache-Remove-redundant-set_capacity.patch
new file mode 100644
index 0000000000..a997d1e594
--- /dev/null
+++ b/patches.drivers/0019-bcache-Remove-redundant-set_capacity.patch
@@ -0,0 +1,38 @@
+From e89d67596e202119ea846cc997f4cf75cb284490 Mon Sep 17 00:00:00 2001
+From: Yijing Wang <wangyijing@huawei.com>
+Date: Fri, 13 Oct 2017 16:35:32 -0700
+Subject: [PATCH] bcache: Remove redundant set_capacity
+Git-commit: e89d67596e202119ea846cc997f4cf75cb284490
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+set_capacity() has been called in bcache_device_init(),
+remove the redundant one.
+
+Signed-off-by: Yijing Wang <wangyijing@huawei.com>
+Reviewed-by: Eric Wheeler <bcache@linux.ewheeler.net>
+Acked-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/super.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
+index a478d1ac0480..72c3b2929ef0 100644
+--- a/drivers/md/bcache/super.c
++++ b/drivers/md/bcache/super.c
+@@ -1142,9 +1142,6 @@ static int cached_dev_init(struct cached_dev *dc, unsigned block_size)
+ if (ret)
+ return ret;
+
+- set_capacity(dc->disk.disk,
+- dc->bdev->bd_part->nr_sects - dc->sb.data_offset);
+-
+ dc->disk.disk->queue->backing_dev_info->ra_pages =
+ max(dc->disk.disk->queue->backing_dev_info->ra_pages,
+ q->backing_dev_info->ra_pages);
+--
+2.15.1
+
diff --git a/patches.drivers/0020-bcache-update-bio-bi_opf-bypass-writeback-REQ_-flag-.patch b/patches.drivers/0020-bcache-update-bio-bi_opf-bypass-writeback-REQ_-flag-.patch
new file mode 100644
index 0000000000..48cb196428
--- /dev/null
+++ b/patches.drivers/0020-bcache-update-bio-bi_opf-bypass-writeback-REQ_-flag-.patch
@@ -0,0 +1,65 @@
+From b41c9b0266e8370033a7799f6806bfc70b7fd75f Mon Sep 17 00:00:00 2001
+From: Eric Wheeler <bcache@linux.ewheeler.net>
+Date: Fri, 13 Oct 2017 16:35:33 -0700
+Subject: [PATCH] bcache: update bio->bi_opf bypass/writeback REQ_ flag hints
+Git-commit: b41c9b0266e8370033a7799f6806bfc70b7fd75f
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+Flag for bypass if the IO is for read-ahead or background, unless the
+read-ahead request is for metadata (eg, from gfs2).
+ Bypass if:
+ bio->bi_opf & (REQ_RAHEAD|REQ_BACKGROUND) &&
+ !(bio->bi_opf & REQ_META))
+
+ Writeback if:
+ op_is_sync(bio->bi_opf) ||
+ bio->bi_opf & (REQ_META|REQ_PRIO)
+
+Signed-off-by: Eric Wheeler <bcache@linux.ewheeler.net>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/request.c | 8 ++++++++
+ drivers/md/bcache/writeback.h | 4 +++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
+index 681b4f12b05a..9ee137e8d387 100644
+--- a/drivers/md/bcache/request.c
++++ b/drivers/md/bcache/request.c
+@@ -384,6 +384,14 @@ static bool check_should_bypass(struct cached_dev *dc, struct bio *bio)
+ op_is_write(bio_op(bio))))
+ goto skip;
+
++ /*
++ * Flag for bypass if the IO is for read-ahead or background,
++ * unless the read-ahead request is for metadata (eg, for gfs2).
++ */
++ if (bio->bi_opf & (REQ_RAHEAD|REQ_BACKGROUND) &&
++ !(bio->bi_opf & REQ_META))
++ goto skip;
++
+ if (bio->bi_iter.bi_sector & (c->sb.block_size - 1) ||
+ bio_sectors(bio) & (c->sb.block_size - 1)) {
+ pr_debug("skipping unaligned io");
+diff --git a/drivers/md/bcache/writeback.h b/drivers/md/bcache/writeback.h
+index e35421d20d2e..34bcf49d737b 100644
+--- a/drivers/md/bcache/writeback.h
++++ b/drivers/md/bcache/writeback.h
+@@ -76,7 +76,9 @@ static inline bool should_writeback(struct cached_dev *dc, struct bio *bio,
+ if (would_skip)
+ return false;
+
+- return op_is_sync(bio->bi_opf) || in_use <= CUTOFF_WRITEBACK;
++ return (op_is_sync(bio->bi_opf) ||
++ bio->bi_opf & (REQ_META|REQ_PRIO) ||
++ in_use <= CUTOFF_WRITEBACK);
+ }
+
+ static inline void bch_writeback_queue(struct cached_dev *dc)
+--
+2.15.1
+
diff --git a/patches.drivers/0021-bcache-remove-unused-parameter.patch b/patches.drivers/0021-bcache-remove-unused-parameter.patch
new file mode 100644
index 0000000000..de145dd2c4
--- /dev/null
+++ b/patches.drivers/0021-bcache-remove-unused-parameter.patch
@@ -0,0 +1,72 @@
+From 238501027abf0386fa5f5dcaf589f406eb187bc3 Mon Sep 17 00:00:00 2001
+From: Yijing Wang <wangyijing@huawei.com>
+Date: Fri, 13 Oct 2017 16:35:34 -0700
+Subject: [PATCH] bcache: remove unused parameter
+Git-commit: 238501027abf0386fa5f5dcaf589f406eb187bc3
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+Parameter bio is no longer used, clean it.
+
+Signed-off-by: Yijing Wang <wangyijing@huawei.com>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/request.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/md/bcache/request.c
++++ b/drivers/md/bcache/request.c
+@@ -26,12 +26,12 @@ struct kmem_cache *bch_search_cache;
+
+ static void bch_data_insert_start(struct closure *);
+
+-static unsigned cache_mode(struct cached_dev *dc, struct bio *bio)
++static unsigned cache_mode(struct cached_dev *dc)
+ {
+ return BDEV_CACHE_MODE(&dc->sb);
+ }
+
+-static bool verify(struct cached_dev *dc, struct bio *bio)
++static bool verify(struct cached_dev *dc)
+ {
+ return dc->verify;
+ }
+@@ -369,7 +369,7 @@ static struct hlist_head *iohash(struct
+ static bool check_should_bypass(struct cached_dev *dc, struct bio *bio)
+ {
+ struct cache_set *c = dc->disk.c;
+- unsigned mode = cache_mode(dc, bio);
++ unsigned mode = cache_mode(dc);
+ unsigned sectors, congested = bch_get_congested(c);
+ struct task_struct *task = current;
+ struct io *i;
+@@ -755,7 +755,7 @@ static void cached_dev_read_done(struct
+ s->cache_miss = NULL;
+ }
+
+- if (verify(dc, &s->bio.bio) && s->recoverable && !s->read_dirty_data)
++ if (verify(dc) && s->recoverable && !s->read_dirty_data)
+ bch_data_verify(dc, s->orig_bio);
+
+ bio_complete(s);
+@@ -780,7 +780,7 @@ static void cached_dev_read_done_bh(stru
+
+ if (s->iop.error)
+ continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq);
+- else if (s->iop.bio || verify(dc, &s->bio.bio))
++ else if (s->iop.bio || verify(dc))
+ continue_at_nobarrier(cl, cached_dev_read_done, bcache_wq);
+ else
+ continue_at_nobarrier(cl, cached_dev_bio_complete, NULL);
+@@ -909,7 +909,7 @@ static void cached_dev_write(struct cach
+ s->iop.bypass = true;
+
+ if (should_writeback(dc, s->orig_bio,
+- cache_mode(dc, bio),
++ cache_mode(dc),
+ s->iop.bypass)) {
+ s->iop.bypass = false;
+ s->iop.writeback = true;
diff --git a/patches.drivers/0022-bcache-don-t-write-back-data-if-reading-it-failed.patch b/patches.drivers/0022-bcache-don-t-write-back-data-if-reading-it-failed.patch
new file mode 100644
index 0000000000..6dd8ec1cad
--- /dev/null
+++ b/patches.drivers/0022-bcache-don-t-write-back-data-if-reading-it-failed.patch
@@ -0,0 +1,52 @@
+From 5fa89fb9a86bcc0f0b3f21ab6087a8a4170dcd2c Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Fri, 13 Oct 2017 16:35:35 -0700
+Subject: [PATCH] bcache: don't write back data if reading it failed
+Git-commit: 5fa89fb9a86bcc0f0b3f21ab6087a8a4170dcd2c
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+If an IO operation fails, and we didn't successfully read data from the
+cache, don't writeback invalid/partial data to the backing disk.
+
+(Coly Li: rebased for SLE12-SP3 kernel)
+
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/writeback.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/drivers/md/bcache/writeback.c
++++ b/drivers/md/bcache/writeback.c
+@@ -178,13 +178,21 @@ static void write_dirty(struct closure *
+ struct dirty_io *io = container_of(cl, struct dirty_io, cl);
+ struct keybuf_key *w = io->bio.bi_private;
+
+- dirty_init(w);
+- bio_set_op_attrs(&io->bio, REQ_OP_WRITE, 0);
+- io->bio.bi_iter.bi_sector = KEY_START(&w->key);
+- io->bio.bi_bdev = io->dc->bdev;
+- io->bio.bi_end_io = dirty_endio;
++ /*
++ * IO errors are signalled using the dirty bit on the key.
++ * If we failed to read, we should not attempt to write to the
++ * backing device. Instead, immediately go to write_dirty_finish
++ * to clean up.
++ */
++ if (KEY_DIRTY(&w->key)) {
++ dirty_init(w);
++ bio_set_op_attrs(&io->bio, REQ_OP_WRITE, 0);
++ io->bio.bi_iter.bi_sector = KEY_START(&w->key);
++ io->bio.bi_bdev = io->dc->bdev;
++ io->bio.bi_end_io = dirty_endio;
+
+- closure_bio_submit(&io->bio, cl);
++ closure_bio_submit(&io->bio, cl);
++ }
+
+ continue_at(cl, write_dirty_finish, io->dc->writeback_write_wq);
+ }
diff --git a/patches.drivers/0023-bcache-implement-PI-controller-for-writeback-rate.patch b/patches.drivers/0023-bcache-implement-PI-controller-for-writeback-rate.patch
new file mode 100644
index 0000000000..0a496590d2
--- /dev/null
+++ b/patches.drivers/0023-bcache-implement-PI-controller-for-writeback-rate.patch
@@ -0,0 +1,277 @@
+From 1d316e658374f700fdfff9299c70ce65d8d145e6 Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Fri, 13 Oct 2017 16:35:36 -0700
+Subject: [PATCH] bcache: implement PI controller for writeback rate
+Git-commit: 1d316e658374f700fdfff9299c70ce65d8d145e6
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+bcache uses a control system to attempt to keep the amount of dirty data
+in cache at a user-configured level, while not responding excessively to
+transients and variations in write rate. Previously, the system was a
+PD controller; but the output from it was integrated, turning the
+Proportional term into an Integral term, and turning the Derivative term
+into a crude Proportional term. Performance of the controller has been
+uneven in production, and it has tended to respond slowly, oscillate,
+and overshoot.
+
+This patch set replaces the current control system with an explicit PI
+controller and tuning that should be correct for most hardware. By
+default, it attempts to write at a rate that would retire 1/40th of the
+current excess blocks per second. An integral term in turn works to
+remove steady state errors.
+
+IMO, this yields benefits in simplicity (removing weighted average
+filtering, etc) and system performance.
+
+Another small change is a tunable parameter is introduced to allow the
+user to specify a minimum rate at which dirty blocks are retired.
+
+There is a slight difference from earlier versions of the patch in
+integral handling to prevent excessive negative integral windup.
+
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/bcache.h | 9 ++---
+ drivers/md/bcache/sysfs.c | 18 +++++----
+ drivers/md/bcache/writeback.c | 91 ++++++++++++++++++++++++-------------------
+ 3 files changed, 66 insertions(+), 52 deletions(-)
+
+diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
+index 2ed9bd231d84..eb83be693d60 100644
+--- a/drivers/md/bcache/bcache.h
++++ b/drivers/md/bcache/bcache.h
+@@ -265,9 +265,6 @@ struct bcache_device {
+ atomic_t *stripe_sectors_dirty;
+ unsigned long *full_dirty_stripes;
+
+- unsigned long sectors_dirty_last;
+- long sectors_dirty_derivative;
+-
+ struct bio_set *bio_split;
+
+ unsigned data_csum:1;
+@@ -362,12 +359,14 @@ struct cached_dev {
+
+ uint64_t writeback_rate_target;
+ int64_t writeback_rate_proportional;
+- int64_t writeback_rate_derivative;
++ int64_t writeback_rate_integral;
++ int64_t writeback_rate_integral_scaled;
+ int64_t writeback_rate_change;
+
+ unsigned writeback_rate_update_seconds;
+- unsigned writeback_rate_d_term;
++ unsigned writeback_rate_i_term_inverse;
+ unsigned writeback_rate_p_term_inverse;
++ unsigned writeback_rate_minimum;
+ };
+
+ enum alloc_reserve {
+diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
+index 69f355b9650c..2290bffd4922 100644
+--- a/drivers/md/bcache/sysfs.c
++++ b/drivers/md/bcache/sysfs.c
+@@ -81,8 +81,9 @@ rw_attribute(writeback_delay);
+ rw_attribute(writeback_rate);
+
+ rw_attribute(writeback_rate_update_seconds);
+-rw_attribute(writeback_rate_d_term);
++rw_attribute(writeback_rate_i_term_inverse);
+ rw_attribute(writeback_rate_p_term_inverse);
++rw_attribute(writeback_rate_minimum);
+ read_attribute(writeback_rate_debug);
+
+ read_attribute(stripe_size);
+@@ -130,15 +131,16 @@ SHOW(__bch_cached_dev)
+ sysfs_hprint(writeback_rate, dc->writeback_rate.rate << 9);
+
+ var_print(writeback_rate_update_seconds);
+- var_print(writeback_rate_d_term);
++ var_print(writeback_rate_i_term_inverse);
+ var_print(writeback_rate_p_term_inverse);
++ var_print(writeback_rate_minimum);
+
+ if (attr == &sysfs_writeback_rate_debug) {
+ char rate[20];
+ char dirty[20];
+ char target[20];
+ char proportional[20];
+- char derivative[20];
++ char integral[20];
+ char change[20];
+ s64 next_io;
+
+@@ -146,7 +148,7 @@ SHOW(__bch_cached_dev)
+ bch_hprint(dirty, bcache_dev_sectors_dirty(&dc->disk) << 9);
+ bch_hprint(target, dc->writeback_rate_target << 9);
+ bch_hprint(proportional,dc->writeback_rate_proportional << 9);
+- bch_hprint(derivative, dc->writeback_rate_derivative << 9);
++ bch_hprint(integral, dc->writeback_rate_integral_scaled << 9);
+ bch_hprint(change, dc->writeback_rate_change << 9);
+
+ next_io = div64_s64(dc->writeback_rate.next - local_clock(),
+@@ -157,11 +159,11 @@ SHOW(__bch_cached_dev)
+ "dirty:\t\t%s\n"
+ "target:\t\t%s\n"
+ "proportional:\t%s\n"
+- "derivative:\t%s\n"
++ "integral:\t%s\n"
+ "change:\t\t%s/sec\n"
+ "next io:\t%llims\n",
+ rate, dirty, target, proportional,
+- derivative, change, next_io);
++ integral, change, next_io);
+ }
+
+ sysfs_hprint(dirty_data,
+@@ -213,7 +215,7 @@ STORE(__cached_dev)
+ dc->writeback_rate.rate, 1, INT_MAX);
+
+ d_strtoul_nonzero(writeback_rate_update_seconds);
+- d_strtoul(writeback_rate_d_term);
++ d_strtoul(writeback_rate_i_term_inverse);
+ d_strtoul_nonzero(writeback_rate_p_term_inverse);
+
+ d_strtoi_h(sequential_cutoff);
+@@ -319,7 +321,7 @@ static struct attribute *bch_cached_dev_files[] = {
+ &sysfs_writeback_percent,
+ &sysfs_writeback_rate,
+ &sysfs_writeback_rate_update_seconds,
+- &sysfs_writeback_rate_d_term,
++ &sysfs_writeback_rate_i_term_inverse,
+ &sysfs_writeback_rate_p_term_inverse,
+ &sysfs_writeback_rate_debug,
+ &sysfs_dirty_data,
+diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
+index 5e65a392287d..cac8678da5d0 100644
+--- a/drivers/md/bcache/writeback.c
++++ b/drivers/md/bcache/writeback.c
+@@ -25,48 +25,62 @@ static void __update_writeback_rate(struct cached_dev *dc)
+ bcache_flash_devs_sectors_dirty(c);
+ uint64_t cache_dirty_target =
+ div_u64(cache_sectors * dc->writeback_percent, 100);
+-
+ int64_t target = div64_u64(cache_dirty_target * bdev_sectors(dc->bdev),
+ c->cached_dev_sectors);
+
+- /* PD controller */
+-
++ /*
++ * PI controller:
++ * Figures out the amount that should be written per second.
++ *
++ * First, the error (number of sectors that are dirty beyond our
++ * target) is calculated. The error is accumulated (numerically
++ * integrated).
++ *
++ * Then, the proportional value and integral value are scaled
++ * based on configured values. These are stored as inverses to
++ * avoid fixed point math and to make configuration easy-- e.g.
++ * the default value of 40 for writeback_rate_p_term_inverse
++ * attempts to write at a rate that would retire all the dirty
++ * blocks in 40 seconds.
++ *
++ * The writeback_rate_i_inverse value of 10000 means that 1/10000th
++ * of the error is accumulated in the integral term per second.
++ * This acts as a slow, long-term average that is not subject to
++ * variations in usage like the p term.
++ */
+ int64_t dirty = bcache_dev_sectors_dirty(&dc->disk);
+- int64_t derivative = dirty - dc->disk.sectors_dirty_last;
+- int64_t proportional = dirty - target;
+- int64_t change;
+-
+- dc->disk.sectors_dirty_last = dirty;
+-
+- /* Scale to sectors per second */
+-
+- proportional *= dc->writeback_rate_update_seconds;
+- proportional = div_s64(proportional, dc->writeback_rate_p_term_inverse);
+-
+- derivative = div_s64(derivative, dc->writeback_rate_update_seconds);
+-
+- derivative = ewma_add(dc->disk.sectors_dirty_derivative, derivative,
+- (dc->writeback_rate_d_term /
+- dc->writeback_rate_update_seconds) ?: 1, 0);
+-
+- derivative *= dc->writeback_rate_d_term;
+- derivative = div_s64(derivative, dc->writeback_rate_p_term_inverse);
+-
+- change = proportional + derivative;
++ int64_t error = dirty - target;
++ int64_t proportional_scaled =
++ div_s64(error, dc->writeback_rate_p_term_inverse);
++ int64_t integral_scaled, new_rate;
++
++ if ((error < 0 && dc->writeback_rate_integral > 0) ||
++ (error > 0 && time_before64(local_clock(),
++ dc->writeback_rate.next + NSEC_PER_MSEC))) {
++ /*
++ * Only decrease the integral term if it's more than
++ * zero. Only increase the integral term if the device
++ * is keeping up. (Don't wind up the integral
++ * ineffectively in either case).
++ *
++ * It's necessary to scale this by
++ * writeback_rate_update_seconds to keep the integral
++ * term dimensioned properly.
++ */
++ dc->writeback_rate_integral += error *
++ dc->writeback_rate_update_seconds;
++ }
+
+- /* Don't increase writeback rate if the device isn't keeping up */
+- if (change > 0 &&
+- time_after64(local_clock(),
+- dc->writeback_rate.next + NSEC_PER_MSEC))
+- change = 0;
++ integral_scaled = div_s64(dc->writeback_rate_integral,
++ dc->writeback_rate_i_term_inverse);
+
+- dc->writeback_rate.rate =
+- clamp_t(int64_t, (int64_t) dc->writeback_rate.rate + change,
+- 1, NSEC_PER_MSEC);
++ new_rate = clamp_t(int64_t, (proportional_scaled + integral_scaled),
++ dc->writeback_rate_minimum, NSEC_PER_MSEC);
+
+- dc->writeback_rate_proportional = proportional;
+- dc->writeback_rate_derivative = derivative;
+- dc->writeback_rate_change = change;
++ dc->writeback_rate_proportional = proportional_scaled;
++ dc->writeback_rate_integral_scaled = integral_scaled;
++ dc->writeback_rate_change = new_rate - dc->writeback_rate.rate;
++ dc->writeback_rate.rate = new_rate;
+ dc->writeback_rate_target = target;
+ }
+
+@@ -499,8 +513,6 @@ void bch_sectors_dirty_init(struct bcache_device *d)
+
+ bch_btree_map_keys(&op.op, d->c, &KEY(op.inode, 0, 0),
+ sectors_dirty_init_fn, 0);
+-
+- d->sectors_dirty_last = bcache_dev_sectors_dirty(d);
+ }
+
+ void bch_cached_dev_writeback_init(struct cached_dev *dc)
+@@ -514,10 +526,11 @@ void bch_cached_dev_writeback_init(struct cached_dev *dc)
+ dc->writeback_percent = 10;
+ dc->writeback_delay = 30;
+ dc->writeback_rate.rate = 1024;
++ dc->writeback_rate_minimum = 1;
+
+ dc->writeback_rate_update_seconds = 5;
+- dc->writeback_rate_d_term = 30;
+- dc->writeback_rate_p_term_inverse = 6000;
++ dc->writeback_rate_p_term_inverse = 40;
++ dc->writeback_rate_i_term_inverse = 10000;
+
+ INIT_DELAYED_WORK(&dc->writeback_rate_update, update_writeback_rate);
+ }
+--
+2.15.1
+
diff --git a/patches.drivers/0024-bcache-smooth-writeback-rate-control.patch b/patches.drivers/0024-bcache-smooth-writeback-rate-control.patch
new file mode 100644
index 0000000000..10ece25dff
--- /dev/null
+++ b/patches.drivers/0024-bcache-smooth-writeback-rate-control.patch
@@ -0,0 +1,73 @@
+From ae82ddbfeb359fcffa97be5fb5bcd59165f2864f Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Fri, 13 Oct 2017 16:35:37 -0700
+Subject: [PATCH] bcache: smooth writeback rate control
+Git-commit: ae82ddbfeb359fcffa97be5fb5bcd59165f2864f
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+This works in conjunction with the new PI controller. Currently, in
+real-world workloads, the rate controller attempts to write back 1
+sector per second. In practice, these minimum-rate writebacks are
+between 4k and 60k in test scenarios, since bcache aggregates and
+attempts to do contiguous writes and because filesystems on top of
+bcachefs typically write 4k or more.
+
+Previously, bcache used to guarantee to write at least once per second.
+This means that the actual writeback rate would exceed the configured
+amount by a factor of 8-120 or more.
+
+This patch adjusts to be willing to sleep up to 2.5 seconds, and to
+target writing 4k/second. On the smallest writes, it will sleep 1
+second like before, but many times it will sleep longer and load the
+backing device less. This keeps the loading on the cache and backing
+device related to writeback more consistent when writing back at low
+rates.
+
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/util.c | 10 ++++++++--
+ drivers/md/bcache/writeback.c | 2 +-
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c
+index 176d3c2ef5f5..4dbe37e82877 100644
+--- a/drivers/md/bcache/util.c
++++ b/drivers/md/bcache/util.c
+@@ -232,8 +232,14 @@ uint64_t bch_next_delay(struct bch_ratelimit *d, uint64_t done)
+
+ d->next += div_u64(done * NSEC_PER_SEC, d->rate);
+
+- if (time_before64(now + NSEC_PER_SEC, d->next))
+- d->next = now + NSEC_PER_SEC;
++ /* Bound the time. Don't let us fall further than 2 seconds behind
++ * (this prevents unnecessary backlog that would make it impossible
++ * to catch up). If we're ahead of the desired writeback rate,
++ * don't let us sleep more than 2.5 seconds (so we can notice/respond
++ * if the control system tells us to speed up!).
++ */
++ if (time_before64(now + NSEC_PER_SEC * 5 / 2, d->next))
++ d->next = now + NSEC_PER_SEC * 5 / 2;
+
+ if (time_after64(now - NSEC_PER_SEC * 2, d->next))
+ d->next = now - NSEC_PER_SEC * 2;
+diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
+index cac8678da5d0..8deb721c355e 100644
+--- a/drivers/md/bcache/writeback.c
++++ b/drivers/md/bcache/writeback.c
+@@ -526,7 +526,7 @@ void bch_cached_dev_writeback_init(struct cached_dev *dc)
+ dc->writeback_percent = 10;
+ dc->writeback_delay = 30;
+ dc->writeback_rate.rate = 1024;
+- dc->writeback_rate_minimum = 1;
++ dc->writeback_rate_minimum = 8;
+
+ dc->writeback_rate_update_seconds = 5;
+ dc->writeback_rate_p_term_inverse = 40;
+--
+2.15.1
+
diff --git a/patches.drivers/0025-bcache-writeback-rate-shouldn-t-artifically-clamp.patch b/patches.drivers/0025-bcache-writeback-rate-shouldn-t-artifically-clamp.patch
new file mode 100644
index 0000000000..ef06610f90
--- /dev/null
+++ b/patches.drivers/0025-bcache-writeback-rate-shouldn-t-artifically-clamp.patch
@@ -0,0 +1,90 @@
+From e41166c5c44e30dbd620f7c77a27efe5d5cc551a Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Fri, 13 Oct 2017 16:35:38 -0700
+Subject: [PATCH] bcache: writeback rate shouldn't artifically clamp
+Git-commit: e41166c5c44e30dbd620f7c77a27efe5d5cc551a
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+The previous code artificially limited writeback rate to 1000000
+blocks/second (NSEC_PER_MSEC), which is a rate that can be met on fast
+hardware. The rate limiting code works fine (though with decreased
+precision) up to 3 orders of magnitude faster, so use NSEC_PER_SEC.
+
+Additionally, ensure that uint32_t is used as a type for rate throughout
+the rate management so that type checking/clamp_t can work properly.
+
+bch_next_delay should be rewritten for increased precision and better
+handling of high rates and long sleep periods, but this is adequate for
+now.
+
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reported-by: Coly Li <colyli@suse.de>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/bcache.h | 2 +-
+ drivers/md/bcache/util.h | 4 ++--
+ drivers/md/bcache/writeback.c | 7 ++++---
+ 3 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
+index eb83be693d60..d77c4829c497 100644
+--- a/drivers/md/bcache/bcache.h
++++ b/drivers/md/bcache/bcache.h
+@@ -361,7 +361,7 @@ struct cached_dev {
+ int64_t writeback_rate_proportional;
+ int64_t writeback_rate_integral;
+ int64_t writeback_rate_integral_scaled;
+- int64_t writeback_rate_change;
++ int32_t writeback_rate_change;
+
+ unsigned writeback_rate_update_seconds;
+ unsigned writeback_rate_i_term_inverse;
+diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h
+index cb8d2ccbb6c6..8f509290bb02 100644
+--- a/drivers/md/bcache/util.h
++++ b/drivers/md/bcache/util.h
+@@ -441,10 +441,10 @@ struct bch_ratelimit {
+ uint64_t next;
+
+ /*
+- * Rate at which we want to do work, in units per nanosecond
++ * Rate at which we want to do work, in units per second
+ * The units here correspond to the units passed to bch_next_delay()
+ */
+- unsigned rate;
++ uint32_t rate;
+ };
+
+ static inline void bch_ratelimit_reset(struct bch_ratelimit *d)
+diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
+index 8deb721c355e..897d28050656 100644
+--- a/drivers/md/bcache/writeback.c
++++ b/drivers/md/bcache/writeback.c
+@@ -52,7 +52,8 @@ static void __update_writeback_rate(struct cached_dev *dc)
+ int64_t error = dirty - target;
+ int64_t proportional_scaled =
+ div_s64(error, dc->writeback_rate_p_term_inverse);
+- int64_t integral_scaled, new_rate;
++ int64_t integral_scaled;
++ uint32_t new_rate;
+
+ if ((error < 0 && dc->writeback_rate_integral > 0) ||
+ (error > 0 && time_before64(local_clock(),
+@@ -74,8 +75,8 @@ static void __update_writeback_rate(struct cached_dev *dc)
+ integral_scaled = div_s64(dc->writeback_rate_integral,
+ dc->writeback_rate_i_term_inverse);
+
+- new_rate = clamp_t(int64_t, (proportional_scaled + integral_scaled),
+- dc->writeback_rate_minimum, NSEC_PER_MSEC);
++ new_rate = clamp_t(int32_t, (proportional_scaled + integral_scaled),
++ dc->writeback_rate_minimum, NSEC_PER_SEC);
+
+ dc->writeback_rate_proportional = proportional_scaled;
+ dc->writeback_rate_integral_scaled = integral_scaled;
+--
+2.15.1
+
diff --git a/patches.drivers/0026-bcache-rearrange-writeback-main-thread-ratelimit.patch b/patches.drivers/0026-bcache-rearrange-writeback-main-thread-ratelimit.patch
new file mode 100644
index 0000000000..21c6d9641c
--- /dev/null
+++ b/patches.drivers/0026-bcache-rearrange-writeback-main-thread-ratelimit.patch
@@ -0,0 +1,58 @@
+From a8500fc816b19795756d27c762daa5e19f5e1b6f Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Fri, 13 Oct 2017 16:35:39 -0700
+Subject: [PATCH] bcache: rearrange writeback main thread ratelimit
+Git-commit: a8500fc816b19795756d27c762daa5e19f5e1b6f
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+The time spent searching for things to write back "counts" for the
+actual rate achieved, so don't flush the accumulated rate with each
+chunk.
+
+This will maintain better fidelity to user-commanded rates, but it
+may slightly increase the burstiness of writeback. The writeback
+lock needs improvement to help mitigate this.
+
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Kent Overstreet <kent.overstreet@gmail.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/writeback.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
+index 897d28050656..9b770b13bdf6 100644
+--- a/drivers/md/bcache/writeback.c
++++ b/drivers/md/bcache/writeback.c
+@@ -440,6 +440,8 @@ static int bch_writeback_thread(void *arg)
+ struct cached_dev *dc = arg;
+ bool searched_full_index;
+
++ bch_ratelimit_reset(&dc->writeback_rate);
++
+ while (!kthread_should_stop()) {
+ down_write(&dc->writeback_lock);
+ if (!atomic_read(&dc->has_dirty) ||
+@@ -467,7 +469,6 @@ static int bch_writeback_thread(void *arg)
+
+ up_write(&dc->writeback_lock);
+
+- bch_ratelimit_reset(&dc->writeback_rate);
+ read_dirty(dc);
+
+ if (searched_full_index) {
+@@ -477,6 +478,8 @@ static int bch_writeback_thread(void *arg)
+ !kthread_should_stop() &&
+ !test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags))
+ delay = schedule_timeout_interruptible(delay);
++
++ bch_ratelimit_reset(&dc->writeback_rate);
+ }
+ }
+
+--
+2.15.1
+
diff --git a/patches.drivers/0027-bcache-safeguard-a-dangerous-addressing-in-closure_q.patch b/patches.drivers/0027-bcache-safeguard-a-dangerous-addressing-in-closure_q.patch
new file mode 100644
index 0000000000..66b6128324
--- /dev/null
+++ b/patches.drivers/0027-bcache-safeguard-a-dangerous-addressing-in-closure_q.patch
@@ -0,0 +1,45 @@
+From 6446c684f9418d0175c9c3e5134e7744fe79181a Mon Sep 17 00:00:00 2001
+From: Liang Chen <liangchen.linux@gmail.com>
+Date: Fri, 13 Oct 2017 16:35:40 -0700
+Subject: [PATCH] bcache: safeguard a dangerous addressing in closure_queue
+Git-commit: 6446c684f9418d0175c9c3e5134e7744fe79181a
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+The use of the union reduces the size of closure struct by taking advantage
+of the current size of its members. The offset of func in work_struct
+equals the size of the first three members, so that work.work_func will
+just reference the forth member - fn.
+
+This is smart but dangerous. It can be broken if work_struct or the other
+structs get changed, and can be a bit difficult to debug.
+
+Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
+Reviewed-by: Michael Lyle <mlyle@lyle.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/closure.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h
+index 295b7e43f92c..00fb314cce57 100644
+--- a/drivers/md/bcache/closure.h
++++ b/drivers/md/bcache/closure.h
+@@ -251,6 +251,12 @@ static inline void set_closure_fn(struct closure *cl, closure_fn *fn,
+ static inline void closure_queue(struct closure *cl)
+ {
+ struct workqueue_struct *wq = cl->wq;
++ /**
++ * Changes made to closure, work_struct, or a couple of other structs
++ * may cause work.func not pointing to the right location.
++ */
++ BUILD_BUG_ON(offsetof(struct closure, fn)
++ != offsetof(struct work_struct, func));
+ if (wq) {
+ INIT_WORK(&cl->work, cl->work.func);
+ BUG_ON(!queue_work(wq, &cl->work));
+--
+2.15.1
+
diff --git a/patches.drivers/0028-bcache-writeback-rate-clamping-make-32-bit-safe.patch b/patches.drivers/0028-bcache-writeback-rate-clamping-make-32-bit-safe.patch
new file mode 100644
index 0000000000..81e16a40ee
--- /dev/null
+++ b/patches.drivers/0028-bcache-writeback-rate-clamping-make-32-bit-safe.patch
@@ -0,0 +1,40 @@
+From 9ce762e85bc95fd7aa1fb5f8cfc38ce5a228fc95 Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Mon, 16 Oct 2017 10:34:47 -0700
+Subject: [PATCH] bcache: writeback rate clamping: make 32 bit safe
+Git-commit: 9ce762e85bc95fd7aa1fb5f8cfc38ce5a228fc95
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+Sorry this got through to linux-block, was detected by the kbuilds test
+robot. NSEC_PER_SEC is a long constant; 2.5 * 10^9 doesn't fit in a
+signed long constant.
+
+Fixes: e41166c5c44e ("bcache: writeback rate shouldn't artifically clamp")
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c
+index 4dbe37e82877..e548b8b51322 100644
+--- a/drivers/md/bcache/util.c
++++ b/drivers/md/bcache/util.c
+@@ -238,8 +238,8 @@ uint64_t bch_next_delay(struct bch_ratelimit *d, uint64_t done)
+ * don't let us sleep more than 2.5 seconds (so we can notice/respond
+ * if the control system tells us to speed up!).
+ */
+- if (time_before64(now + NSEC_PER_SEC * 5 / 2, d->next))
+- d->next = now + NSEC_PER_SEC * 5 / 2;
++ if (time_before64(now + NSEC_PER_SEC * 5LLU / 2LLU, d->next))
++ d->next = now + NSEC_PER_SEC * 5LLU / 2LLU;
+
+ if (time_after64(now - NSEC_PER_SEC * 2, d->next))
+ d->next = now - NSEC_PER_SEC * 2;
+--
+2.15.1
+
diff --git a/patches.drivers/0029-bcache-update-bucket_in_use-in-real-time.patch b/patches.drivers/0029-bcache-update-bucket_in_use-in-real-time.patch
new file mode 100644
index 0000000000..3d9cb99f7c
--- /dev/null
+++ b/patches.drivers/0029-bcache-update-bucket_in_use-in-real-time.patch
@@ -0,0 +1,161 @@
+From d44c2f9e7cc0041f0cd88df1fe7a1fceb713ab14 Mon Sep 17 00:00:00 2001
+From: Tang Junhui <tang.junhui@zte.com.cn>
+Date: Mon, 30 Oct 2017 14:46:33 -0700
+Subject: [PATCH] bcache: update bucket_in_use in real time
+Git-commit: d44c2f9e7cc0041f0cd88df1fe7a1fceb713ab14
+Patch-mainline: v4.15-rc1
+References: bsc#1076110
+
+bucket_in_use is updated in gc thread which triggered by invalidating or
+writing sectors_to_gc dirty data, It's a long interval. Therefore, when we
+use it to compare with the threshold, it is often not timely, which leads
+to inaccurate judgment and often results in bucket depletion.
+
+We have send a patch before, by the means of updating bucket_in_use
+periodically In gc thread, which Coly thought that would lead high
+latency, In this patch, we add avail_nbuckets to record the count of
+available buckets, and we calculate bucket_in_use when alloc or free
+bucket in real time.
+
+[edited by ML: eliminated some whitespace errors]
+
+Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Coly Li <colyli@suse.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/alloc.c | 10 ++++++++++
+ drivers/md/bcache/bcache.h | 1 +
+ drivers/md/bcache/btree.c | 17 ++++++++++-------
+ drivers/md/bcache/btree.h | 2 +-
+ 4 files changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
+index 4c40870e99f5..8c5a626343d4 100644
+--- a/drivers/md/bcache/alloc.c
++++ b/drivers/md/bcache/alloc.c
+@@ -442,6 +442,11 @@ long bch_bucket_alloc(struct cache *ca, unsigned reserve, bool wait)
+ b->prio = INITIAL_PRIO;
+ }
+
++ if (ca->set->avail_nbuckets > 0) {
++ ca->set->avail_nbuckets--;
++ bch_update_bucket_in_use(ca->set, &ca->set->gc_stats);
++ }
++
+ return r;
+ }
+
+@@ -449,6 +454,11 @@ void __bch_bucket_free(struct cache *ca, struct bucket *b)
+ {
+ SET_GC_MARK(b, 0);
+ SET_GC_SECTORS_USED(b, 0);
++
++ if (ca->set->avail_nbuckets < ca->set->nbuckets) {
++ ca->set->avail_nbuckets++;
++ bch_update_bucket_in_use(ca->set, &ca->set->gc_stats);
++ }
+ }
+
+ void bch_bucket_free(struct cache_set *c, struct bkey *k)
+diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
+index 363ea6256b39..e274082330dc 100644
+--- a/drivers/md/bcache/bcache.h
++++ b/drivers/md/bcache/bcache.h
+@@ -581,6 +581,7 @@ struct cache_set {
+ uint8_t need_gc;
+ struct gc_stat gc_stats;
+ size_t nbuckets;
++ size_t avail_nbuckets;
+
+ struct task_struct *gc_thread;
+ /* Where in the btree gc currently is */
+diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
+index 866dcf78ff8e..d8865e6ead37 100644
+--- a/drivers/md/bcache/btree.c
++++ b/drivers/md/bcache/btree.c
+@@ -1240,6 +1240,11 @@ void bch_initial_mark_key(struct cache_set *c, int level, struct bkey *k)
+ __bch_btree_mark_key(c, level, k);
+ }
+
++void bch_update_bucket_in_use(struct cache_set *c, struct gc_stat *stats)
++{
++ stats->in_use = (c->nbuckets - c->avail_nbuckets) * 100 / c->nbuckets;
++}
++
+ static bool btree_gc_mark_node(struct btree *b, struct gc_stat *gc)
+ {
+ uint8_t stale = 0;
+@@ -1651,9 +1656,8 @@ static void btree_gc_start(struct cache_set *c)
+ mutex_unlock(&c->bucket_lock);
+ }
+
+-static size_t bch_btree_gc_finish(struct cache_set *c)
++static void bch_btree_gc_finish(struct cache_set *c)
+ {
+- size_t available = 0;
+ struct bucket *b;
+ struct cache *ca;
+ unsigned i;
+@@ -1690,6 +1694,7 @@ static size_t bch_btree_gc_finish(struct cache_set *c)
+ }
+ rcu_read_unlock();
+
++ c->avail_nbuckets = 0;
+ for_each_cache(ca, c, i) {
+ uint64_t *i;
+
+@@ -1711,18 +1716,16 @@ static size_t bch_btree_gc_finish(struct cache_set *c)
+ BUG_ON(!GC_MARK(b) && GC_SECTORS_USED(b));
+
+ if (!GC_MARK(b) || GC_MARK(b) == GC_MARK_RECLAIMABLE)
+- available++;
++ c->avail_nbuckets++;
+ }
+ }
+
+ mutex_unlock(&c->bucket_lock);
+- return available;
+ }
+
+ static void bch_btree_gc(struct cache_set *c)
+ {
+ int ret;
+- unsigned long available;
+ struct gc_stat stats;
+ struct closure writes;
+ struct btree_op op;
+@@ -1745,14 +1748,14 @@ static void bch_btree_gc(struct cache_set *c)
+ pr_warn("gc failed!");
+ } while (ret);
+
+- available = bch_btree_gc_finish(c);
++ bch_btree_gc_finish(c);
+ wake_up_allocators(c);
+
+ bch_time_stats_update(&c->btree_gc_time, start_time);
+
+ stats.key_bytes *= sizeof(uint64_t);
+ stats.data <<= 9;
+- stats.in_use = (c->nbuckets - available) * 100 / c->nbuckets;
++ bch_update_bucket_in_use(c, &stats);
+ memcpy(&c->gc_stats, &stats, sizeof(struct gc_stat));
+
+ trace_bcache_gc_end(c);
+diff --git a/drivers/md/bcache/btree.h b/drivers/md/bcache/btree.h
+index 73da1f5626cb..4073aca09a49 100644
+--- a/drivers/md/bcache/btree.h
++++ b/drivers/md/bcache/btree.h
+@@ -305,5 +305,5 @@ void bch_keybuf_del(struct keybuf *, struct keybuf_key *);
+ struct keybuf_key *bch_keybuf_next(struct keybuf *);
+ struct keybuf_key *bch_keybuf_next_rescan(struct cache_set *, struct keybuf *,
+ struct bkey *, keybuf_pred_fn *);
+-
++void bch_update_bucket_in_use(struct cache_set *c, struct gc_stat *stats);
+ #endif
+--
+2.15.1
+
diff --git a/patches.drivers/0030-bcache-add-a-comment-in-journal-bucket-reading.patch b/patches.drivers/0030-bcache-add-a-comment-in-journal-bucket-reading.patch
new file mode 100644
index 0000000000..0054e03481
--- /dev/null
+++ b/patches.drivers/0030-bcache-add-a-comment-in-journal-bucket-reading.patch
@@ -0,0 +1,55 @@
+From bb22cafd75686d799dabfe422571fac4b5c2ed94 Mon Sep 17 00:00:00 2001
+From: Tang Junhui <tang.junhui@zte.com.cn>
+Date: Fri, 24 Nov 2017 15:14:24 -0800
+Subject: [PATCH] bcache: add a comment in journal bucket reading
+Git-commit: bb22cafd75686d799dabfe422571fac4b5c2ed94
+Patch-mainline: v4.15-rc2
+References: bsc#1076110
+
+Journal bucket is a circular buffer, the bucket
+can be like YYYNNNYY, which means the first valid journal in
+the 7th bucket, and the latest valid journal in third bucket, in
+this case, if we do not try we the zero index first, We
+may get a valid journal in the 7th bucket, then we call
+find_next_bit(bitmap,ca->sb.njournal_buckets, l + 1) to get the
+first invalid bucket after the 7th bucket, because all these
+buckets is valid, so no bit 1 in bitmap, thus find_next_bit()
+function would return with ca->sb.njournal_buckets (8). So, after
+that, bcache only read journal in 7th and 8the bucket,
+the first to the third buckets are lost.
+
+So, it is important to let developer know that, we need to try
+the zero index at first in the hash-search, and avoid any breaks
+in future's code modification.
+
+[ml: Fixed whitespace & formatting & file permissions]
+
+Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Michael Lyle <mlyle@lyle.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/journal.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c
+index 02a98ddb592d..5018c56ebb67 100644
+--- a/drivers/md/bcache/journal.c
++++ b/drivers/md/bcache/journal.c
+@@ -170,6 +170,11 @@ int bch_journal_read(struct cache_set *c, struct list_head *list)
+ * find a sequence of buckets with valid journal entries
+ */
+ for (i = 0; i < ca->sb.njournal_buckets; i++) {
++ /*
++ * We must try the index l with ZERO first for
++ * correctness due to the scenario that the journal
++ * bucket is circular buffer which might have wrapped
++ */
+ l = (i * 2654435769U) % ca->sb.njournal_buckets;
+
+ if (test_bit(l, bitmap))
+--
+2.15.1
+
diff --git a/patches.drivers/0031-bcache-check-return-value-of-register_shrinker.patch b/patches.drivers/0031-bcache-check-return-value-of-register_shrinker.patch
new file mode 100644
index 0000000000..f2367f7c21
--- /dev/null
+++ b/patches.drivers/0031-bcache-check-return-value-of-register_shrinker.patch
@@ -0,0 +1,43 @@
+From 6c4ca1e36cdc1a0a7a84797804b87920ccbebf51 Mon Sep 17 00:00:00 2001
+From: Michael Lyle <mlyle@lyle.org>
+Date: Fri, 24 Nov 2017 15:14:27 -0800
+Subject: [PATCH] bcache: check return value of register_shrinker
+Git-commit: 6c4ca1e36cdc1a0a7a84797804b87920ccbebf51
+Patch-mainline: v4.15-rc2
+References: bsc#1076110
+
+register_shrinker is now __must_check, so check it to kill a warning.
+Caller of bch_btree_cache_alloc in super.c appropriately checks return
+value so this is fully plumbed through.
+
+This V2 fixes checkpatch warnings and improves the commit description,
+as I was too hasty getting the previous version out.
+
+Signed-off-by: Michael Lyle <mlyle@lyle.org>
+Reviewed-by: Vojtech Pavlik <vojtech@suse.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Coly Li <colyli@suse.de>
+
+---
+ drivers/md/bcache/btree.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
+index 11c5503d31dc..81e8dc3dbe5e 100644
+--- a/drivers/md/bcache/btree.c
++++ b/drivers/md/bcache/btree.c
+@@ -807,7 +807,10 @@ int bch_btree_cache_alloc(struct cache_set *c)
+ c->shrink.scan_objects = bch_mca_scan;
+ c->shrink.seeks = 4;
+ c->shrink.batch = c->btree_pages * 2;
+- register_shrinker(&c->shrink);
++
++ if (register_shrinker(&c->shrink))
++ pr_warn("bcache: %s: could not register shrinker",
++ __func__);
+
+ return 0;
+ }
+--
+2.15.1
+
diff --git a/patches.drivers/IB-qib-Fix-comparison-error-with-qperf-compare-swap-.patch b/patches.drivers/IB-qib-Fix-comparison-error-with-qperf-compare-swap-.patch
new file mode 100644
index 0000000000..d50d1d2e96
--- /dev/null
+++ b/patches.drivers/IB-qib-Fix-comparison-error-with-qperf-compare-swap-.patch
@@ -0,0 +1,48 @@
+From: Mike Marciniszyn <mike.marciniszyn@intel.com>
+Date: Tue, 14 Nov 2017 04:34:52 -0800
+Subject: IB/qib: Fix comparison error with qperf compare/swap test
+Patch-mainline: v4.16-rc1
+Git-commit: 87b3524cb5058fdc7c2afdb92bdb2e079661ddc4
+References: FATE#321231 FATE#321473
+
+This failure exists with qib:
+
+ver_rc_compare_swap:
+mismatch, sequence 2, expected 123456789abcdef, got 0
+
+The request builder was using the incorrect inlines to
+build the request header resulting in incorrect data
+in the atomic header.
+
+Fix by using the appropriate inlines to create the request.
+
+Cc: <stable@vger.kernel.org> # 4.9.x+
+Fixes: 261a4351844b ("IB/qib,IB/hfi: Use core common header file")
+Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
+Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
+Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/qib/qib_rc.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/infiniband/hw/qib/qib_rc.c
++++ b/drivers/infiniband/hw/qib/qib_rc.c
+@@ -434,13 +434,13 @@ int qib_make_rc_req(struct rvt_qp *qp, u
+ qp->s_state = OP(COMPARE_SWAP);
+ put_ib_ateth_swap(wqe->atomic_wr.swap,
+ &ohdr->u.atomic_eth);
+- put_ib_ateth_swap(wqe->atomic_wr.compare_add,
+- &ohdr->u.atomic_eth);
++ put_ib_ateth_compare(wqe->atomic_wr.compare_add,
++ &ohdr->u.atomic_eth);
+ } else {
+ qp->s_state = OP(FETCH_ADD);
+ put_ib_ateth_swap(wqe->atomic_wr.compare_add,
+ &ohdr->u.atomic_eth);
+- put_ib_ateth_swap(0, &ohdr->u.atomic_eth);
++ put_ib_ateth_compare(0, &ohdr->u.atomic_eth);
+ }
+ put_ib_ateth_vaddr(wqe->atomic_wr.remote_addr,
+ &ohdr->u.atomic_eth);
diff --git a/patches.drivers/be2net-restore-properly-promisc-mode-after-queues-re.patch b/patches.drivers/be2net-restore-properly-promisc-mode-after-queues-re.patch
new file mode 100644
index 0000000000..abdfae5105
--- /dev/null
+++ b/patches.drivers/be2net-restore-properly-promisc-mode-after-queues-re.patch
@@ -0,0 +1,53 @@
+From: Ivan Vecera <cera@cera.cz>
+Date: Fri, 19 Jan 2018 20:23:50 +0100
+Subject: be2net: restore properly promisc mode after queues reconfiguration
+Patch-mainline: v4.15 or v4.15-rc10 (next release)
+Git-commit: 52acf06451930eb4cefabd5ecea56e2d46c32f76
+References: bsc#963844 FATE#320192
+
+The commit 622190669403 ("be2net: Request RSS capability of Rx interface
+depending on number of Rx rings") modified be_update_queues() so the
+IFACE (HW representation of the netdevice) is destroyed and then
+re-created. This causes a regression because potential promiscuous mode
+is not restored properly during be_open() because the driver thinks
+that the HW has promiscuous mode already enabled.
+
+Note that Lancer is not affected by this bug because RX-filter flags are
+disabled during be_close() for this chipset.
+
+Cc: Sathya Perla <sathya.perla@broadcom.com>
+Cc: Ajit Khaparde <ajit.khaparde@broadcom.com>
+Cc: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
+Cc: Somnath Kotur <somnath.kotur@broadcom.com>
+
+Fixes: 622190669403 ("be2net: Request RSS capability of Rx interface depending on number of Rx rings")
+Signed-off-by: Ivan Vecera <ivecera@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: David Chang <dchang@suse.com>
+---
+ drivers/net/ethernet/emulex/benet/be_main.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
+index 1e8f7599bbfc..136a1584b026 100644
+--- a/drivers/net/ethernet/emulex/benet/be_main.c
++++ b/drivers/net/ethernet/emulex/benet/be_main.c
+@@ -4591,6 +4591,15 @@ int be_update_queues(struct be_adapter *adapter)
+
+ be_schedule_worker(adapter);
+
++ /*
++ * The IF was destroyed and re-created. We need to clear
++ * all promiscuous flags valid for the destroyed IF.
++ * Without this promisc mode is not restored during
++ * be_open() because the driver thinks that it is
++ * already enabled in HW.
++ */
++ adapter->if_flags &= ~BE_IF_FLAGS_ALL_PROMISCUOUS;
++
+ if (netif_running(netdev))
+ status = be_open(netdev);
+
+--
+2.13.6
+
diff --git a/patches.drivers/bnxt_en-Don-t-print-Link-speed-1-no-longer-supported.patch b/patches.drivers/bnxt_en-Don-t-print-Link-speed-1-no-longer-supported.patch
index b6adccbfa5..8f914da40e 100644
--- a/patches.drivers/bnxt_en-Don-t-print-Link-speed-1-no-longer-supported.patch
+++ b/patches.drivers/bnxt_en-Don-t-print-Link-speed-1-no-longer-supported.patch
@@ -1,8 +1,7 @@
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 6 Dec 2017 17:31:22 -0500
Subject: bnxt_en: Don't print "Link speed -1 no longer supported" messages.
-Patch-mainline: Queued in subsystem maintainer repository
-Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
+Patch-mainline: v4.16-rc1
Git-commit: a8168b6cee6e9334dfebb4b9108e8d73794f6088
References: bsc#1070116
diff --git a/patches.drivers/bonding-add-802.3ad-support-for-100G-speeds.patch b/patches.drivers/bonding-add-802.3ad-support-for-100G-speeds.patch
index 601d12f2f5..41dd10afe4 100644
--- a/patches.drivers/bonding-add-802.3ad-support-for-100G-speeds.patch
+++ b/patches.drivers/bonding-add-802.3ad-support-for-100G-speeds.patch
@@ -47,7 +47,7 @@ Acked-by: Benjamin Poirier <bpoirier@suse.com>
speed = 0;
@@ -696,6 +702,9 @@ static u32 __get_agg_bandwidth(struct ag
case AD_LINK_SPEED_56000MBPS:
- bandwidth = nports * 56000;
+ bandwidth = aggregator->num_of_ports * 56000;
break;
+ case AD_LINK_SPEED_100000MBPS:
+ bandwidth = aggregator->num_of_ports * 100000;
diff --git a/patches.drivers/bonding-allow-notifications-for-bond_set_slave_link_.patch b/patches.drivers/bonding-allow-notifications-for-bond_set_slave_link_.patch
index d3c9618055..c9e4c0b95e 100644
--- a/patches.drivers/bonding-allow-notifications-for-bond_set_slave_link_.patch
+++ b/patches.drivers/bonding-allow-notifications-for-bond_set_slave_link_.patch
@@ -107,9 +107,9 @@ index d3dbd2335c43..44127a909de6 100644
(bond->params.updelay - slave->delay) *
bond->params.miimon,
@@ -2118,7 +2128,8 @@ static void bond_miimon_commit(struct bonding *bond)
+ continue;
case BOND_LINK_UP:
- bond_update_speed_duplex(slave);
- bond_set_slave_link_state(slave, BOND_LINK_UP);
+ bond_set_slave_link_state(slave, BOND_LINK_UP,
+ BOND_SLAVE_NOTIFY_NOW);
diff --git a/patches.drivers/e1000e-Avoid-receiver-overrun-interrupt-bursts.patch b/patches.drivers/e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
deleted file mode 100644
index 8bfd2dcedf..0000000000
--- a/patches.drivers/e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From: Benjamin Poirier <bpoirier@suse.com>
-Date: Fri, 21 Jul 2017 11:36:27 -0700
-Subject: e1000e: Avoid receiver overrun interrupt bursts
-Patch-mainline: v4.15-rc1
-Git-commit: 4aea7a5c5e940c1723add439f4088844cd26196d
-References: bsc#969470 FATE#319819
-
-When e1000e_poll() is not fast enough to keep up with incoming traffic, the
-adapter (when operating in msix mode) raises the Other interrupt to signal
-Receiver Overrun.
-
-This is a double problem because 1) at the moment e1000_msix_other()
-assumes that it is only called in case of Link Status Change and 2) if the
-condition persists, the interrupt is repeatedly raised again in quick
-succession.
-
-Ideally we would configure the Other interrupt to not be raised in case of
-receiver overrun but this doesn't seem possible on this adapter. Instead,
-we handle the first part of the problem by reverting to the practice of
-reading ICR in the other interrupt handler, like before commit 16ecba59bc33
-("e1000e: Do not read ICR in Other interrupt"). Thanks to commit
-0a8047ac68e5 ("e1000e: Fix msi-x interrupt automask") which cleared IAME
-from CTRL_EXT, reading ICR doesn't interfere with RxQ0, TxQ0 interrupts
-anymore. We handle the second part of the problem by not re-enabling the
-Other interrupt right away when there is overrun. Instead, we wait until
-traffic subsides, napi polling mode is exited and interrupts are
-re-enabled.
-
-Reported-by: Lennart Sorensen <lsorense@csclub.uwaterloo.ca>
-Fixes: 16ecba59bc33 ("e1000e: Do not read ICR in Other interrupt")
-Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
-Tested-by: Aaron Brown <aaron.f.brown@intel.com>
-Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
----
- drivers/net/ethernet/intel/e1000e/defines.h | 1
- drivers/net/ethernet/intel/e1000e/netdev.c | 31 +++++++++++++++++++++-------
- 2 files changed, 25 insertions(+), 7 deletions(-)
-
---- a/drivers/net/ethernet/intel/e1000e/defines.h
-+++ b/drivers/net/ethernet/intel/e1000e/defines.h
-@@ -398,6 +398,7 @@
- #define E1000_ICR_LSC 0x00000004 /* Link Status Change */
- #define E1000_ICR_RXSEQ 0x00000008 /* Rx sequence error */
- #define E1000_ICR_RXDMT0 0x00000010 /* Rx desc min. threshold (0) */
-+#define E1000_ICR_RXO 0x00000040 /* Receiver Overrun */
- #define E1000_ICR_RXT0 0x00000080 /* Rx timer intr (ring 0) */
- #define E1000_ICR_ECCER 0x00400000 /* Uncorrectable ECC Error */
- /* If this bit asserted, the driver should claim the interrupt */
---- a/drivers/net/ethernet/intel/e1000e/netdev.c
-+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
-@@ -1905,14 +1905,30 @@ static irqreturn_t e1000_msix_other(int
- struct net_device *netdev = data;
- struct e1000_adapter *adapter = netdev_priv(netdev);
- struct e1000_hw *hw = &adapter->hw;
-+ u32 icr;
-+ bool enable = true;
-
-- hw->mac.get_link_status = true;
-+ icr = er32(ICR);
-+ if (icr & E1000_ICR_RXO) {
-+ ew32(ICR, E1000_ICR_RXO);
-+ enable = false;
-+ /* napi poll will re-enable Other, make sure it runs */
-+ if (napi_schedule_prep(&adapter->napi)) {
-+ adapter->total_rx_bytes = 0;
-+ adapter->total_rx_packets = 0;
-+ __napi_schedule(&adapter->napi);
-+ }
-+ }
-+ if (icr & E1000_ICR_LSC) {
-+ ew32(ICR, E1000_ICR_LSC);
-+ hw->mac.get_link_status = true;
-+ /* guard against interrupt when we're going down */
-+ if (!test_bit(__E1000_DOWN, &adapter->state))
-+ mod_timer(&adapter->watchdog_timer, jiffies + 1);
-+ }
-
-- /* guard against interrupt when we're going down */
-- if (!test_bit(__E1000_DOWN, &adapter->state)) {
-- mod_timer(&adapter->watchdog_timer, jiffies + 1);
-+ if (enable && !test_bit(__E1000_DOWN, &adapter->state))
- ew32(IMS, E1000_IMS_OTHER);
-- }
-
- return IRQ_HANDLED;
- }
-@@ -2683,7 +2699,8 @@ static int e1000e_poll(struct napi_struc
- napi_complete_done(napi, work_done);
- if (!test_bit(__E1000_DOWN, &adapter->state)) {
- if (adapter->msix_entries)
-- ew32(IMS, adapter->rx_ring->ims_val);
-+ ew32(IMS, adapter->rx_ring->ims_val |
-+ E1000_IMS_OTHER);
- else
- e1000_irq_enable(adapter);
- }
-@@ -4178,7 +4195,7 @@ static void e1000e_trigger_lsc(struct e1
- struct e1000_hw *hw = &adapter->hw;
-
- if (adapter->msix_entries)
-- ew32(ICS, E1000_ICS_OTHER);
-+ ew32(ICS, E1000_ICS_LSC | E1000_ICS_OTHER);
- else
- ew32(ICS, E1000_ICS_LSC);
- }
diff --git a/patches.drivers/i40iw-Correct-Q1-XF-object-count-equation.patch b/patches.drivers/i40iw-Correct-Q1-XF-object-count-equation.patch
new file mode 100644
index 0000000000..81a69282be
--- /dev/null
+++ b/patches.drivers/i40iw-Correct-Q1-XF-object-count-equation.patch
@@ -0,0 +1,34 @@
+From: Shiraz Saleem <shiraz.saleem@intel.com>
+Date: Fri, 22 Dec 2017 09:46:56 -0600
+Subject: i40iw: Correct Q1/XF object count equation
+Patch-mainline: v4.16-rc1
+Git-commit: fe99afd1febd74e0ef1fed7e3283f09effe1f4f0
+References: bsc#969476 FATE#319648 bsc#969477 FATE#319816
+
+Lower Inbound RDMA Read Queue (Q1) object count by a factor of 2
+as it is incorrectly doubled. Also, round up Q1 and Transmit FIFO (XF)
+object count to power of 2 to satisfy hardware requirement.
+
+Fixes: 86dbcd0f12e9 ("i40iw: add file to handle cqp calls")
+Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
+@@ -3876,8 +3876,10 @@ enum i40iw_status_code i40iw_config_fpm_
+ hmc_info->hmc_obj[I40IW_HMC_IW_APBVT_ENTRY].cnt = 1;
+ hmc_info->hmc_obj[I40IW_HMC_IW_MR].cnt = mrwanted;
+
+- hmc_info->hmc_obj[I40IW_HMC_IW_XF].cnt = I40IW_MAX_WQ_ENTRIES * qpwanted;
+- hmc_info->hmc_obj[I40IW_HMC_IW_Q1].cnt = 4 * I40IW_MAX_IRD_SIZE * qpwanted;
++ hmc_info->hmc_obj[I40IW_HMC_IW_XF].cnt =
++ roundup_pow_of_two(I40IW_MAX_WQ_ENTRIES * qpwanted);
++ hmc_info->hmc_obj[I40IW_HMC_IW_Q1].cnt =
++ roundup_pow_of_two(2 * I40IW_MAX_IRD_SIZE * qpwanted);
+ hmc_info->hmc_obj[I40IW_HMC_IW_XFFL].cnt =
+ hmc_info->hmc_obj[I40IW_HMC_IW_XF].cnt / hmc_fpm_misc->xf_block_size;
+ hmc_info->hmc_obj[I40IW_HMC_IW_Q1FL].cnt =
diff --git a/patches.drivers/i40iw-Fix-sequence-number-for-the-first-partial-FPDU.patch b/patches.drivers/i40iw-Fix-sequence-number-for-the-first-partial-FPDU.patch
new file mode 100644
index 0000000000..8d9b5b13b3
--- /dev/null
+++ b/patches.drivers/i40iw-Fix-sequence-number-for-the-first-partial-FPDU.patch
@@ -0,0 +1,41 @@
+From: Shiraz Saleem <shiraz.saleem@intel.com>
+Date: Fri, 22 Dec 2017 09:46:59 -0600
+Subject: i40iw: Fix sequence number for the first partial FPDU
+Patch-mainline: v4.16-rc1
+Git-commit: df8b13a1b23356d01dfc4647a5629cdb0f4ce566
+References: bsc#969476 FATE#319648 bsc#969477 FATE#319816
+
+Partial FPDU processing is broken as the sequence number
+for the first partial FPDU is wrong due to incorrect
+Q2 buffer offset. The offset should be 64 rather than 16.
+
+Fixes: 786c6adb3a94 ("i40iw: add puda code")
+Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/i40iw/i40iw_d.h | 1 +
+ drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw_d.h
++++ b/drivers/infiniband/hw/i40iw/i40iw_d.h
+@@ -97,6 +97,7 @@
+ #define RDMA_OPCODE_MASK 0x0f
+ #define RDMA_READ_REQ_OPCODE 1
+ #define Q2_BAD_FRAME_OFFSET 72
++#define Q2_FPSN_OFFSET 64
+ #define CQE_MAJOR_DRV 0x8000
+
+ #define I40IW_TERM_SENT 0x01
+--- a/drivers/infiniband/hw/i40iw/i40iw_puda.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_puda.c
+@@ -1376,7 +1376,7 @@ static void i40iw_ieq_handle_exception(s
+ u32 *hw_host_ctx = (u32 *)qp->hw_host_ctx;
+ u32 rcv_wnd = hw_host_ctx[23];
+ /* first partial seq # in q2 */
+- u32 fps = qp->q2_buf[16];
++ u32 fps = *(u32 *)(qp->q2_buf + Q2_FPSN_OFFSET);
+ struct list_head *rxlist = &pfpdu->rxlist;
+ struct list_head *plist;
+
diff --git a/patches.drivers/i40iw-Fix-the-connection-ORD-value-for-loopback.patch b/patches.drivers/i40iw-Fix-the-connection-ORD-value-for-loopback.patch
new file mode 100644
index 0000000000..9aec4b5e43
--- /dev/null
+++ b/patches.drivers/i40iw-Fix-the-connection-ORD-value-for-loopback.patch
@@ -0,0 +1,105 @@
+From: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
+Date: Fri, 22 Dec 2017 09:47:02 -0600
+Subject: i40iw: Fix the connection ORD value for loopback
+Patch-mainline: v4.16-rc1
+Git-commit: fefa06811cc7b1c25904579833b4f319cde3ce7f
+References: bsc#969476 FATE#319648 bsc#969477 FATE#319816
+
+The accepting QP ORD value should be adjusted not to
+exceed the peer QP IRD value (RFC 6581). This is
+skipped for loopback. After the ORD is validated
+by i40iw_record_ird_ord(), adjust the ORD value of
+the loopback accepting QP to prevent overrunning the
+IRD space of the peer QP. Also move the ORD accounting
+for 0-byte RDMA read to i40iw_record_ird_ord().
+
+Fixes: f27b4746f378 ("i40iw: add connection management code")
+Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
+Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/i40iw/i40iw_cm.c | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw_cm.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_cm.c
+@@ -133,6 +133,8 @@ static void i40iw_record_ird_ord(struct
+
+ if (conn_ord > I40IW_MAX_ORD_SIZE)
+ conn_ord = I40IW_MAX_ORD_SIZE;
++ else if (!conn_ord && cm_node->send_rdma0_op == SEND_RDMA_READ_ZERO)
++ conn_ord = 1;
+
+ cm_node->ird_size = conn_ird;
+ cm_node->ord_size = conn_ord;
+@@ -2869,15 +2871,13 @@ static struct i40iw_cm_listener *i40iw_m
+ * i40iw_create_cm_node - make a connection node with params
+ * @cm_core: cm's core
+ * @iwdev: iwarp device structure
+- * @private_data_len: len to provate data for mpa request
+- * @private_data: pointer to private data for connection
++ * @conn_param: upper layer connection parameters
+ * @cm_info: quad info for connection
+ */
+ static struct i40iw_cm_node *i40iw_create_cm_node(
+ struct i40iw_cm_core *cm_core,
+ struct i40iw_device *iwdev,
+- u16 private_data_len,
+- void *private_data,
++ struct iw_cm_conn_param *conn_param,
+ struct i40iw_cm_info *cm_info)
+ {
+ struct i40iw_cm_node *cm_node;
+@@ -2885,6 +2885,9 @@ static struct i40iw_cm_node *i40iw_creat
+ struct i40iw_cm_node *loopback_remotenode;
+ struct i40iw_cm_info loopback_cm_info;
+
++ u16 private_data_len = conn_param->private_data_len;
++ const void *private_data = conn_param->private_data;
++
+ /* create a CM connection node */
+ cm_node = i40iw_make_cm_node(cm_core, iwdev, cm_info, NULL);
+ if (!cm_node)
+@@ -2893,6 +2896,8 @@ static struct i40iw_cm_node *i40iw_creat
+ cm_node->tcp_cntxt.client = 1;
+ cm_node->tcp_cntxt.rcv_wscale = I40IW_CM_DEFAULT_RCV_WND_SCALE;
+
++ i40iw_record_ird_ord(cm_node, conn_param->ird, conn_param->ord);
++
+ if (!memcmp(cm_info->loc_addr, cm_info->rem_addr, sizeof(cm_info->loc_addr))) {
+ loopback_remotelistener = i40iw_find_listener(
+ cm_core,
+@@ -2926,6 +2931,10 @@ static struct i40iw_cm_node *i40iw_creat
+ private_data_len);
+ loopback_remotenode->pdata.size = private_data_len;
+
++ if (loopback_remotenode->ord_size > cm_node->ird_size)
++ loopback_remotenode->ord_size =
++ cm_node->ird_size;
++
+ cm_node->state = I40IW_CM_STATE_OFFLOADED;
+ cm_node->tcp_cntxt.rcv_nxt =
+ loopback_remotenode->tcp_cntxt.loc_seq_num;
+@@ -3834,20 +3843,13 @@ int i40iw_connect(struct iw_cm_id *cm_id
+ apbvt_set = 1;
+ cm_id->add_ref(cm_id);
+ cm_node = i40iw_create_cm_node(&iwdev->cm_core, iwdev,
+- conn_param->private_data_len,
+- (void *)conn_param->private_data,
+- &cm_info);
++ conn_param, &cm_info);
+
+ if (IS_ERR(cm_node)) {
+ err = PTR_ERR(cm_node);
+ goto err_out;
+ }
+
+- i40iw_record_ird_ord(cm_node, conn_param->ird, conn_param->ord);
+- if (cm_node->send_rdma0_op == SEND_RDMA_READ_ZERO &&
+- !cm_node->ord_size)
+- cm_node->ord_size = 1;
+-
+ cm_node->apbvt_set = apbvt_set;
+ cm_node->qhash_set = qhash_set;
+ iwqp->cm_node = cm_node;
diff --git a/patches.drivers/i40iw-Remove-limit-on-re-posting-AEQ-entries-to-HW.patch b/patches.drivers/i40iw-Remove-limit-on-re-posting-AEQ-entries-to-HW.patch
new file mode 100644
index 0000000000..a129293a73
--- /dev/null
+++ b/patches.drivers/i40iw-Remove-limit-on-re-posting-AEQ-entries-to-HW.patch
@@ -0,0 +1,46 @@
+From: Sindhu Devale <sindhu.devale@intel.com>
+Date: Thu, 11 Jan 2018 18:10:52 -0600
+Subject: i40iw: Remove limit on re-posting AEQ entries to HW
+Patch-mainline: v4.16-rc1
+Git-commit: 72b30e986d2527c023de455d55570e2d32494839
+References: bsc#969476 FATE#319648 bsc#969477 FATE#319816
+
+Currently, if the number of processed Asynchronous Event Queue (AEQ)
+entries exceeds 255, they are not returned to HW for re-use. During
+scale-up, the unreturned AEQ entries can grow to the max AEQ size and
+cause the HW to report an AEQ overflow.
+
+Remove the check which limits the number of processed AEQ entries returned
+to HW.
+
+Fixes: 86dbcd0f12e9 ("RDMA/i40iw: add file to handle cqp calls")
+Signed-off-by: Sindhu Devale <sindhu.devale@intel.com>
+Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 2 --
+ drivers/infiniband/hw/i40iw/i40iw_user.h | 1 -
+ 2 files changed, 3 deletions(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
+@@ -1834,8 +1834,6 @@ static enum i40iw_status_code i40iw_sc_g
+ static enum i40iw_status_code i40iw_sc_repost_aeq_entries(struct i40iw_sc_dev *dev,
+ u32 count)
+ {
+- if (count > I40IW_MAX_AEQ_ALLOCATE_COUNT)
+- return I40IW_ERR_INVALID_SIZE;
+
+ if (dev->is_pf)
+ i40iw_wr32(dev->hw, I40E_PFPE_AEQALLOC, count);
+--- a/drivers/infiniband/hw/i40iw/i40iw_user.h
++++ b/drivers/infiniband/hw/i40iw/i40iw_user.h
+@@ -59,7 +59,6 @@ enum i40iw_device_capabilities_const {
+ I40IW_MAX_CEQ_ENTRIES = 131071,
+ I40IW_MIN_CQ_SIZE = 1,
+ I40IW_MAX_CQ_SIZE = 1048575,
+- I40IW_MAX_AEQ_ALLOCATE_COUNT = 255,
+ I40IW_DB_ID_ZERO = 0,
+ I40IW_MAX_WQ_FRAGMENT_COUNT = 3,
+ I40IW_MAX_SGE_RD = 1,
diff --git a/patches.drivers/i40iw-Selectively-teardown-QPs-on-IP-addr-change-eve.patch b/patches.drivers/i40iw-Selectively-teardown-QPs-on-IP-addr-change-eve.patch
new file mode 100644
index 0000000000..f1470767fb
--- /dev/null
+++ b/patches.drivers/i40iw-Selectively-teardown-QPs-on-IP-addr-change-eve.patch
@@ -0,0 +1,112 @@
+From: Shiraz Saleem <shiraz.saleem@intel.com>
+Date: Fri, 22 Dec 2017 09:46:58 -0600
+Subject: i40iw: Selectively teardown QPs on IP addr change event
+Patch-mainline: v4.16-rc1
+Git-commit: 3020f252c3aa7bd59c5df38671f1ef13a0426e40
+References: bsc#1024376 FATE#321249
+
+On IP address change event, all connected QPs are torn down
+irrespective of whether IP address is involved in a connection.
+
+Only teardown connections those source or destination address
+matches the netdev interface IP address being changed, and if
+they are on the same VLAN as the netdev.
+
+Fixes: e5e74b61b165 ("i40iw: Add IP addr handling on netdev events")
+Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/i40iw/i40iw_cm.c | 28 ++++++++++++++++++++--------
+ drivers/infiniband/hw/i40iw/i40iw_cm.h | 4 +++-
+ drivers/infiniband/hw/i40iw/i40iw_main.c | 2 +-
+ 3 files changed, 24 insertions(+), 10 deletions(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw_cm.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_cm.c
+@@ -4251,10 +4251,16 @@ set_qhash:
+ }
+
+ /**
+- * i40iw_cm_disconnect_all - disconnect all connected qp's
++ * i40iw_cm_teardown_connections - teardown QPs
+ * @iwdev: device pointer
++ * @ipaddr: Pointer to IPv4 or IPv6 address
++ * @ipv4: flag indicating IPv4 when true
++ * @disconnect_all: flag indicating disconnect all QPs
++ * teardown QPs where source or destination addr matches ip addr
+ */
+-void i40iw_cm_disconnect_all(struct i40iw_device *iwdev)
++void i40iw_cm_teardown_connections(struct i40iw_device *iwdev, u32 *ipaddr,
++ struct i40iw_cm_info *nfo,
++ bool disconnect_all)
+ {
+ struct i40iw_cm_core *cm_core = &iwdev->cm_core;
+ struct list_head *list_core_temp;
+@@ -4268,8 +4274,13 @@ void i40iw_cm_disconnect_all(struct i40i
+ spin_lock_irqsave(&cm_core->ht_lock, flags);
+ list_for_each_safe(list_node, list_core_temp, &cm_core->connected_nodes) {
+ cm_node = container_of(list_node, struct i40iw_cm_node, list);
+- atomic_inc(&cm_node->ref_count);
+- list_add(&cm_node->connected_entry, &connected_list);
++ if (disconnect_all ||
++ (nfo->vlan_id == cm_node->vlan_id &&
++ (!memcmp(cm_node->loc_addr, ipaddr, nfo->ipv4 ? 4 : 16) ||
++ !memcmp(cm_node->rem_addr, ipaddr, nfo->ipv4 ? 4 : 16)))) {
++ atomic_inc(&cm_node->ref_count);
++ list_add(&cm_node->connected_entry, &connected_list);
++ }
+ }
+ spin_unlock_irqrestore(&cm_core->ht_lock, flags);
+
+@@ -4301,6 +4312,9 @@ void i40iw_if_notify(struct i40iw_device
+ enum i40iw_quad_hash_manage_type op =
+ ifup ? I40IW_QHASH_MANAGE_TYPE_ADD : I40IW_QHASH_MANAGE_TYPE_DELETE;
+
++ nfo.vlan_id = vlan_id;
++ nfo.ipv4 = ipv4;
++
+ /* Disable or enable qhash for listeners */
+ spin_lock_irqsave(&cm_core->listen_list_lock, flags);
+ list_for_each_entry(listen_node, &cm_core->listen_nodes, list) {
+@@ -4310,8 +4324,6 @@ void i40iw_if_notify(struct i40iw_device
+ memcpy(nfo.loc_addr, listen_node->loc_addr,
+ sizeof(nfo.loc_addr));
+ nfo.loc_port = listen_node->loc_port;
+- nfo.ipv4 = listen_node->ipv4;
+- nfo.vlan_id = listen_node->vlan_id;
+ nfo.user_pri = listen_node->user_pri;
+ if (!list_empty(&listen_node->child_listen_list)) {
+ i40iw_qhash_ctrl(iwdev,
+@@ -4333,7 +4345,7 @@ void i40iw_if_notify(struct i40iw_device
+ }
+ spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
+
+- /* disconnect any connected qp's on ifdown */
++ /* teardown connected qp's on ifdown */
+ if (!ifup)
+- i40iw_cm_disconnect_all(iwdev);
++ i40iw_cm_teardown_connections(iwdev, ipaddr, &nfo, false);
+ }
+--- a/drivers/infiniband/hw/i40iw/i40iw_cm.h
++++ b/drivers/infiniband/hw/i40iw/i40iw_cm.h
+@@ -450,5 +450,7 @@ int i40iw_arp_table(struct i40iw_device
+
+ void i40iw_if_notify(struct i40iw_device *iwdev, struct net_device *netdev,
+ u32 *ipaddr, bool ipv4, bool ifup);
+-void i40iw_cm_disconnect_all(struct i40iw_device *iwdev);
++void i40iw_cm_teardown_connections(struct i40iw_device *iwdev, u32 *ipaddr,
++ struct i40iw_cm_info *nfo,
++ bool disconnect_all);
+ #endif /* I40IW_CM_H */
+--- a/drivers/infiniband/hw/i40iw/i40iw_main.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
+@@ -1783,7 +1783,7 @@ static void i40iw_close(struct i40e_info
+ iwdev = &hdl->device;
+ iwdev->closing = true;
+
+- i40iw_cm_disconnect_all(iwdev);
++ i40iw_cm_teardown_connections(iwdev, NULL, NULL, true);
+ destroy_workqueue(iwdev->virtchnl_wq);
+ i40iw_deinit_device(iwdev, reset);
+ }
diff --git a/patches.drivers/i40iw-Validate-correct-IRD-ORD-connection-parameters.patch b/patches.drivers/i40iw-Validate-correct-IRD-ORD-connection-parameters.patch
new file mode 100644
index 0000000000..d4a6497bb2
--- /dev/null
+++ b/patches.drivers/i40iw-Validate-correct-IRD-ORD-connection-parameters.patch
@@ -0,0 +1,43 @@
+From: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
+Date: Fri, 22 Dec 2017 09:47:01 -0600
+Subject: i40iw: Validate correct IRD/ORD connection parameters
+Patch-mainline: v4.16-rc1
+Git-commit: ce9ce74145aa6814a370a9ff4f5a1d719baaced1
+References: bsc#969476 FATE#319648 bsc#969477 FATE#319816
+
+Casting to u16 before validating IRD/ORD connection
+parameters could cause recording wrong IRD/ORD values
+in the cm_node. Validate the IRD/ORD parameters as
+they are passed by the application before recording
+them.
+
+Fixes: f27b4746f378 ("i40iw: add connection management code")
+Signed-off-by: Tatyana Nikolova <tatyana.e.nikolova@intel.com>
+Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/i40iw/i40iw_cm.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/infiniband/hw/i40iw/i40iw_cm.c
++++ b/drivers/infiniband/hw/i40iw/i40iw_cm.c
+@@ -125,7 +125,8 @@ static u8 i40iw_derive_hw_ird_setting(u1
+ * @conn_ird: connection IRD
+ * @conn_ord: connection ORD
+ */
+-static void i40iw_record_ird_ord(struct i40iw_cm_node *cm_node, u16 conn_ird, u16 conn_ord)
++static void i40iw_record_ird_ord(struct i40iw_cm_node *cm_node, u32 conn_ird,
++ u32 conn_ord)
+ {
+ if (conn_ird > I40IW_MAX_IRD_SIZE)
+ conn_ird = I40IW_MAX_IRD_SIZE;
+@@ -3842,7 +3843,7 @@ int i40iw_connect(struct iw_cm_id *cm_id
+ goto err_out;
+ }
+
+- i40iw_record_ird_ord(cm_node, (u16)conn_param->ird, (u16)conn_param->ord);
++ i40iw_record_ird_ord(cm_node, conn_param->ird, conn_param->ord);
+ if (cm_node->send_rdma0_op == SEND_RDMA_READ_ZERO &&
+ !cm_node->ord_size)
+ cm_node->ord_size = 1;
diff --git a/patches.drivers/ibmvnic-Allocate-and-request-vpd-in-init_resources.patch b/patches.drivers/ibmvnic-Allocate-and-request-vpd-in-init_resources.patch
new file mode 100644
index 0000000000..9ff88b6235
--- /dev/null
+++ b/patches.drivers/ibmvnic-Allocate-and-request-vpd-in-init_resources.patch
@@ -0,0 +1,49 @@
+From ee1e4f6c4524b5693dcc6e84cfa8c1da6f4fc51c Mon Sep 17 00:00:00 2001
+From: John Allen <jallen@linux.vnet.ibm.com>
+Date: Mon, 22 Jan 2018 15:43:31 +0100
+Subject: [PATCH] ibmvnic: Allocate and request vpd in init_resources
+
+References: bsc#1076872
+Patch-mainline: v4.15 or v4.15-rc10 (next release)
+Git-commit: 69d08dcbbe34347cbc044629cf6f25d062593dfe
+
+If we request an unsupported mtu value, the vnic server will suggest a
+different value. Currently we take the suggested value without question
+and login with that value. However, the behavior doesn't seem completely
+sane as attempting to change the mtu to some specific value will change
+the mtu to some completely different value most of the time. This patch
+fixes the issue by logging in with the previously used mtu value and
+printing an error message saying that the given mtu is unsupported.
+
+Signed-off-by: John Allen <jallen@linux.vnet.ibm.com>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 1bd3a5edc982..431bcea4f837 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -3625,7 +3625,17 @@ static void handle_request_cap_rsp(union ibmvnic_crq *crq,
+ *req_value,
+ (long int)be64_to_cpu(crq->request_capability_rsp.
+ number), name);
+- *req_value = be64_to_cpu(crq->request_capability_rsp.number);
++
++ if (be16_to_cpu(crq->request_capability_rsp.capability) ==
++ REQ_MTU) {
++ pr_err("mtu of %llu is not supported. Reverting.\n",
++ *req_value);
++ *req_value = adapter->fallback.mtu;
++ } else {
++ *req_value =
++ be64_to_cpu(crq->request_capability_rsp.number);
++ }
++
+ ibmvnic_send_req_caps(adapter, 1);
+ return;
+ default:
+--
+2.13.6
+
diff --git a/patches.drivers/ibmvnic-Don-t-handle-RX-interrupts-when-not-up.patch b/patches.drivers/ibmvnic-Don-t-handle-RX-interrupts-when-not-up.patch
index 8fab3d1199..fd5cc965c5 100644
--- a/patches.drivers/ibmvnic-Don-t-handle-RX-interrupts-when-not-up.patch
+++ b/patches.drivers/ibmvnic-Don-t-handle-RX-interrupts-when-not-up.patch
@@ -4,8 +4,7 @@ Date: Wed, 10 Jan 2018 10:40:09 -0600
Subject: [PATCH] ibmvnic: Don't handle RX interrupts when not up.
References: bsc#1075066
-Patch-mainline: queued
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
+Patch-mainline: v4.16-rc1
Git-commit: 09fb35ead58cd557aa9b20576d15816bc91a4deb
Initiating a kdump via the command line can cause a pending interrupt
diff --git a/patches.drivers/ibmvnic-Fix-IP-offload-control-buffer.patch b/patches.drivers/ibmvnic-Fix-IP-offload-control-buffer.patch
new file mode 100644
index 0000000000..ed252199d2
--- /dev/null
+++ b/patches.drivers/ibmvnic-Fix-IP-offload-control-buffer.patch
@@ -0,0 +1,40 @@
+From f68979433deaa8a8a8b6396f944a0928a35713dc Mon Sep 17 00:00:00 2001
+From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
+Date: Thu, 18 Jan 2018 19:05:01 -0600
+Subject: [PATCH] ibmvnic: Fix IP offload control buffer
+
+References: bsc#1076899
+Patch-mainline: v4.15-rc9
+Git-commit: f68979433deaa8a8a8b6396f944a0928a35713dc
+
+Set some missing fields in the IP control offload buffer. This buffer is
+used to enable checksum and TCP segmentation offload in the VNIC server.
+The buffer length field and the checksum offloading bits were not set
+properly, so fix that here.
+
+Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 4b3df17c7a45..0a3a844f6473 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -3346,7 +3346,11 @@ static void handle_query_ip_offload_rsp(struct ibmvnic_adapter *adapter)
+ return;
+ }
+
++ adapter->ip_offload_ctrl.len =
++ cpu_to_be32(sizeof(adapter->ip_offload_ctrl));
+ adapter->ip_offload_ctrl.version = cpu_to_be32(INITIAL_VERSION_IOB);
++ adapter->ip_offload_ctrl.ipv4_chksum = buf->ipv4_chksum;
++ adapter->ip_offload_ctrl.ipv6_chksum = buf->ipv6_chksum;
+ adapter->ip_offload_ctrl.tcp_ipv4_chksum = buf->tcp_ipv4_chksum;
+ adapter->ip_offload_ctrl.udp_ipv4_chksum = buf->udp_ipv4_chksum;
+ adapter->ip_offload_ctrl.tcp_ipv6_chksum = buf->tcp_ipv6_chksum;
+--
+2.13.6
+
diff --git a/patches.drivers/ibmvnic-Fix-IPv6-packet-descriptors.patch b/patches.drivers/ibmvnic-Fix-IPv6-packet-descriptors.patch
new file mode 100644
index 0000000000..e8f9280ddf
--- /dev/null
+++ b/patches.drivers/ibmvnic-Fix-IPv6-packet-descriptors.patch
@@ -0,0 +1,62 @@
+From a0dca10fce42ae82651edbe682b1c637a8ecd365 Mon Sep 17 00:00:00 2001
+From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
+Date: Thu, 18 Jan 2018 19:29:48 -0600
+Subject: [PATCH] ibmvnic: Fix IPv6 packet descriptors
+
+References: bsc#1076899
+Patch-mainline: v4.15-rc9
+Git-commit: a0dca10fce42ae82651edbe682b1c637a8ecd365
+
+Packet descriptor generation for IPv6 is broken.
+Properly set L3 and L4 protocol flags for IPv6 descriptors.
+
+Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 0a3a844f6473..ab2e1917cd04 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1276,6 +1276,7 @@ static int ibmvnic_xmit(struct sk_buff *skb, struct net_device *netdev)
+ unsigned char *dst;
+ u64 *handle_array;
+ int index = 0;
++ u8 proto = 0;
+ int ret = 0;
+
+ if (adapter->resetting) {
+@@ -1364,17 +1365,18 @@ static int ibmvnic_xmit(struct sk_buff *skb, struct net_device *netdev)
+ }
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+- if (ip_hdr(skb)->version == 4)
+- tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV4;
+- else if (ip_hdr(skb)->version == 6)
+- tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV6;
+-
+- if (ip_hdr(skb)->protocol == IPPROTO_TCP)
+- tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_TCP;
+- else if (ip_hdr(skb)->protocol != IPPROTO_TCP)
+- tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_UDP;
++ tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV4;
++ proto = ip_hdr(skb)->protocol;
++ } else if (skb->protocol == htons(ETH_P_IPV6)) {
++ tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV6;
++ proto = ipv6_hdr(skb)->nexthdr;
+ }
+
++ if (proto == IPPROTO_TCP)
++ tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_TCP;
++ else if (proto == IPPROTO_UDP)
++ tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_UDP;
++
+ if (skb->ip_summed == CHECKSUM_PARTIAL) {
+ tx_crq.v1.flags1 |= IBMVNIC_TX_CHKSUM_OFFLOAD;
+ hdrs += 2;
+--
+2.13.6
+
diff --git a/patches.drivers/ibmvnic-Fix-pending-MAC-address-changes.patch b/patches.drivers/ibmvnic-Fix-pending-MAC-address-changes.patch
index f0740d24f4..009b5e9e31 100644
--- a/patches.drivers/ibmvnic-Fix-pending-MAC-address-changes.patch
+++ b/patches.drivers/ibmvnic-Fix-pending-MAC-address-changes.patch
@@ -4,8 +4,7 @@ Date: Thu, 11 Jan 2018 17:54:40 +0100
Subject: [PATCH] ibmvnic: Fix pending MAC address changes
References: bsc#1075627
-Patch-mainline: queued
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
+Patch-mainline: v4.15-rc9
Git-commit: 3d1661304f0b2b51a8a43785b764822611dbdd53
Due to architecture limitations, the IBM VNIC client driver is unable
diff --git a/patches.drivers/ibmvnic-Include-header-descriptor-support-for-ARP-pa.patch b/patches.drivers/ibmvnic-Include-header-descriptor-support-for-ARP-pa.patch
index 5350ce9640..a88b4688ed 100644
--- a/patches.drivers/ibmvnic-Include-header-descriptor-support-for-ARP-pa.patch
+++ b/patches.drivers/ibmvnic-Include-header-descriptor-support-for-ARP-pa.patch
@@ -4,8 +4,7 @@ Date: Mon, 18 Dec 2017 12:52:40 -0600
Subject: [PATCH] ibmvnic: Include header descriptor support for ARP packets
References: bsc#1073912
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
-Patch-mainline: queued
+Patch-mainline: v4.16-rc1
Git-commit: 4eb50ceb5c156a166c0b00ac27f0ff3a0943cdfb
In recent tests with new adapters, it was discovered that ARP
diff --git a/patches.drivers/ibmvnic-Increase-maximum-number-of-RX-TX-queues.patch b/patches.drivers/ibmvnic-Increase-maximum-number-of-RX-TX-queues.patch
index 137ba5ac3b..c47bb34c7f 100644
--- a/patches.drivers/ibmvnic-Increase-maximum-number-of-RX-TX-queues.patch
+++ b/patches.drivers/ibmvnic-Increase-maximum-number-of-RX-TX-queues.patch
@@ -4,8 +4,7 @@ Date: Mon, 18 Dec 2017 12:52:12 -0600
Subject: [PATCH] ibmvnic: Increase maximum number of RX/TX queues
References: bsc#1073912
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
-Patch-mainline: queued
+Patch-mainline: v4.16-rc1
Git-commit: 269431e737d29da0f496b60188a580822d290a37
Increase the number of queues allocated to accommodate recent
diff --git a/patches.drivers/ibmvnic-Modify-buffer-size-and-number-of-queues-on-f.patch b/patches.drivers/ibmvnic-Modify-buffer-size-and-number-of-queues-on-f.patch
new file mode 100644
index 0000000000..bf47ab81cf
--- /dev/null
+++ b/patches.drivers/ibmvnic-Modify-buffer-size-and-number-of-queues-on-f.patch
@@ -0,0 +1,73 @@
+From e85f997e1c0c212eb9916b0efc39c475545d169d Mon Sep 17 00:00:00 2001
+From: John Allen <jallen@linux.vnet.ibm.com>
+Date: Mon, 22 Jan 2018 15:43:30 +0100
+Subject: [PATCH] ibmvnic: Modify buffer size and number of queues on failover
+
+References: bsc#1076872
+Patch-mainline: v4.15 or v4.15-rc10 (next release)
+Git-commit: 896d86959fee58113fc510c70cd8d10e82aa3e6a
+
+In reset events in which our memory allocations need to be reallocated,
+VPD data is being freed, but never reallocated. This can cause issues if
+we later attempt to access that memory or reset and attempt to free the
+memory. This patch moves the allocation of the VPD data to init_resources
+so that it will be symmetrically freed during release resources.
+
+Signed-off-by: John Allen <jallen@linux.vnet.ibm.com>
+Reviewed-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 2232d4d15f4f..105fdde1c0ec 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -861,7 +861,7 @@ static int ibmvnic_get_vpd(struct ibmvnic_adapter *adapter)
+ if (adapter->vpd->buff)
+ len = adapter->vpd->len;
+
+- reinit_completion(&adapter->fw_done);
++ init_completion(&adapter->fw_done);
+ crq.get_vpd_size.first = IBMVNIC_CRQ_CMD;
+ crq.get_vpd_size.cmd = GET_VPD_SIZE;
+ ibmvnic_send_crq(adapter, &crq);
+@@ -923,6 +923,13 @@ static int init_resources(struct ibmvnic_adapter *adapter)
+ if (!adapter->vpd)
+ return -ENOMEM;
+
++ /* Vital Product Data (VPD) */
++ rc = ibmvnic_get_vpd(adapter);
++ if (rc) {
++ netdev_err(netdev, "failed to initialize Vital Product Data (VPD)\n");
++ return rc;
++ }
++
+ adapter->map_id = 1;
+ adapter->napi = kcalloc(adapter->req_rx_queues,
+ sizeof(struct napi_struct), GFP_KERNEL);
+@@ -996,7 +1003,7 @@ static int __ibmvnic_open(struct net_device *netdev)
+ static int ibmvnic_open(struct net_device *netdev)
+ {
+ struct ibmvnic_adapter *adapter = netdev_priv(netdev);
+- int rc, vpd;
++ int rc;
+
+ mutex_lock(&adapter->reset_lock);
+
+@@ -1019,11 +1026,6 @@ static int ibmvnic_open(struct net_device *netdev)
+ rc = __ibmvnic_open(netdev);
+ netif_carrier_on(netdev);
+
+- /* Vital Product Data (VPD) */
+- vpd = ibmvnic_get_vpd(adapter);
+- if (vpd)
+- netdev_err(netdev, "failed to initialize Vital Product Data (VPD)\n");
+-
+ mutex_unlock(&adapter->reset_lock);
+
+ return rc;
+--
+2.13.6
+
diff --git a/patches.drivers/ibmvnic-Rename-IBMVNIC_MAX_TX_QUEUES-to-IBMVNIC_MAX_.patch b/patches.drivers/ibmvnic-Rename-IBMVNIC_MAX_TX_QUEUES-to-IBMVNIC_MAX_.patch
index fe973cd4bd..97a00849e2 100644
--- a/patches.drivers/ibmvnic-Rename-IBMVNIC_MAX_TX_QUEUES-to-IBMVNIC_MAX_.patch
+++ b/patches.drivers/ibmvnic-Rename-IBMVNIC_MAX_TX_QUEUES-to-IBMVNIC_MAX_.patch
@@ -4,8 +4,7 @@ Date: Mon, 18 Dec 2017 12:52:11 -0600
Subject: [PATCH] ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES
References: bsc#1073912
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
-Patch-mainline: queued
+Patch-mainline: v4.16-rc1
Git-commit: d45cc3a43c43f867668bdd7ace12b1e6aa68bf46
This value denotes the maximum number of TX queues but is used
diff --git a/patches.drivers/ibmvnic-Revert-to-previous-mtu-when-unsupported-valu.patch b/patches.drivers/ibmvnic-Revert-to-previous-mtu-when-unsupported-valu.patch
new file mode 100644
index 0000000000..94679dc3d7
--- /dev/null
+++ b/patches.drivers/ibmvnic-Revert-to-previous-mtu-when-unsupported-valu.patch
@@ -0,0 +1,193 @@
+From 2ba4306c9cf716e4e74a31ef0f7de01cbbaaed13 Mon Sep 17 00:00:00 2001
+From: John Allen <jallen@linux.vnet.ibm.com>
+Date: Mon, 22 Jan 2018 15:43:30 +0100
+Subject: [PATCH] ibmvnic: Revert to previous mtu when unsupported value
+ requested
+
+References: bsc#1076872
+Patch-mainline: v4.15 or v4.15-rc10 (next release)
+Git-commit: e791380340685698dbdd38c7e3f3fcbf70a3c832
+
+Using newer backing devices can cause the required padding at the end of
+buffer as well as the number of queues to change after a failover.
+Since we currently assume that these values never change, after a
+failover to a backing device with different capabilities, we can get
+errors from the vnic server, attempt to free long term buffers that are
+no longer there, or not free long term buffers that should be freed.
+
+This patch resolves the issue by checking whether any of these values
+change, and if so perform the necessary re-allocations.
+
+Signed-off-by: John Allen <jallen@linux.vnet.ibm.com>
+Reviewed-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 45 ++++++++++++++++++++++++++++++++------
+ drivers/net/ethernet/ibm/ibmvnic.h | 2 ++
+ 2 files changed, 40 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 105fdde1c0ec..1bd3a5edc982 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -411,6 +411,10 @@ static int reset_rx_pools(struct ibmvnic_adapter *adapter)
+ struct ibmvnic_rx_pool *rx_pool;
+ int rx_scrqs;
+ int i, j, rc;
++ u64 *size_array;
++
++ size_array = (u64 *)((u8 *)(adapter->login_rsp_buf) +
++ be32_to_cpu(adapter->login_rsp_buf->off_rxadd_buff_size));
+
+ rx_scrqs = be32_to_cpu(adapter->login_rsp_buf->num_rxadd_subcrqs);
+ for (i = 0; i < rx_scrqs; i++) {
+@@ -418,7 +422,17 @@ static int reset_rx_pools(struct ibmvnic_adapter *adapter)
+
+ netdev_dbg(adapter->netdev, "Re-setting rx_pool[%d]\n", i);
+
+- rc = reset_long_term_buff(adapter, &rx_pool->long_term_buff);
++ if (rx_pool->buff_size != be64_to_cpu(size_array[i])) {
++ free_long_term_buff(adapter, &rx_pool->long_term_buff);
++ rx_pool->buff_size = be64_to_cpu(size_array[i]);
++ alloc_long_term_buff(adapter, &rx_pool->long_term_buff,
++ rx_pool->size *
++ rx_pool->buff_size);
++ } else {
++ rc = reset_long_term_buff(adapter,
++ &rx_pool->long_term_buff);
++ }
++
+ if (rc)
+ return rc;
+
+@@ -440,14 +454,12 @@ static int reset_rx_pools(struct ibmvnic_adapter *adapter)
+ static void release_rx_pools(struct ibmvnic_adapter *adapter)
+ {
+ struct ibmvnic_rx_pool *rx_pool;
+- int rx_scrqs;
+ int i, j;
+
+ if (!adapter->rx_pool)
+ return;
+
+- rx_scrqs = be32_to_cpu(adapter->login_rsp_buf->num_rxadd_subcrqs);
+- for (i = 0; i < rx_scrqs; i++) {
++ for (i = 0; i < adapter->num_active_rx_pools; i++) {
+ rx_pool = &adapter->rx_pool[i];
+
+ netdev_dbg(adapter->netdev, "Releasing rx_pool[%d]\n", i);
+@@ -470,6 +482,7 @@ static void release_rx_pools(struct ibmvnic_adapter *adapter)
+
+ kfree(adapter->rx_pool);
+ adapter->rx_pool = NULL;
++ adapter->num_active_rx_pools = 0;
+ }
+
+ static int init_rx_pools(struct net_device *netdev)
+@@ -494,6 +507,8 @@ static int init_rx_pools(struct net_device *netdev)
+ return -1;
+ }
+
++ adapter->num_active_rx_pools = 0;
++
+ for (i = 0; i < rxadd_subcrqs; i++) {
+ rx_pool = &adapter->rx_pool[i];
+
+@@ -537,6 +552,8 @@ static int init_rx_pools(struct net_device *netdev)
+ rx_pool->next_free = 0;
+ }
+
++ adapter->num_active_rx_pools = rxadd_subcrqs;
++
+ return 0;
+ }
+
+@@ -587,13 +604,12 @@ static void release_vpd_data(struct ibmvnic_adapter *adapter)
+ static void release_tx_pools(struct ibmvnic_adapter *adapter)
+ {
+ struct ibmvnic_tx_pool *tx_pool;
+- int i, tx_scrqs;
++ int i;
+
+ if (!adapter->tx_pool)
+ return;
+
+- tx_scrqs = be32_to_cpu(adapter->login_rsp_buf->num_txsubm_subcrqs);
+- for (i = 0; i < tx_scrqs; i++) {
++ for (i = 0; i < adapter->num_active_tx_pools; i++) {
+ netdev_dbg(adapter->netdev, "Releasing tx_pool[%d]\n", i);
+ tx_pool = &adapter->tx_pool[i];
+ kfree(tx_pool->tx_buff);
+@@ -604,6 +620,7 @@ static void release_tx_pools(struct ibmvnic_adapter *adapter)
+
+ kfree(adapter->tx_pool);
+ adapter->tx_pool = NULL;
++ adapter->num_active_tx_pools = 0;
+ }
+
+ static int init_tx_pools(struct net_device *netdev)
+@@ -620,6 +637,8 @@ static int init_tx_pools(struct net_device *netdev)
+ if (!adapter->tx_pool)
+ return -1;
+
++ adapter->num_active_tx_pools = 0;
++
+ for (i = 0; i < tx_subcrqs; i++) {
+ tx_pool = &adapter->tx_pool[i];
+
+@@ -667,6 +686,8 @@ static int init_tx_pools(struct net_device *netdev)
+ tx_pool->producer_index = 0;
+ }
+
++ adapter->num_active_tx_pools = tx_subcrqs;
++
+ return 0;
+ }
+
+@@ -1553,6 +1574,7 @@ static int ibmvnic_set_mac(struct net_device *netdev, void *p)
+ static int do_reset(struct ibmvnic_adapter *adapter,
+ struct ibmvnic_rwi *rwi, u32 reset_state)
+ {
++ u64 old_num_rx_queues, old_num_tx_queues;
+ struct net_device *netdev = adapter->netdev;
+ int i, rc;
+
+@@ -1562,6 +1584,9 @@ static int do_reset(struct ibmvnic_adapter *adapter,
+ netif_carrier_off(netdev);
+ adapter->reset_reason = rwi->reset_reason;
+
++ old_num_rx_queues = adapter->req_rx_queues;
++ old_num_tx_queues = adapter->req_tx_queues;
++
+ if (rwi->reset_reason == VNIC_RESET_MOBILITY) {
+ rc = ibmvnic_reenable_crq_queue(adapter);
+ if (rc)
+@@ -1606,6 +1631,12 @@ static int do_reset(struct ibmvnic_adapter *adapter,
+ rc = init_resources(adapter);
+ if (rc)
+ return rc;
++ } else if (adapter->req_rx_queues != old_num_rx_queues ||
++ adapter->req_tx_queues != old_num_tx_queues) {
++ release_rx_pools(adapter);
++ release_tx_pools(adapter);
++ init_rx_pools(netdev);
++ init_tx_pools(netdev);
+ } else {
+ rc = reset_tx_pools(adapter);
+ if (rc)
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.h b/drivers/net/ethernet/ibm/ibmvnic.h
+index 2df79fdd800b..fe21a6e2ddae 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.h
++++ b/drivers/net/ethernet/ibm/ibmvnic.h
+@@ -1091,6 +1091,8 @@ struct ibmvnic_adapter {
+ u64 opt_rxba_entries_per_subcrq;
+ __be64 tx_rx_desc_req;
+ u8 map_id;
++ u64 num_active_rx_pools;
++ u64 num_active_tx_pools;
+
+ struct tasklet_struct tasklet;
+ enum vnic_state state;
+--
+2.13.6
+
diff --git a/patches.drivers/ibmvnic-Wait-for-device-response-when-changing-MAC.patch b/patches.drivers/ibmvnic-Wait-for-device-response-when-changing-MAC.patch
new file mode 100644
index 0000000000..d3a858163d
--- /dev/null
+++ b/patches.drivers/ibmvnic-Wait-for-device-response-when-changing-MAC.patch
@@ -0,0 +1,103 @@
+From f813614f531114db796ad66ced75c5dc8db7aa3a Mon Sep 17 00:00:00 2001
+From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
+Date: Mon, 29 Jan 2018 13:45:05 -0600
+Subject: [PATCH] ibmvnic: Wait for device response when changing MAC
+
+References: bsc#1078681
+Patch-mainline: v4.16-rc1
+Git-commit: f813614f531114db796ad66ced75c5dc8db7aa3a
+
+Wait for a response from the VNIC server before exiting after setting
+the MAC address. The resolves an issue with bonding a VNIC client in
+ALB or TLB modes. The bonding driver was changing the MAC address more
+rapidly than the device could respond, causing the following errors.
+
+"bond0: the hw address of slave eth2 is in use by the bond;
+couldn't find a slave with a free hw address to give it
+(this should not have happened)"
+
+If the function waits until the change is finalized, these errors are
+avoided.
+
+Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 8f2a77ecf4fb..8c3058d5d191 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1548,15 +1548,19 @@ static int __ibmvnic_set_mac(struct net_device *netdev, struct sockaddr *p)
+ crq.change_mac_addr.first = IBMVNIC_CRQ_CMD;
+ crq.change_mac_addr.cmd = CHANGE_MAC_ADDR;
+ ether_addr_copy(&crq.change_mac_addr.mac_addr[0], addr->sa_data);
++
++ init_completion(&adapter->fw_done);
+ ibmvnic_send_crq(adapter, &crq);
++ wait_for_completion(&adapter->fw_done);
+ /* netdev->dev_addr is changed in handle_change_mac_rsp function */
+- return 0;
++ return adapter->fw_done_rc ? -EIO : 0;
+ }
+
+ static int ibmvnic_set_mac(struct net_device *netdev, void *p)
+ {
+ struct ibmvnic_adapter *adapter = netdev_priv(netdev);
+ struct sockaddr *addr = p;
++ int rc;
+
+ if (adapter->state == VNIC_PROBED) {
+ memcpy(&adapter->desired.mac, addr, sizeof(struct sockaddr));
+@@ -1564,9 +1568,9 @@ static int ibmvnic_set_mac(struct net_device *netdev, void *p)
+ return 0;
+ }
+
+- __ibmvnic_set_mac(netdev, addr);
++ rc = __ibmvnic_set_mac(netdev, addr);
+
+- return 0;
++ return rc;
+ }
+
+ /**
+@@ -3569,8 +3573,8 @@ static void handle_error_indication(union ibmvnic_crq *crq,
+ ibmvnic_reset(adapter, VNIC_RESET_NON_FATAL);
+ }
+
+-static void handle_change_mac_rsp(union ibmvnic_crq *crq,
+- struct ibmvnic_adapter *adapter)
++static int handle_change_mac_rsp(union ibmvnic_crq *crq,
++ struct ibmvnic_adapter *adapter)
+ {
+ struct net_device *netdev = adapter->netdev;
+ struct device *dev = &adapter->vdev->dev;
+@@ -3579,10 +3583,13 @@ static void handle_change_mac_rsp(union ibmvnic_crq *crq,
+ rc = crq->change_mac_addr_rsp.rc.code;
+ if (rc) {
+ dev_err(dev, "Error %ld in CHANGE_MAC_ADDR_RSP\n", rc);
+- return;
++ goto out;
+ }
+ memcpy(netdev->dev_addr, &crq->change_mac_addr_rsp.mac_addr[0],
+ ETH_ALEN);
++out:
++ complete(&adapter->fw_done);
++ return rc;
+ }
+
+ static void handle_request_cap_rsp(union ibmvnic_crq *crq,
+@@ -4042,7 +4049,7 @@ static void ibmvnic_handle_crq(union ibmvnic_crq *crq,
+ break;
+ case CHANGE_MAC_ADDR_RSP:
+ netdev_dbg(netdev, "Got MAC address change Response\n");
+- handle_change_mac_rsp(crq, adapter);
++ adapter->fw_done_rc = handle_change_mac_rsp(crq, adapter);
+ break;
+ case ERROR_INDICATION:
+ netdev_dbg(netdev, "Got Error Indication\n");
+--
+2.13.6
+
diff --git a/patches.drivers/ibmvnic-fix-firmware-version-when-no-firmware-level-.patch b/patches.drivers/ibmvnic-fix-firmware-version-when-no-firmware-level-.patch
new file mode 100644
index 0000000000..b8019d345a
--- /dev/null
+++ b/patches.drivers/ibmvnic-fix-firmware-version-when-no-firmware-level-.patch
@@ -0,0 +1,44 @@
+From a107311d7fdf6b826f3737c4a90fd0e0046e7a3a Mon Sep 17 00:00:00 2001
+From: Desnes Augusto Nunes do Rosario <desnesn@linux.vnet.ibm.com>
+Date: Thu, 1 Feb 2018 16:04:30 -0200
+Subject: [PATCH] ibmvnic: fix firmware version when no firmware level has been
+ provided by the VIOS server
+
+References: bsc#1079038
+Patch-mainline: v4.16-rc1
+Git-commit: a107311d7fdf6b826f3737c4a90fd0e0046e7a3a
+
+Older versions of VIOS servers do not send the firmware level in the VPD
+buffer for the ibmvnic driver. Thus, not only the current message is mis-
+leading but the firmware version in the ethtool will be NULL. Therefore,
+this patch fixes the firmware string and its warning.
+
+Fixes: 4e6759be28e4 ("ibmvnic: Feature implementation of VPD for the ibmvnic driver")
+Signed-off-by: Desnes A. Nunes do Rosario <desnesn@linux.vnet.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 8c3058d5d191..7f0bea2104ab 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -3305,7 +3305,11 @@ static void handle_vpd_rsp(union ibmvnic_crq *crq,
+ */
+ substr = strnstr(adapter->vpd->buff, "RM", adapter->vpd->len);
+ if (!substr) {
+- dev_info(dev, "No FW level provided by VPD\n");
++ dev_info(dev, "Warning - No FW level has been provided in the VPD buffer by the VIOS Server\n");
++ ptr = strncpy((char *)adapter->fw_version, "N/A",
++ 3 * sizeof(char));
++ if (!ptr)
++ dev_err(dev, "Failed to inform that firmware version is unavailable to the adapter\n");
+ goto complete;
+ }
+
+--
+2.13.6
+
diff --git a/patches.drivers/intel_idle-Use-intel-family-macros.patch b/patches.drivers/intel_idle-Use-intel-family-macros.patch
index ae9a64a544..67876a34c2 100644
--- a/patches.drivers/intel_idle-Use-intel-family-macros.patch
+++ b/patches.drivers/intel_idle-Use-intel-family-macros.patch
@@ -87,7 +87,7 @@ Signed-off-by: Ingo Molnar <mingo@kernel.org>
- ICPU(0x5c, idle_cpu_bxt),
+ ICPU(INTEL_FAM6_NEHALEM_EP, idle_cpu_nehalem),
+ ICPU(INTEL_FAM6_NEHALEM, idle_cpu_nehalem),
-+ ICPU(INTEL_FAM6_NEHALEM_G, idle_cpu_nehalem),
++ ICPU(INTEL_FAM6_WESTMERE2, idle_cpu_nehalem),
+ ICPU(INTEL_FAM6_WESTMERE, idle_cpu_nehalem),
+ ICPU(INTEL_FAM6_WESTMERE_EP, idle_cpu_nehalem),
+ ICPU(INTEL_FAM6_NEHALEM_EX, idle_cpu_nehalem),
diff --git a/patches.drivers/mm-dax-dax-pmd-vs-thp-pmd-vs-hugetlbfs-pmd.patch b/patches.drivers/mm-dax-dax-pmd-vs-thp-pmd-vs-hugetlbfs-pmd.patch
index 0222796ee3..64972e57e8 100644
--- a/patches.drivers/mm-dax-dax-pmd-vs-thp-pmd-vs-hugetlbfs-pmd.patch
+++ b/patches.drivers/mm-dax-dax-pmd-vs-thp-pmd-vs-hugetlbfs-pmd.patch
@@ -37,7 +37,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
-@@ -172,13 +172,20 @@ static inline int pmd_trans_splitting(pm
+@@ -186,13 +186,20 @@ static inline int pmd_trans_splitting(pm
static inline int pmd_trans_huge(pmd_t pmd)
{
@@ -61,7 +61,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
static inline pte_t pte_set_flags(pte_t pte, pteval_t set)
--- a/include/linux/huge_mm.h
+++ b/include/linux/huge_mm.h
-@@ -100,7 +100,8 @@ extern void __split_huge_page_pmd(struct
+@@ -101,7 +101,8 @@ extern void __split_huge_page_pmd(struct
#define split_huge_page_pmd(__vma, __address, __pmd) \
do { \
pmd_t *____pmd = (__pmd); \
@@ -71,7 +71,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
__split_huge_page_pmd(__vma, __address, \
____pmd); \
} while (0)
-@@ -130,7 +131,7 @@ static inline int pmd_trans_huge_lock(pm
+@@ -131,7 +132,7 @@ static inline int pmd_trans_huge_lock(pm
spinlock_t **ptl)
{
VM_BUG_ON_VMA(!rwsem_is_locked(&vma->vm_mm->mmap_sem), vma);
@@ -82,7 +82,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
return 0;
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
-@@ -319,6 +319,13 @@ struct inode;
+@@ -340,6 +340,13 @@ struct inode;
#define page_private(page) ((page)->private)
#define set_page_private(page, v) ((page)->private = (v))
@@ -135,7 +135,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
ret = 0;
out_unlock:
-@@ -1631,7 +1634,7 @@ int __pmd_trans_huge_lock(pmd_t *pmd, st
+@@ -1675,7 +1678,7 @@ int __pmd_trans_huge_lock(pmd_t *pmd, st
spinlock_t **ptl)
{
*ptl = pmd_lock(vma->vm_mm, pmd);
@@ -144,7 +144,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
if (unlikely(pmd_trans_splitting(*pmd))) {
spin_unlock(*ptl);
wait_split_huge_page(vma->anon_vma, pmd);
-@@ -3006,7 +3009,7 @@ void __split_huge_page_pmd(struct vm_are
+@@ -3046,7 +3049,7 @@ void __split_huge_page_pmd(struct vm_are
again:
mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
ptl = pmd_lock(mm, pmd);
@@ -153,7 +153,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
goto unlock;
if (vma_is_dax(vma)) {
pmd_t _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd);
-@@ -3066,7 +3069,7 @@ static void split_huge_page_address(stru
+@@ -3106,7 +3109,7 @@ static void split_huge_page_address(stru
return;
pmd = pmd_offset(pud, address);
@@ -164,7 +164,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
* Caller holds the mmap_sem write mode, so a huge pmd cannot
--- a/mm/memory.c
+++ b/mm/memory.c
-@@ -956,7 +956,7 @@ static inline int copy_pmd_range(struct
+@@ -997,7 +997,7 @@ static inline int copy_pmd_range(struct
src_pmd = pmd_offset(src_pud, addr);
do {
next = pmd_addr_end(addr, end);
@@ -173,7 +173,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
int err;
VM_BUG_ON(next-addr != HPAGE_PMD_SIZE);
err = copy_huge_pmd(dst_mm, src_mm,
-@@ -1183,7 +1183,7 @@ static inline unsigned long zap_pmd_rang
+@@ -1225,7 +1225,7 @@ static inline unsigned long zap_pmd_rang
pmd = pmd_offset(pud, addr);
do {
next = pmd_addr_end(addr, end);
@@ -182,7 +182,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
if (next - addr != HPAGE_PMD_SIZE) {
#ifdef CONFIG_DEBUG_VM
if (!rwsem_is_locked(&tlb->mm->mmap_sem)) {
-@@ -3374,7 +3374,7 @@ static int __handle_mm_fault(struct mm_s
+@@ -3378,7 +3378,7 @@ static int __handle_mm_fault(struct mm_s
int ret;
barrier();
@@ -191,7 +191,7 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
unsigned int dirty = flags & FAULT_FLAG_WRITE;
/*
-@@ -3421,7 +3421,7 @@ static int __handle_mm_fault(struct mm_s
+@@ -3425,7 +3425,7 @@ static int __handle_mm_fault(struct mm_s
* through an atomic read in C, which is what pmd_trans_unstable()
* provides.
*/
@@ -202,17 +202,17 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
* A regular pmd is established and it can't morph into a huge pmd
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
-@@ -149,7 +149,8 @@ static inline unsigned long change_pmd_r
+@@ -166,7 +166,8 @@ static inline unsigned long change_pmd_r
unsigned long this_pages;
next = pmd_addr_end(addr, end);
- if (!pmd_trans_huge(*pmd) && pmd_none_or_clear_bad(pmd))
+ if (!pmd_trans_huge(*pmd) && !pmd_devmap(*pmd)
+ && pmd_none_or_clear_bad(pmd))
- continue;
+ goto next;
/* invoke the mmu notifier if the pmd is populated */
-@@ -158,7 +159,7 @@ static inline unsigned long change_pmd_r
+@@ -175,7 +176,7 @@ static inline unsigned long change_pmd_r
mmu_notifier_invalidate_range_start(mm, mni_start, end);
}
@@ -232,4 +232,3 @@ Acked-by: Jeff Mahoney <jeffm@suse.com>
pmd = pmdp_huge_get_and_clear(vma->vm_mm, address, pmdp);
flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
return pmd;
-
diff --git a/patches.drivers/net-mlx5e-Fix-fixpoint-divide-exception-in-mlx5e_am_.patch b/patches.drivers/net-mlx5e-Fix-fixpoint-divide-exception-in-mlx5e_am_.patch
new file mode 100644
index 0000000000..3edb820e76
--- /dev/null
+++ b/patches.drivers/net-mlx5e-Fix-fixpoint-divide-exception-in-mlx5e_am_.patch
@@ -0,0 +1,44 @@
+From: Talat Batheesh <talatb@mellanox.com>
+Date: Sun, 21 Jan 2018 05:30:42 +0200
+Subject: net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
+Patch-mainline: v4.15
+Git-commit: e58edaa4863583b54409444f11b4f80dff0af1cd
+References: bsc#1015342
+
+Helmut reported a bug about division by zero while
+running traffic and doing physical cable pull test.
+
+When the cable unplugged the ppms become zero, so when
+dividing the current ppms by the previous ppms in the
+next dim iteration there is division by zero.
+
+This patch prevent this division for both ppms and epms.
+
+Fixes: c3164d2fc48f ("net/mlx5e: Added BW check for DIM decision mechanism")
+Reported-by: Helmut Grauer <helmut.grauer@de.ibm.com>
+Signed-off-by: Talat Batheesh <talatb@mellanox.com>
+Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/net/ethernet/mellanox/mlx5/core/en_rx_am.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx_am.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx_am.c
+@@ -197,9 +197,15 @@ static int mlx5e_am_stats_compare(struct
+ return (curr->bpms > prev->bpms) ? MLX5E_AM_STATS_BETTER :
+ MLX5E_AM_STATS_WORSE;
+
++ if (!prev->ppms)
++ return curr->ppms ? MLX5E_AM_STATS_BETTER :
++ MLX5E_AM_STATS_SAME;
++
+ if (IS_SIGNIFICANT_DIFF(curr->ppms, prev->ppms))
+ return (curr->ppms > prev->ppms) ? MLX5E_AM_STATS_BETTER :
+ MLX5E_AM_STATS_WORSE;
++ if (!prev->epms)
++ return MLX5E_AM_STATS_SAME;
+
+ if (IS_SIGNIFICANT_DIFF(curr->epms, prev->epms))
+ return (curr->epms < prev->epms) ? MLX5E_AM_STATS_BETTER :
diff --git a/patches.drivers/nvme-fc-merge-error-on-sles12sp3-for-reset_work.patch b/patches.drivers/nvme-fc-merge-error-on-sles12sp3-for-reset_work.patch
new file mode 100644
index 0000000000..19e6ba2784
--- /dev/null
+++ b/patches.drivers/nvme-fc-merge-error-on-sles12sp3-for-reset_work.patch
@@ -0,0 +1,46 @@
+From 3d5223d10dcddfceab673ae07ccd9936a54534f6 Mon Sep 17 00:00:00 2001
+From: James Smart <jsmart2021@gmail.com>
+Date: Fri, 2 Feb 2018 15:34:42 -0800
+Subject: nvme-fc: merge error on sles12sp3 for reset_work
+References: bsc#1079195
+Patch-mainline: Never, SLE12-SP3 specific
+
+When the upstream patches were converted to sles12sp3, which does
+not have the "commonized" reset path, the conversion only schedules
+the reset work. It forgot to change the ctrl state. The controller
+state is what protects against multiple scheduleding of redundant
+errors on the controller.
+
+Minimally, we have seen 10's (100's?) of io aborts causing multiple
+attempts to schedule the reset as it isn't blocked by the state change.
+Things get rather hosed up after this point and the reset never completes.
+Additionally, it causes multiple reschedules of something alredy scheduled
+perhaps. We also believe we've seen a case of the queue_delayed_work()
+to hit a race condition on a linked list that became corrupt and faulted.
+
+Fix by adding back the state change - which is the first thing done in
+the upstream commonized code.
+
+Signed-off-by: James Smart <james.smart@broadcom.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/nvme/host/fc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
+index ccb688d8eb84..dd10ad5b073c 100644
+--- a/drivers/nvme/host/fc.c
++++ b/drivers/nvme/host/fc.c
+@@ -2124,6 +2124,9 @@ nvme_fc_error_recovery(struct nvme_fc_ctrl *ctrl, char *errmsg)
+ if (ctrl->ctrl.state != NVME_CTRL_LIVE)
+ return;
+
++ if (!nvme_change_ctrl_state(&ctrl->ctrl, NVME_CTRL_RESETTING))
++ return;
++
+ dev_warn(ctrl->ctrl.device,
+ "NVME-FC{%d}: transport association error detected: %s\n",
+ ctrl->cnum, errmsg);
+--
+2.13.1
+
diff --git a/patches.drivers/powercap-RAPL-add-support-for-Denverton b/patches.drivers/powercap-RAPL-add-support-for-Denverton
index f8cde932d0..720e5c118c 100644
--- a/patches.drivers/powercap-RAPL-add-support-for-Denverton
+++ b/patches.drivers/powercap-RAPL-add-support-for-Denverton
@@ -19,9 +19,9 @@ Acked-by: Takashi Iwai <tiwai@suse.de>
--- a/drivers/powercap/intel_rapl.c
+++ b/drivers/powercap/intel_rapl.c
-@@ -1115,6 +1115,7 @@ static const struct x86_cpu_id rapl_ids[
- RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD, rapl_defaults_tng),
- RAPL_CPU(INTEL_FAM6_ATOM_MOOREFIELD, rapl_defaults_ann),
+@@ -1114,6 +1114,7 @@ static const struct x86_cpu_id rapl_ids[
+ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD1, rapl_defaults_tng),
+ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD2, rapl_defaults_ann),
RAPL_CPU(INTEL_FAM6_ATOM_GOLDMONT, rapl_defaults_core),
+ RAPL_CPU(INTEL_FAM6_ATOM_DENVERTON, rapl_defaults_core),
diff --git a/patches.drivers/scsi-lpfc-Use-after-free-in-lpfc_rq_buf_free.patch b/patches.drivers/scsi-lpfc-Use-after-free-in-lpfc_rq_buf_free.patch
new file mode 100644
index 0000000000..38816c9a25
--- /dev/null
+++ b/patches.drivers/scsi-lpfc-Use-after-free-in-lpfc_rq_buf_free.patch
@@ -0,0 +1,40 @@
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 22 Nov 2017 11:58:03 +0300
+Subject: scsi: lpfc: Use after free in lpfc_rq_buf_free()
+Patch-mainline: v4.15-rc4
+Git-commit: 9816ef6ecbc102b9bcbb1d83e12c7fb19924f38c
+References: bsc#1037838
+
+The error message dereferences "rqb_entry" so we need to print it first
+and then free the buffer.
+
+Fixes: 6c621a2229b0 ("scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Dick Kennedy <dick.kennedy@broadcom.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/scsi/lpfc/lpfc_mem.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/lpfc/lpfc_mem.c b/drivers/scsi/lpfc/lpfc_mem.c
+index 56faeb049b4a..87c08ff37ddd 100644
+--- a/drivers/scsi/lpfc/lpfc_mem.c
++++ b/drivers/scsi/lpfc/lpfc_mem.c
+@@ -753,12 +753,12 @@ lpfc_rq_buf_free(struct lpfc_hba *phba, struct lpfc_dmabuf *mp)
+ drqe.address_hi = putPaddrHigh(rqb_entry->dbuf.phys);
+ rc = lpfc_sli4_rq_put(rqb_entry->hrq, rqb_entry->drq, &hrqe, &drqe);
+ if (rc < 0) {
+- (rqbp->rqb_free_buffer)(phba, rqb_entry);
+ lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
+ "6409 Cannot post to RQ %d: %x %x\n",
+ rqb_entry->hrq->queue_id,
+ rqb_entry->hrq->host_index,
+ rqb_entry->hrq->hba_index);
++ (rqbp->rqb_free_buffer)(phba, rqb_entry);
+ } else {
+ list_add_tail(&rqb_entry->hbuf.list, &rqbp->rqb_buffer_list);
+ rqbp->buffer_count++;
+--
+2.12.3
+
diff --git a/patches.drivers/x86-powercap-rapl-Reorder-CPU-detection-table b/patches.drivers/x86-powercap-rapl-Reorder-CPU-detection-table
index 40b2b45af9..66d9e6503e 100644
--- a/patches.drivers/x86-powercap-rapl-Reorder-CPU-detection-table
+++ b/patches.drivers/x86-powercap-rapl-Reorder-CPU-detection-table
@@ -60,9 +60,9 @@ Acked-by: Takashi Iwai <tiwai@suse.de>
+
+ RAPL_CPU(INTEL_FAM6_ATOM_SILVERMONT1, rapl_defaults_byt),
RAPL_CPU(INTEL_FAM6_ATOM_AIRMONT, rapl_defaults_cht),
- RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD, rapl_defaults_tng),
+ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD1, rapl_defaults_tng),
- RAPL_CPU(INTEL_FAM6_BROADWELL_XEON_D, rapl_defaults_core),
- RAPL_CPU(INTEL_FAM6_ATOM_MOOREFIELD, rapl_defaults_ann),
+ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD2, rapl_defaults_ann),
RAPL_CPU(INTEL_FAM6_ATOM_GOLDMONT, rapl_defaults_core),
- RAPL_CPU(INTEL_FAM6_SKYLAKE_DESKTOP, rapl_defaults_core),
+
diff --git a/patches.drivers/x86-powercap-rapl-Use-Intel-model-macros-intead-of-o b/patches.drivers/x86-powercap-rapl-Use-Intel-model-macros-intead-of-o
index 70af583ac5..3260267ca1 100644
--- a/patches.drivers/x86-powercap-rapl-Use-Intel-model-macros-intead-of-o
+++ b/patches.drivers/x86-powercap-rapl-Use-Intel-model-macros-intead-of-o
@@ -77,9 +77,9 @@ Acked-by: Takashi Iwai <tiwai@suse.de>
+ RAPL_CPU(INTEL_FAM6_BROADWELL_GT3E, rapl_defaults_core),
+ RAPL_CPU(INTEL_FAM6_SKYLAKE_MOBILE, rapl_defaults_core),
+ RAPL_CPU(INTEL_FAM6_ATOM_AIRMONT, rapl_defaults_cht),
-+ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD, rapl_defaults_tng),
++ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD1, rapl_defaults_tng),
+ RAPL_CPU(INTEL_FAM6_BROADWELL_XEON_D, rapl_defaults_core),
-+ RAPL_CPU(INTEL_FAM6_ATOM_MOOREFIELD, rapl_defaults_ann),
++ RAPL_CPU(INTEL_FAM6_ATOM_MERRIFIELD2, rapl_defaults_ann),
+ RAPL_CPU(INTEL_FAM6_ATOM_GOLDMONT, rapl_defaults_core),
+ RAPL_CPU(INTEL_FAM6_SKYLAKE_DESKTOP, rapl_defaults_core),
+ RAPL_CPU(INTEL_FAM6_XEON_PHI_KNL, rapl_defaults_hsw_server),
diff --git a/patches.fixes/0001-CDC-ACM-apply-quirk-for-card-reader.patch b/patches.fixes/0001-CDC-ACM-apply-quirk-for-card-reader.patch
new file mode 100644
index 0000000000..d7c17d9756
--- /dev/null
+++ b/patches.fixes/0001-CDC-ACM-apply-quirk-for-card-reader.patch
@@ -0,0 +1,35 @@
+From df1cc78a52491f71d8170d513d0f6f114faa1bda Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneukum@suse.com>
+Date: Thu, 18 Jan 2018 12:13:45 +0100
+Subject: [PATCH] CDC-ACM: apply quirk for card reader
+Git-commit: df1cc78a52491f71d8170d513d0f6f114faa1bda
+Patch-mainline: v4.16
+References: bsc#1060279
+
+This devices drops random bytes from messages if you talk to it
+too fast.
+
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+CC: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/class/cdc-acm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
+index 6c64ab6e80fa..18bbe3fedb8b 100644
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -1752,6 +1752,9 @@ static const struct usb_device_id acm_ids[] = {
+ { USB_DEVICE(0x0ace, 0x1611), /* ZyDAS 56K USB MODEM - new version */
+ .driver_info = SINGLE_RX_URB, /* firmware bug */
+ },
++ { USB_DEVICE(0x11ca, 0x0201), /* VeriFone Mx870 Gadget Serial */
++ .driver_info = SINGLE_RX_URB,
++ },
+ { USB_DEVICE(0x22b8, 0x7000), /* Motorola Q Phone */
+ .driver_info = NO_UNION_NORMAL, /* has no union descriptor */
+ },
+--
+2.13.6
+
diff --git a/patches.fixes/0001-NFS-Add-a-cond_resched-to-nfs_commit_release_pages.patch b/patches.fixes/0001-NFS-Add-a-cond_resched-to-nfs_commit_release_pages.patch
new file mode 100644
index 0000000000..8db8adc767
--- /dev/null
+++ b/patches.fixes/0001-NFS-Add-a-cond_resched-to-nfs_commit_release_pages.patch
@@ -0,0 +1,31 @@
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+Date: Mon, 18 Dec 2017 14:39:13 -0500
+Subject: [PATCH] NFS: Add a cond_resched() to nfs_commit_release_pages()
+Git-commit: 7f1bda447c9bd48b415acedba6b830f61591601f
+Patch-mainline: v4.16-rc1
+References: bsc#1077779
+
+The commit list can get very large, and so we need a cond_resched()
+in nfs_commit_release_pages() in order to ensure we don't hog the CPU
+for excessive periods of time.
+
+Reported-by: Mike Galbraith <efault@gmx.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/nfs/write.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -1754,6 +1754,8 @@ static void nfs_commit_release_pages(str
+ set_bit(NFS_CONTEXT_RESEND_WRITES, &req->wb_context->flags);
+ next:
+ nfs_unlock_and_release_request(req);
++ /* Latency breaker */
++ cond_resched();
+ }
+ nfss = NFS_SERVER(data->inode);
+ if (atomic_long_read(&nfss->writeback) < NFS_CONGESTION_OFF_THRESH)
diff --git a/patches.fixes/ACPI-scan-Prefer-devices-without-_HID-for-_ADR-match.patch b/patches.fixes/ACPI-scan-Prefer-devices-without-_HID-for-_ADR-match.patch
deleted file mode 100644
index 102ab3d670..0000000000
--- a/patches.fixes/ACPI-scan-Prefer-devices-without-_HID-for-_ADR-match.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
-Date: Sat, 1 Apr 2017 00:45:52 +0200
-Subject: ACPI / scan: Prefer devices without _HID for _ADR matching
-Git-commit: fdad4e7a876a2cb3d2c1f04e5418c324e79fffef
-Patch-mainline: v4.11-rc6
-References: git-fixes
-
-Commit c2a6bbaf0c5f (ACPI / scan: Prefer devices without _HID/_CID
-for _ADR matching) added a list_empty(&adev->pnp.ids) check to
-find_child_checks() so as to catch situations in which the ACPI
-core attempts to decode _ADR for a device having a _HID too which
-is strictly against the spec. However, it overlooked the fact that
-the adev->pnp.ids list for the devices taken into account by
-find_child_checks() may contain device IDs set internally by the
-kernel, like "LNXVIDEO" (thanks to Zhang Rui for that realization),
-and it broke the enumeration of those devices as a result.
-
-To unbreak it, replace the overly coarse grained list_empty()
-check with a much more precise check against the pnp.type.platform_id
-flag which is only set for devices having a _HID (that's how it
-should be done from the start, as having both _ADR and _CID is
-actually permitted).
-
-Fixes: c2a6bbaf0c5f (ACPI / scan: Prefer devices without _HID/_CID for _ADR matching)
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=194889
-Reported-and-tested-by: Mike <mike@mikewilson.me.uk>
-Tested-by: Hans de Goede <hdegoede@redhat.com>
-Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
-Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-Signed-off-by: Jiri Slaby <jslaby@suse.cz>
----
- drivers/acpi/glue.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
---- a/drivers/acpi/glue.c
-+++ b/drivers/acpi/glue.c
-@@ -99,13 +99,13 @@ static int find_child_checks(struct acpi
- return -ENODEV;
-
- /*
-- * If the device has a _HID (or _CID) returning a valid ACPI/PNP
-- * device ID, it is better to make it look less attractive here, so that
-- * the other device with the same _ADR value (that may not have a valid
-- * device ID) can be matched going forward. [This means a second spec
-- * violation in a row, so whatever we do here is best effort anyway.]
-+ * If the device has a _HID returning a valid ACPI/PNP device ID, it is
-+ * better to make it look less attractive here, so that the other device
-+ * with the same _ADR value (that may not have a valid device ID) can be
-+ * matched going forward. [This means a second spec violation in a row,
-+ * so whatever we do here is best effort anyway.]
- */
-- return sta_present && list_empty(&adev->pnp.ids) ?
-+ return sta_present && !adev->pnp.type.platform_id ?
- FIND_CHILD_MAX_SCORE : FIND_CHILD_MIN_SCORE;
- }
-
diff --git a/patches.fixes/bonding-don-t-use-stale-speed-and-duplex-information.patch b/patches.fixes/bonding-don-t-use-stale-speed-and-duplex-information.patch
index 81845def9e..e00c0124a3 100644
--- a/patches.fixes/bonding-don-t-use-stale-speed-and-duplex-information.patch
+++ b/patches.fixes/bonding-don-t-use-stale-speed-and-duplex-information.patch
@@ -51,9 +51,9 @@ index 5dca77e0ffed..0946409d9479 100644
case BOND_LINK_UP:
+ bond_update_speed_duplex(slave);
- bond_set_slave_link_state(slave, BOND_LINK_UP);
+ bond_set_slave_link_state(slave, BOND_LINK_UP,
+ BOND_SLAVE_NOTIFY_NOW);
slave->last_link_up = jiffies;
-
--
2.13.0
diff --git a/patches.fixes/bonding-fix-802.3ad-aggregator-reselection.patch b/patches.fixes/bonding-fix-802.3ad-aggregator-reselection.patch
index 406c979414..58c9fc9aca 100644
--- a/patches.fixes/bonding-fix-802.3ad-aggregator-reselection.patch
+++ b/patches.fixes/bonding-fix-802.3ad-aggregator-reselection.patch
@@ -122,8 +122,8 @@ index 940e2ebbdea8..1e5a8048e54f 100644
- bandwidth = aggregator->num_of_ports * 56000;
+ bandwidth = nports * 56000;
break;
- default:
- bandwidth = 0; /* to silence the compiler */
+ case AD_LINK_SPEED_100000MBPS:
+ bandwidth = aggregator->num_of_ports * 100000;
@@ -1513,10 +1528,10 @@ static struct aggregator *ad_agg_selection_test(struct aggregator *best,
switch (__get_agg_selection_mode(curr->lag_ports)) {
diff --git a/patches.fixes/ceph-more-accurate-statfs.patch b/patches.fixes/ceph-more-accurate-statfs.patch
new file mode 100644
index 0000000000..638574f31e
--- /dev/null
+++ b/patches.fixes/ceph-more-accurate-statfs.patch
@@ -0,0 +1,98 @@
+From: Douglas Fuller <dfuller@redhat.com>
+Date: Wed, 16 Aug 2017 10:19:27 -0400
+Subject: ceph: more accurate statfs
+Git-commit: 06d74376c8af32f5b8d777a943aa4dc99165088b
+Patch-mainline: v4.14-rc1
+References: bsc#1077068
+
+Improve accuracy of statfs reporting for Ceph filesystems comprising
+exactly one data pool. In this case, the Ceph monitor can now report
+the space usage for the single data pool instead of the global data
+for the entire Ceph cluster. Include support for this message in
+mon_client and leverage it in ceph/super.
+
+Signed-off-by: Douglas Fuller <dfuller@redhat.com>
+Reviewed-by: Yan, Zheng <zyan@redhat.com>
+Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/super.c | 9 ++++++++-
+ include/linux/ceph/ceph_fs.h | 2 ++
+ include/linux/ceph/mon_client.h | 4 ++--
+ net/ceph/mon_client.c | 6 +++++-
+ 4 files changed, 17 insertions(+), 4 deletions(-)
+
+--- a/fs/ceph/super.c
++++ b/fs/ceph/super.c
+@@ -49,9 +49,16 @@ static int ceph_statfs(struct dentry *de
+ struct ceph_statfs st;
+ u64 fsid;
+ int err;
++ u64 data_pool;
++
++ if (fsc->mdsc->mdsmap->m_num_data_pg_pools == 1) {
++ data_pool = fsc->mdsc->mdsmap->m_data_pg_pools[0];
++ } else {
++ data_pool = CEPH_NOPOOL;
++ }
+
+ dout("statfs\n");
+- err = ceph_monc_do_statfs(&fsc->client->monc, &st);
++ err = ceph_monc_do_statfs(&fsc->client->monc, data_pool, &st);
+ if (err < 0)
+ return err;
+
+--- a/include/linux/ceph/ceph_fs.h
++++ b/include/linux/ceph/ceph_fs.h
+@@ -167,6 +167,8 @@ struct ceph_mon_request_header {
+ struct ceph_mon_statfs {
+ struct ceph_mon_request_header monhdr;
+ struct ceph_fsid fsid;
++ __u8 contains_data_pool;
++ __le64 data_pool;
+ } __attribute__ ((packed));
+
+ struct ceph_statfs {
+--- a/include/linux/ceph/mon_client.h
++++ b/include/linux/ceph/mon_client.h
+@@ -134,8 +134,8 @@ extern void ceph_monc_request_next_osdma
+ extern int ceph_monc_wait_osdmap(struct ceph_mon_client *monc, u32 epoch,
+ unsigned long timeout);
+
+-extern int ceph_monc_do_statfs(struct ceph_mon_client *monc,
+- struct ceph_statfs *buf);
++int ceph_monc_do_statfs(struct ceph_mon_client *monc, u64 data_pool,
++ struct ceph_statfs *buf);
+
+ int ceph_monc_get_version(struct ceph_mon_client *monc, const char *what,
+ u64 *newest);
+--- a/net/ceph/mon_client.c
++++ b/net/ceph/mon_client.c
+@@ -690,7 +690,8 @@ bad:
+ /*
+ * Do a synchronous statfs().
+ */
+-int ceph_monc_do_statfs(struct ceph_mon_client *monc, struct ceph_statfs *buf)
++int ceph_monc_do_statfs(struct ceph_mon_client *monc, u64 data_pool,
++ struct ceph_statfs *buf)
+ {
+ struct ceph_mon_generic_request *req;
+ struct ceph_mon_statfs *h;
+@@ -710,6 +711,7 @@ int ceph_monc_do_statfs(struct ceph_mon_
+ goto out;
+
+ req->u.st = buf;
++ req->request->hdr.version = cpu_to_le16(2);
+
+ mutex_lock(&monc->mutex);
+ register_generic_request(req);
+@@ -719,6 +721,8 @@ int ceph_monc_do_statfs(struct ceph_mon_
+ h->monhdr.session_mon = cpu_to_le16(-1);
+ h->monhdr.session_mon_tid = 0;
+ h->fsid = monc->monmap->fsid;
++ h->contains_data_pool = (data_pool != CEPH_NOPOOL);
++ h->data_pool = cpu_to_le64(data_pool);
+ send_generic_request(monc, req);
+ mutex_unlock(&monc->mutex);
+
diff --git a/patches.fixes/dlm-fix-malfunction-of-dlm_tool-caused-by-debugfs-ch.patch b/patches.fixes/dlm-fix-malfunction-of-dlm_tool-caused-by-debugfs-ch.patch
new file mode 100644
index 0000000000..e05391492c
--- /dev/null
+++ b/patches.fixes/dlm-fix-malfunction-of-dlm_tool-caused-by-debugfs-ch.patch
@@ -0,0 +1,143 @@
+From 079d37df3397d48aab0f014986c1b0a1ca6256aa Mon Sep 17 00:00:00 2001
+From: Eric Ren <zren@suse.com>
+Date: Thu, 25 Aug 2016 17:20:59 +0800
+Subject: [PATCH] dlm: fix malfunction of dlm_tool caused by debugfs changes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: 079d37df3397d48aab0f014986c1b0a1ca6256aa
+Patch-mainline: v4.8-rc4
+References: bsc#1077704
+
+With the current kernel, `dlm_tool lockdebug` fails as below:
+
+"dlm_tool lockdebug ED0BD86DCE724393918A1AE8FDBF1EE3
+can't open /sys/kernel/debug/dlm/ED0BD86DCE724393918A1AE8FDBF1EE3:
+Operation not permitted"
+
+This is because table_open() depends on file->f_op to tell which
+seq_file ops should be passed down. But, the original file ops in
+file->f_op is replaced by "debugfs_full_proxy_file_operations" with
+commit 49d200deaa68 ("debugfs: prevent access to removed files'
+private data").
+
+Currently, I can think up 2 solutions: 1st, replace
+debugfs_create_file() with debugfs_create_file_unsafe();
+2nd, make different table_open#() accordingly. The 1st one
+is neat, but I don't thoroughly understand its risk. Maybe
+someone has a better one.
+
+Signed-off-by: Eric Ren <zren@suse.com>
+Signed-off-by: David Teigland <teigland@redhat.com>
+---
+ fs/dlm/debug_fs.c | 62 ++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 48 insertions(+), 14 deletions(-)
+
+diff --git a/fs/dlm/debug_fs.c b/fs/dlm/debug_fs.c
+index eea6491..466f7d6 100644
+--- a/fs/dlm/debug_fs.c
++++ b/fs/dlm/debug_fs.c
+@@ -607,20 +607,54 @@ static void table_seq_stop(struct seq_file *seq, void *iter_ptr)
+ static const struct file_operations format3_fops;
+ static const struct file_operations format4_fops;
+
+-static int table_open(struct inode *inode, struct file *file)
++static int table_open1(struct inode *inode, struct file *file)
+ {
+ struct seq_file *seq;
+- int ret = -1;
++ int ret;
+
+- if (file->f_op == &format1_fops)
+- ret = seq_open(file, &format1_seq_ops);
+- else if (file->f_op == &format2_fops)
+- ret = seq_open(file, &format2_seq_ops);
+- else if (file->f_op == &format3_fops)
+- ret = seq_open(file, &format3_seq_ops);
+- else if (file->f_op == &format4_fops)
+- ret = seq_open(file, &format4_seq_ops);
++ ret = seq_open(file, &format1_seq_ops);
++ if (ret)
++ return ret;
++
++ seq = file->private_data;
++ seq->private = inode->i_private; /* the dlm_ls */
++ return 0;
++}
++
++static int table_open2(struct inode *inode, struct file *file)
++{
++ struct seq_file *seq;
++ int ret;
++
++ ret = seq_open(file, &format2_seq_ops);
++ if (ret)
++ return ret;
++
++ seq = file->private_data;
++ seq->private = inode->i_private; /* the dlm_ls */
++ return 0;
++}
++
++static int table_open3(struct inode *inode, struct file *file)
++{
++ struct seq_file *seq;
++ int ret;
++
++ ret = seq_open(file, &format3_seq_ops);
++ if (ret)
++ return ret;
++
++ seq = file->private_data;
++ seq->private = inode->i_private; /* the dlm_ls */
++ return 0;
++}
++
++static int table_open4(struct inode *inode, struct file *file)
++{
++ struct seq_file *seq;
++ int ret;
+
++ ret = seq_open(file, &format4_seq_ops);
+ if (ret)
+ return ret;
+
+@@ -631,7 +665,7 @@ static int table_open(struct inode *inode, struct file *file)
+
+ static const struct file_operations format1_fops = {
+ .owner = THIS_MODULE,
+- .open = table_open,
++ .open = table_open1,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release
+@@ -639,7 +673,7 @@ static int table_open(struct inode *inode, struct file *file)
+
+ static const struct file_operations format2_fops = {
+ .owner = THIS_MODULE,
+- .open = table_open,
++ .open = table_open2,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release
+@@ -647,7 +681,7 @@ static int table_open(struct inode *inode, struct file *file)
+
+ static const struct file_operations format3_fops = {
+ .owner = THIS_MODULE,
+- .open = table_open,
++ .open = table_open3,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release
+@@ -655,7 +689,7 @@ static int table_open(struct inode *inode, struct file *file)
+
+ static const struct file_operations format4_fops = {
+ .owner = THIS_MODULE,
+- .open = table_open,
++ .open = table_open4,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release
+--
+1.8.5.6
+
diff --git a/patches.fixes/ipvlan-remove-excessive-packet-scrubbing.patch b/patches.fixes/ipvlan-remove-excessive-packet-scrubbing.patch
new file mode 100644
index 0000000000..c9b5ecee00
--- /dev/null
+++ b/patches.fixes/ipvlan-remove-excessive-packet-scrubbing.patch
@@ -0,0 +1,51 @@
+From: Mahesh Bandewar <maheshb@google.com>
+Date: Wed, 13 Dec 2017 14:40:26 -0800
+Subject: ipvlan: remove excessive packet scrubbing
+Patch-mainline: v4.16-rc1
+Git-commit: c0d451c86ca2c2e6d0f52394b5463e0359caa6f2
+References: bsc#1070799
+
+IPvlan currently scrubs packets at every location where packets may be
+crossing namespace boundary. Though this is desirable, currently IPvlan
+does it more than necessary. e.g. packets that are going to take
+dev_forward_skb() path will get scrubbed so no point in scrubbing them
+before forwarding. Another side-effect of scrubbing is that pkt-type gets
+set to PACKET_HOST which overrides what was already been set by the
+earlier path making erroneous delivery of the packets.
+
+Also scrubbing packets just before calling dev_queue_xmit() has detrimental
+effects since packets lose skb->sk and because of that miss prio updates,
+incorrect socket back-pressure and would even break TSQ.
+
+Fixes: b93dd49c1a35 ('ipvlan: Scrub skb before crossing the namespace boundary')
+Signed-off-by: Mahesh Bandewar <maheshb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ drivers/net/ipvlan/ipvlan_core.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
+index af827faec7fe..f5ba8a75f882 100644
+--- a/drivers/net/ipvlan/ipvlan_core.c
++++ b/drivers/net/ipvlan/ipvlan_core.c
+@@ -275,13 +275,13 @@ static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
+ goto out;
+
+ *pskb = skb;
+- skb->dev = dev;
+- skb->pkt_type = PACKET_HOST;
+
+ if (local) {
++ skb->pkt_type = PACKET_HOST;
+ if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
+ success = true;
+ } else {
++ skb->dev = dev;
+ ret = RX_HANDLER_ANOTHER;
+ success = true;
+ }
+--
+2.16.0
+
diff --git a/patches.fixes/mm-mprotect-add-a-cond_resched-inside-change_pmd_ran.patch b/patches.fixes/mm-mprotect-add-a-cond_resched-inside-change_pmd_ran.patch
new file mode 100644
index 0000000000..c259598c46
--- /dev/null
+++ b/patches.fixes/mm-mprotect-add-a-cond_resched-inside-change_pmd_ran.patch
@@ -0,0 +1,83 @@
+From 4991c09c7c812dba13ea9be79a68b4565bb1fa4e Mon Sep 17 00:00:00 2001
+From: Anshuman Khandual <khandual@linux.vnet.ibm.com>
+Date: Thu, 4 Jan 2018 16:17:52 -0800
+Subject: [PATCH] mm/mprotect: add a cond_resched() inside change_pmd_range()
+Git-commit: 4991c09c7c812dba13ea9be79a68b4565bb1fa4e
+Patch-mainline: 4.15-rc7
+References: bnc#1077871, bnc#1078002
+
+While testing on a large CPU system, detected the following RCU stall
+many times over the span of the workload. This problem is solved by
+adding a cond_resched() in the change_pmd_range() function.
+
+ INFO: rcu_sched detected stalls on CPUs/tasks:
+ 154-....: (670 ticks this GP) idle=022/140000000000000/0 softirq=2825/2825 fqs=612
+ (detected by 955, t=6002 jiffies, g=4486, c=4485, q=90864)
+ Sending NMI from CPU 955 to CPUs 154:
+ NMI backtrace for cpu 154
+ CPU: 154 PID: 147071 Comm: workload Not tainted 4.15.0-rc3+ #3
+ NIP: c0000000000b3f64 LR: c0000000000b33d4 CTR: 000000000000aa18
+ REGS: 00000000a4b0fb44 TRAP: 0501 Not tainted (4.15.0-rc3+)
+ MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22422082 XER: 00000000
+ CFAR: 00000000006cf8f0 SOFTE: 1
+ GPR00: 0010000000000000 c00003ef9b1cb8c0 c0000000010cc600 0000000000000000
+ GPR04: 8e0000018c32b200 40017b3858fd6e00 8e0000018c32b208 40017b3858fd6e00
+ GPR08: 8e0000018c32b210 40017b3858fd6e00 8e0000018c32b218 40017b3858fd6e00
+ GPR12: ffffffffffffffff c00000000fb25100
+ NIP [c0000000000b3f64] plpar_hcall9+0x44/0x7c
+ LR [c0000000000b33d4] pSeries_lpar_flush_hash_range+0x384/0x420
+ Call Trace:
+ flush_hash_range+0x48/0x100
+ __flush_tlb_pending+0x44/0xd0
+ hpte_need_flush+0x408/0x470
+ change_protection_range+0xaac/0xf10
+ change_prot_numa+0x30/0xb0
+ task_numa_work+0x2d0/0x3e0
+ task_work_run+0x130/0x190
+ do_notify_resume+0x118/0x120
+ ret_from_except_lite+0x70/0x74
+ Instruction dump:
+ 60000000 f8810028 7ca42b78 7cc53378 7ce63b78 7d074378 7d284b78 7d495378
+ e9410060 e9610068 e9810070 44000022 <7d806378> e9810028 f88c0000 f8ac0008
+
+Link: http://lkml.kernel.org/r/20171214140551.5794-1-khandual@linux.vnet.ibm.com
+Signed-off-by: Anshuman Khandual <khandual@linux.vnet.ibm.com>
+Suggested-by: Nicholas Piggin <npiggin@gmail.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+---
+ mm/mprotect.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/mprotect.c
++++ b/mm/mprotect.c
+@@ -164,7 +164,7 @@ static inline unsigned long change_pmd_r
+
+ next = pmd_addr_end(addr, end);
+ if (!pmd_trans_huge(*pmd) && pmd_none_or_clear_bad(pmd))
+- continue;
++ goto next;
+
+ /* invoke the mmu notifier if the pmd is populated */
+ if (!mni_start) {
+@@ -186,7 +186,7 @@ static inline unsigned long change_pmd_r
+ }
+
+ /* huge pmd was handled */
+- continue;
++ goto next;
+ }
+ }
+ /* fall through, the trans huge pmd just split */
+@@ -194,6 +194,8 @@ static inline unsigned long change_pmd_r
+ this_pages = change_pte_range(vma, pmd, addr, next, newprot,
+ dirty_accountable, prot_numa);
+ pages += this_pages;
++next:
++ cond_resched();
+ } while (pmd++, addr = next, addr != end);
+
+ if (mni_start)
diff --git a/patches.fixes/rtc-cmos-initialize-hpet-timer-before-irq-is-registe.patch b/patches.fixes/rtc-cmos-initialize-hpet-timer-before-irq-is-registe.patch
new file mode 100644
index 0000000000..2255029b68
--- /dev/null
+++ b/patches.fixes/rtc-cmos-initialize-hpet-timer-before-irq-is-registe.patch
@@ -0,0 +1,112 @@
+From: Pratyush Anand <panand@redhat.com>
+Subject: rtc: cmos: Initialize hpet timer before irq is registered
+Git-commit: 970fc7f4afd52d638d88aeda985ea03ccd33acee
+Patch-mainline: v4.9
+References: bsc#1077592
+Acked-by: Jiri Bohac <jbohac@suse.cz>
+
+We have observed on few x86 machines with rtc-cmos device that
+hpet_rtc_interrupt() is called just after irq registration and before
+cmos_do_probe() could call hpet_rtc_timer_init().
+
+So, neither hpet_default_delta nor hpet_t1_cmp is initialized by the time
+interrupt is raised in the given situation, and this results in NMI
+watchdog LOCKUP.
+
+It has only been observed sporadically on kdump secondary kernels.
+
+See the call trace:
+---<-snip->---
+[ 27.913194] Kernel panic - not syncing: Watchdog detected hard LOCKUP on cpu 0
+[ 27.915371] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-342.el7.x86_64 #1
+[ 27.917503] Hardware name: HP ProLiant DL160 Gen8, BIOS J03 02/10/2014
+[ 27.919455] ffffffff8186a728 0000000059c82488 ffff880034e05af0 ffffffff81637bd4
+[ 27.921870] ffff880034e05b70 ffffffff8163144a 0000000000000010 ffff880034e05b80
+[ 27.924257] ffff880034e05b20 0000000059c82488 0000000000000000 0000000000000000
+[ 27.926599] Call Trace:
+[ 27.927352] <NMI> [<ffffffff81637bd4>] dump_stack+0x19/0x1b
+[ 27.929080] [<ffffffff8163144a>] panic+0xd8/0x1e7
+[ 27.930588] [<ffffffff8111d3e0>] ? restart_watchdog_hrtimer+0x50/0x50
+[ 27.932502] [<ffffffff8111d4a2>] watchdog_overflow_callback+0xc2/0xd0
+[ 27.934427] [<ffffffff811612c1>] __perf_event_overflow+0xa1/0x250
+[ 27.936232] [<ffffffff81161d94>] perf_event_overflow+0x14/0x20
+[ 27.937957] [<ffffffff81032ae8>] intel_pmu_handle_irq+0x1e8/0x470
+[ 27.939799] [<ffffffff8164164b>] perf_event_nmi_handler+0x2b/0x50
+[ 27.941649] [<ffffffff81640d99>] nmi_handle.isra.0+0x69/0xb0
+[ 27.943348] [<ffffffff81640f49>] do_nmi+0x169/0x340
+[ 27.944802] [<ffffffff816401d3>] end_repeat_nmi+0x1e/0x2e
+[ 27.946424] [<ffffffff81056ee5>] ? hpet_rtc_interrupt+0x85/0x380
+[ 27.948197] [<ffffffff81056ee5>] ? hpet_rtc_interrupt+0x85/0x380
+[ 27.949992] [<ffffffff81056ee5>] ? hpet_rtc_interrupt+0x85/0x380
+[ 27.951816] <<EOE>> <IRQ> [<ffffffff8108f5a3>] ? run_timer_softirq+0x43/0x340
+[ 27.954114] [<ffffffff8111e24e>] handle_irq_event_percpu+0x3e/0x1e0
+[ 27.955962] [<ffffffff8111e42d>] handle_irq_event+0x3d/0x60
+[ 27.957635] [<ffffffff811210c7>] handle_edge_irq+0x77/0x130
+[ 27.959332] [<ffffffff8101704f>] handle_irq+0xbf/0x150
+[ 27.960949] [<ffffffff8164a86f>] do_IRQ+0x4f/0xf0
+[ 27.962434] [<ffffffff8163faed>] common_interrupt+0x6d/0x6d
+[ 27.964101] <EOI> [<ffffffff8163f43b>] ? _raw_spin_unlock_irqrestore+0x1b/0x40
+[ 27.966308] [<fffff8111ff07>] __setup_irq+0x2a7/0x570
+[ 28.067859] [<ffffffff81056e60>] ? hpet_cpuhp_notify+0x140/0x140
+[ 28.069709] [<ffffffff8112032c>] request_threaded_irq+0xcc/0x170
+[ 28.071585] [<ffffffff814b24a6>] cmos_do_probe+0x1e6/0x450
+[ 28.073240] [<ffffffff814b2710>] ? cmos_do_probe+0x450/0x450
+[ 28.074911] [<ffffffff814b27cb>] cmos_pnp_probe+0xbb/0xc0
+[ 28.076533] [<ffffffff8139b245>] pnp_device_probe+0x65/0xd0
+[ 28.078198] [<ffffffff813f8ca7>] driver_probe_device+0x87/0x390
+[ 28.079971] [<ffffffff813f9083>] __driver_attach+0x93/0xa0
+[ 28.081660] [<ffffffff813f8ff0>] ? __device_attach+0x40/0x40
+[ 28.083662] [<ffffffff813f6a13>] bus_for_each_dev+0x73/0xc0
+[ 28.085370] [<ffffffff813f86fe>] driver_attach+0x1e/0x20
+[ 28.086974] [<ffffffff813f8250>] bus_add_driver+0x200/0x2d0
+[ 28.088634] [<ffffffff81ade49a>] ? rtc_sysfs_init+0xe/0xe
+[ 28.090349] [<ffffffff813f9704>] driver_register+0x64/0xf0
+[ 28.091989] [<ffffffff8139b070>] pnp_register_driver+0x20/0x30
+[ 28.093707] [<ffffffff81ade4ab>] cmos_init+0x11/0x71
+---<-snip->---
+
+This patch moves hpet_rtc_timer_init() before IRQ registration, so that we
+can gracefully handle such spurious interrupts. It also masks HPET RTC
+interrupts, in case IRQ registration fails.
+
+We were able to reproduce the problem in maximum 15 trials of kdump
+secondary kernel boot on an hp-dl160gen8 FCoE host machine without this
+patch. However, more than 35 trials went fine after applying this patch.
+
+Suggested-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Pratyush Anand <panand@redhat.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
+
+diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
+index 43745cac0141..fddde655cbd4 100644
+--- a/drivers/rtc/rtc-cmos.c
++++ b/drivers/rtc/rtc-cmos.c
+@@ -707,6 +707,8 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
+ goto cleanup1;
+ }
+
++ hpet_rtc_timer_init();
++
+ if (is_valid_irq(rtc_irq)) {
+ irq_handler_t rtc_cmos_int_handler;
+
+@@ -714,6 +716,7 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
+ rtc_cmos_int_handler = hpet_rtc_interrupt;
+ retval = hpet_register_irq_handler(cmos_interrupt);
+ if (retval) {
++ hpet_mask_rtc_irq_bit(RTC_IRQMASK);
+ dev_warn(dev, "hpet_register_irq_handler "
+ " failed in rtc_init().");
+ goto cleanup1;
+@@ -729,7 +732,6 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
+ goto cleanup1;
+ }
+ }
+- hpet_rtc_timer_init();
+
+ /* export at least the first block of NVRAM */
+ nvram.size = address_space - NVRAM_OFFSET;
+--
+2.15.0
+
diff --git a/patches.fixes/scsi-check-for-device-state-in-__scsi_remove_target.patch b/patches.fixes/scsi-check-for-device-state-in-__scsi_remove_target.patch
index d8e792b8c3..674a583275 100644
--- a/patches.fixes/scsi-check-for-device-state-in-__scsi_remove_target.patch
+++ b/patches.fixes/scsi-check-for-device-state-in-__scsi_remove_target.patch
@@ -2,7 +2,8 @@ From: Hannes Reinecke <hare@suse.de>
Date: Wed, 13 Dec 2017 14:15:03 +0100
Subject: [PATCH] scsi: check for device state in __scsi_remove_target()
References: bsc#1072589
-Patch-Mainline: submitted linux-scsi 2017/12/13
+Patch-Mainline: v4.15-rc6
+Git-commit: 81b6c999897919d5a16fedc018fe375dbab091c5
As it turned out device_get() doesn't use kref_get_unless_zero(),
so we will be always getting a device pointer.
diff --git a/patches.fixes/tipc-improve-link-resiliency-when-rps-is-activated.patch b/patches.fixes/tipc-improve-link-resiliency-when-rps-is-activated.patch
new file mode 100644
index 0000000000..f887b66794
--- /dev/null
+++ b/patches.fixes/tipc-improve-link-resiliency-when-rps-is-activated.patch
@@ -0,0 +1,351 @@
+From: Jon Maloy <jon.maloy@ericsson.com>
+Date: Wed, 8 Nov 2017 09:59:26 +0100
+Subject: tipc: improve link resiliency when rps is activated
+Patch-mainline: v4.15-rc1
+Git-commit: 8d6e79d3ce13e34957de87f7584cbf1bcde74c57
+References: bsc#1068038
+
+Currently, the TIPC RPS dissector is based only on the incoming packets'
+source node address, hence steering all traffic from a node to the same
+core. We have seen that this makes the links vulnerable to starvation
+and unnecessary resets when we turn down the link tolerance to very low
+values.
+
+To reduce the risk of this happening, we exempt probe and probe replies
+packets from the convergence to one core per source node. Instead, we do
+the opposite, - we try to diverge those packets across as many cores as
+possible, by randomizing the flow selector key.
+
+To make such packets identifiable to the dissector, we add a new
+'is_keepalive' bit to word 0 of the LINK_PROTOCOL header. This bit is
+set both for PROBE and PROBE_REPLY messages, and only for those.
+
+It should be noted that these packets are not part of any flow anyway,
+and only constitute a minuscule fraction of all packets sent across a
+link. Hence, there is no risk that this will affect overall performance.
+
+Acked-by: Ying Xue <ying.xue@windriver.com>
+Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ include/net/flow_dissector.h | 12 ++++-----
+ include/net/tipc.h | 62 ++++++++++++++++++++++++++++++++++++++++++++
+ net/core/flow_dissector.c | 30 ++++++++++-----------
+ net/tipc/link.c | 26 +++++++++++--------
+ net/tipc/msg.h | 10 +++++++
+ 5 files changed, 108 insertions(+), 32 deletions(-)
+ create mode 100644 include/net/tipc.h
+
+diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
+index f266b512c3bd..c1c50f71c2c8 100644
+--- a/include/net/flow_dissector.h
++++ b/include/net/flow_dissector.h
+@@ -68,11 +68,11 @@ struct flow_dissector_key_ipv6_addrs {
+ };
+
+ /**
+- * struct flow_dissector_key_tipc_addrs:
+- * @srcnode: source node address
++ * struct flow_dissector_key_tipc:
++ * @key: source node address combined with selector
+ */
+-struct flow_dissector_key_tipc_addrs {
+- __be32 srcnode;
++struct flow_dissector_key_tipc {
++ __be32 key;
+ };
+
+ /**
+@@ -84,7 +84,7 @@ struct flow_dissector_key_addrs {
+ union {
+ struct flow_dissector_key_ipv4_addrs v4addrs;
+ struct flow_dissector_key_ipv6_addrs v6addrs;
+- struct flow_dissector_key_tipc_addrs tipcaddrs;
++ struct flow_dissector_key_tipc tipckey;
+ };
+ };
+
+@@ -123,7 +123,7 @@ enum flow_dissector_key_id {
+ FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
+ FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
+ FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
+- FLOW_DISSECTOR_KEY_TIPC_ADDRS, /* struct flow_dissector_key_tipc_addrs */
++ FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
+ FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_flow_vlan */
+ FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_flow_tags */
+ FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
+diff --git a/include/net/tipc.h b/include/net/tipc.h
+new file mode 100644
+index 000000000000..07670ec022a7
+--- /dev/null
++++ b/include/net/tipc.h
+@@ -0,0 +1,62 @@
++/*
++ * include/net/tipc.h: Include file for TIPC message header routines
++ *
++ * Copyright (c) 2017 Ericsson AB
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. Neither the names of the copyright holders nor the names of its
++ * contributors may be used to endorse or promote products derived from
++ * this software without specific prior written permission.
++ *
++ * Alternatively, this software may be distributed under the terms of the
++ * GNU General Public License ("GPL") version 2 as published by the Free
++ * Software Foundation.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef _TIPC_HDR_H
++#define _TIPC_HDR_H
++
++#include <linux/random.h>
++
++#define KEEPALIVE_MSG_MASK 0x0e080000 /* LINK_PROTOCOL + MSG_IS_KEEPALIVE */
++
++struct tipc_basic_hdr {
++ __be32 w[4];
++};
++
++static inline u32 tipc_hdr_rps_key(struct tipc_basic_hdr *hdr)
++{
++ u32 w0 = ntohl(hdr->w[0]);
++ bool keepalive_msg = (w0 & KEEPALIVE_MSG_MASK) == KEEPALIVE_MSG_MASK;
++ int key;
++
++ /* Return source node identity as key */
++ if (likely(!keepalive_msg))
++ return hdr->w[3];
++
++ /* Spread PROBE/PROBE_REPLY messages across the cores */
++ get_random_bytes(&key, sizeof(key));
++ return key;
++}
++
++#endif
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
+index daf8c40de9d4..75e67a8d6b6b 100644
+--- a/net/core/flow_dissector.c
++++ b/net/core/flow_dissector.c
+@@ -6,6 +6,7 @@
+ #include <linux/if_vlan.h>
+ #include <net/ip.h>
+ #include <net/ipv6.h>
++#include <net/tipc.h>
+ #include <linux/igmp.h>
+ #include <linux/icmp.h>
+ #include <linux/sctp.h>
+@@ -303,21 +304,20 @@ ipv6:
+ }
+ }
+ case htons(ETH_P_TIPC): {
+- struct {
+- __be32 pre[3];
+- __be32 srcnode;
+- } *hdr, _hdr;
+- hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
++ struct tipc_basic_hdr *hdr, _hdr;
++
++ hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr),
++ data, hlen, &_hdr);
+ if (!hdr)
+ goto out_bad;
+
+ if (dissector_uses_key(flow_dissector,
+- FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
++ FLOW_DISSECTOR_KEY_TIPC)) {
+ key_addrs = skb_flow_dissector_target(flow_dissector,
+- FLOW_DISSECTOR_KEY_TIPC_ADDRS,
++ FLOW_DISSECTOR_KEY_TIPC,
+ target_container);
+- key_addrs->tipcaddrs.srcnode = hdr->srcnode;
+- key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
++ key_addrs->tipckey.key = tipc_hdr_rps_key(hdr);
++ key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC;
+ }
+ goto out_good;
+ }
+@@ -550,8 +550,8 @@ static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
+ case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
+ diff -= sizeof(flow->addrs.v6addrs);
+ break;
+- case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
+- diff -= sizeof(flow->addrs.tipcaddrs);
++ case FLOW_DISSECTOR_KEY_TIPC:
++ diff -= sizeof(flow->addrs.tipckey);
+ break;
+ }
+ return (sizeof(*flow) - diff) / sizeof(u32);
+@@ -565,8 +565,8 @@ __be32 flow_get_u32_src(const struct flow_keys *flow)
+ case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
+ return (__force __be32)ipv6_addr_hash(
+ &flow->addrs.v6addrs.src);
+- case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
+- return flow->addrs.tipcaddrs.srcnode;
++ case FLOW_DISSECTOR_KEY_TIPC:
++ return flow->addrs.tipckey.key;
+ default:
+ return 0;
+ }
+@@ -885,8 +885,8 @@ static const struct flow_dissector_key flow_keys_dissector_keys[] = {
+ .offset = offsetof(struct flow_keys, addrs.v6addrs),
+ },
+ {
+- .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
+- .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
++ .key_id = FLOW_DISSECTOR_KEY_TIPC,
++ .offset = offsetof(struct flow_keys, addrs.tipckey),
+ },
+ {
+ .key_id = FLOW_DISSECTOR_KEY_PORTS,
+diff --git a/net/tipc/link.c b/net/tipc/link.c
+index 736fffb28ab6..d7c5d6028eb9 100644
+--- a/net/tipc/link.c
++++ b/net/tipc/link.c
+@@ -115,7 +115,8 @@ static int link_is_up(struct tipc_link *l)
+ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb,
+ struct sk_buff_head *xmitq);
+ static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp, bool probe,
+- u16 rcvgap, int tolerance, int priority,
++ bool probe_reply, u16 rcvgap,
++ int tolerance, int priority,
+ struct sk_buff_head *xmitq);
+ static void link_reset_statistics(struct tipc_link *l_ptr);
+ static void link_print(struct tipc_link *l_ptr, const char *str);
+@@ -597,7 +598,7 @@ int tipc_link_timeout(struct tipc_link *l, struct sk_buff_head *xmitq)
+ }
+
+ if (xmit)
+- tipc_link_build_proto_msg(l, mtyp, prb, 0, 0, 0, xmitq);
++ tipc_link_build_proto_msg(l, mtyp, prb, 0, 0, 0, 0, xmitq);
+
+ return rc;
+ }
+@@ -985,7 +986,7 @@ int tipc_link_build_ack_msg(struct tipc_link *l, struct sk_buff_head *xmitq)
+ /* Unicast ACK */
+ l->rcv_unacked = 0;
+ l->stats.sent_acks++;
+- tipc_link_build_proto_msg(l, STATE_MSG, 0, 0, 0, 0, xmitq);
++ tipc_link_build_proto_msg(l, STATE_MSG, 0, 0, 0, 0, 0, xmitq);
+ return 0;
+ }
+
+@@ -998,7 +999,7 @@ void tipc_link_build_reset_msg(struct tipc_link *l, struct sk_buff_head *xmitq)
+ if (l->state == LINK_ESTABLISHING)
+ mtyp = ACTIVATE_MSG;
+
+- tipc_link_build_proto_msg(l, mtyp, 0, 0, 0, 0, xmitq);
++ tipc_link_build_proto_msg(l, mtyp, 0, 0, 0, 0, 0, xmitq);
+ }
+
+ /* tipc_link_build_nack_msg: prepare link nack message for transmission
+@@ -1012,7 +1013,7 @@ static void tipc_link_build_nack_msg(struct tipc_link *l,
+ return;
+
+ if ((skb_queue_len(&l->deferdq) == 1) || !(def_cnt % TIPC_NACK_INTV))
+- tipc_link_build_proto_msg(l, STATE_MSG, 0, 0, 0, 0, xmitq);
++ tipc_link_build_proto_msg(l, STATE_MSG, 0, 0, 0, 0, 0, xmitq);
+ }
+
+ /* tipc_link_rcv - process TIPC packets/messages arriving from off-node
+@@ -1085,7 +1086,8 @@ drop:
+ }
+
+ static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp, bool probe,
+- u16 rcvgap, int tolerance, int priority,
++ bool probe_reply, u16 rcvgap,
++ int tolerance, int priority,
+ struct sk_buff_head *xmitq)
+ {
+ struct sk_buff *skb = NULL;
+@@ -1124,6 +1126,7 @@ static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp, bool probe,
+ msg_set_probe(hdr, probe);
+ if (probe)
+ l->stats.sent_probes++;
++ msg_set_is_keepalive(hdr, probe || probe_reply);
+ l->stats.sent_states++;
+ l->rcv_unacked = 0;
+ } else {
+@@ -1224,6 +1227,7 @@ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb,
+ u16 peers_prio = msg_linkprio(hdr);
+ u16 rcv_nxt = l->rcv_nxt;
+ int mtyp = msg_type(hdr);
++ bool reply = msg_probe(hdr);
+ char *if_name;
+ int rc = 0;
+
+@@ -1296,9 +1300,9 @@ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb,
+ /* Send NACK if peer has sent pkts we haven't received yet */
+ if (more(peers_snd_nxt, rcv_nxt) && !tipc_link_is_synching(l))
+ rcvgap = peers_snd_nxt - l->rcv_nxt;
+- if (rcvgap || (msg_probe(hdr)))
+- tipc_link_build_proto_msg(l, STATE_MSG, 0, rcvgap,
+- 0, 0, xmitq);
++ if (rcvgap || reply)
++ tipc_link_build_proto_msg(l, STATE_MSG, 0, reply,
++ rcvgap, 0, 0, xmitq);
+ tipc_link_release_pkts(l, ack);
+
+ /* If NACK, retransmit will now start at right position */
+@@ -1667,14 +1671,14 @@ int tipc_nl_link_set(struct sk_buff *skb, struct genl_info *info)
+
+ tol = nla_get_u32(props[TIPC_NLA_PROP_TOL]);
+ link->tolerance = tol;
+- tipc_link_build_proto_msg(link, STATE_MSG, 0, 0, tol, 0, &xmitq);
++ tipc_link_build_proto_msg(link, STATE_MSG, 0, 0, tol, 0, 0, &xmitq);
+ }
+ if (props[TIPC_NLA_PROP_PRIO]) {
+ u32 prio;
+
+ prio = nla_get_u32(props[TIPC_NLA_PROP_PRIO]);
+ link->priority = prio;
+- tipc_link_build_proto_msg(link, STATE_MSG, 0, 0, 0, prio, &xmitq);
++ tipc_link_build_proto_msg(link, STATE_MSG, 0, 0, 0, 0, prio, &xmitq);
+ }
+ if (props[TIPC_NLA_PROP_WIN]) {
+ u32 win;
+diff --git a/net/tipc/msg.h b/net/tipc/msg.h
+index 55778a0aebf3..b22cf8628eb4 100644
+--- a/net/tipc/msg.h
++++ b/net/tipc/msg.h
+@@ -226,6 +226,16 @@ static inline void msg_set_dest_droppable(struct tipc_msg *m, u32 d)
+ msg_set_bits(m, 0, 19, 1, d);
+ }
+
++static inline int msg_is_keepalive(struct tipc_msg *m)
++{
++ return msg_bits(m, 0, 19, 1);
++}
++
++static inline void msg_set_is_keepalive(struct tipc_msg *m, u32 d)
++{
++ msg_set_bits(m, 0, 19, 1, d);
++}
++
+ static inline int msg_src_droppable(struct tipc_msg *m)
+ {
+ return msg_bits(m, 0, 18, 1);
+--
+2.16.0
+
diff --git a/patches.fixes/x86-boot-Fix-early-command-line-parsing-when-matchin.patch b/patches.fixes/x86-boot-Fix-early-command-line-parsing-when-matchin.patch
new file mode 100644
index 0000000000..2bbd218c16
--- /dev/null
+++ b/patches.fixes/x86-boot-Fix-early-command-line-parsing-when-matchin.patch
@@ -0,0 +1,126 @@
+From: Dave Hansen <dave.hansen@linux.intel.com>
+Subject: [PATCH] x86/boot: Fix early command-line parsing when matching at end
+Git-commit: 02afeaae9843733a39cd9b11053748b2d1dc5ae7
+Patch-mainline: v4.6-rc1
+References: bsc#1068032
+
+[jkosina@suse.cz: Needed to reliably distinguish between 'nospec' and 'nospectre_v2']
+
+The x86 early command line parsing in cmdline_find_option_bool() is
+buggy. If it matches a specified 'option' all the way to the end of the
+command-line, it will consider it a match.
+
+For instance,
+
+ cmdline = "foo";
+ cmdline_find_option_bool(cmdline, "fool");
+
+will return 1. This is particularly annoying since we have actual FPU
+options like "noxsave" and "noxsaves" So, command-line "foo bar noxsave"
+will match *BOTH* a "noxsave" and "noxsaves". (This turns out not to be
+an actual problem because "noxsave" implies "noxsaves", but it's still
+confusing.)
+
+To fix this, we simplify the code and stop tracking 'len'. 'len'
+was trying to indicate either the NULL terminator *OR* the end of a
+non-NULL-terminated command line at 'COMMAND_LINE_SIZE'. But, each of the
+three states is *already* checking 'cmdline' for a NULL terminator.
+
+We _only_ need to check if we have overrun 'COMMAND_LINE_SIZE', and that
+we can do without keeping 'len' around.
+
+Also add some commends to clarify what is going on.
+
+Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: Andy Lutomirski <luto@amacapital.net>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: fenghua.yu@intel.com
+Cc: yu-cheng.yu@intel.com
+Link: http://lkml.kernel.org/r/20151222225238.9AEB560C@viggo.jf.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+---
+ arch/x86/lib/cmdline.c | 34 ++++++++++++++++++++++++----------
+ 1 file changed, 24 insertions(+), 10 deletions(-)
+
+diff --git a/arch/x86/lib/cmdline.c b/arch/x86/lib/cmdline.c
+index 422db000d727..49548bed2301 100644
+--- a/arch/x86/lib/cmdline.c
++++ b/arch/x86/lib/cmdline.c
+@@ -21,12 +21,14 @@ static inline int myisspace(u8 c)
+ * @option: option string to look for
+ *
+ * Returns the position of that @option (starts counting with 1)
+- * or 0 on not found.
++ * or 0 on not found. @option will only be found if it is found
++ * as an entire word in @cmdline. For instance, if @option="car"
++ * then a cmdline which contains "cart" will not match.
+ */
+ int cmdline_find_option_bool(const char *cmdline, const char *option)
+ {
+ char c;
+- int len, pos = 0, wstart = 0;
++ int pos = 0, wstart = 0;
+ const char *opptr = NULL;
+ enum {
+ st_wordstart = 0, /* Start of word/after whitespace */
+@@ -37,11 +39,14 @@ int cmdline_find_option_bool(const char *cmdline, const char *option)
+ if (!cmdline)
+ return -1; /* No command line */
+
+- len = min_t(int, strlen(cmdline), COMMAND_LINE_SIZE);
+- if (!len)
++ if (!strlen(cmdline))
+ return 0;
+
+- while (len--) {
++ /*
++ * This 'pos' check ensures we do not overrun
++ * a non-NULL-terminated 'cmdline'
++ */
++ while (pos < COMMAND_LINE_SIZE) {
+ c = *(char *)cmdline++;
+ pos++;
+
+@@ -58,17 +63,26 @@ int cmdline_find_option_bool(const char *cmdline, const char *option)
+ /* fall through */
+
+ case st_wordcmp:
+- if (!*opptr)
++ if (!*opptr) {
++ /*
++ * We matched all the way to the end of the
++ * option we were looking for. If the
++ * command-line has a space _or_ ends, then
++ * we matched!
++ */
+ if (!c || myisspace(c))
+ return wstart;
+ else
+ state = st_wordskip;
+- else if (!c)
++ } else if (!c) {
++ /*
++ * Hit the NULL terminator on the end of
++ * cmdline.
++ */
+ return 0;
+- else if (c != *opptr++)
++ } else if (c != *opptr++) {
+ state = st_wordskip;
+- else if (!len) /* last word and is matching */
+- return wstart;
++ }
+ break;
+
+ case st_wordskip:
+--
+2.12.3
+
diff --git a/patches.fixes/xfs-reinit-btree-pointer-on-attr-tree-inactivation-walk.patch b/patches.fixes/xfs-reinit-btree-pointer-on-attr-tree-inactivation-walk.patch
new file mode 100644
index 0000000000..81c3407dc9
--- /dev/null
+++ b/patches.fixes/xfs-reinit-btree-pointer-on-attr-tree-inactivation-walk.patch
@@ -0,0 +1,54 @@
+From: Brian Foster <bfoster@redhat.com>
+Date: Mon, 9 Oct 2017 11:38:56 -0700
+Subject: xfs: reinit btree pointer on attr tree inactivation walk
+Git-commit: f35c5e10c6ed6ba52a8dd8573924a80b6a02f03f
+Patch-mainline: v4.14-rc5
+References: bsc#1078787
+
+xfs_attr3_root_inactive() walks the attr fork tree to invalidate the
+associated blocks. xfs_attr3_node_inactive() recursively descends
+from internal blocks to leaf blocks, caching block address values
+along the way to revisit parent blocks, locate the next entry and
+descend down that branch of the tree.
+
+The code that attempts to reread the parent block is unsafe because
+it assumes that the local xfs_da_node_entry pointer remains valid
+after an xfs_trans_brelse() and re-read of the parent buffer. Under
+heavy memory pressure, it is possible that the buffer has been
+reclaimed and reallocated by the time the parent block is reread.
+This means that 'btree' can point to an invalid memory address, lead
+to a random/garbage value for child_fsb and cause the subsequent
+read of the attr fork to go off the rails and return a NULL buffer
+for an attr fork offset that is most likely not allocated.
+
+Note that this problem can be manufactured by setting
+XFS_ATTR_BTREE_REF to 0 to prevent LRU caching of attr buffers,
+creating a file with a multi-level attr fork and removing it to
+trigger inactivation.
+
+To address this problem, reinit the node/btree pointers to the
+parent buffer after it has been re-read. This ensures btree points
+to a valid record and allows the walk to proceed.
+
+Signed-off-by: Brian Foster <bfoster@redhat.com>
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/xfs/xfs_attr_inactive.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/xfs/xfs_attr_inactive.c b/fs/xfs/xfs_attr_inactive.c
+index ebd66b19fbfc..e3a950ed35a8 100644
+--- a/fs/xfs/xfs_attr_inactive.c
++++ b/fs/xfs/xfs_attr_inactive.c
+@@ -302,6 +302,8 @@ xfs_attr3_node_inactive(
+ &bp, XFS_ATTR_FORK);
+ if (error)
+ return error;
++ node = bp->b_addr;
++ btree = dp->d_ops->node_tree_p(node);
+ child_fsb = be32_to_cpu(btree[i + 1].before);
+ xfs_trans_brelse(*trans, bp);
+ }
+
diff --git a/patches.fixes/xfs-validate-sb_logsunit-is-a-multiple-of-the-fs-blo.patch b/patches.fixes/xfs-validate-sb_logsunit-is-a-multiple-of-the-fs-blo.patch
new file mode 100644
index 0000000000..1207629043
--- /dev/null
+++ b/patches.fixes/xfs-validate-sb_logsunit-is-a-multiple-of-the-fs-blo.patch
@@ -0,0 +1,57 @@
+From 9c92ee208b1faa0ef2cc899b85fd0607b6fac7fe Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Wed, 25 Oct 2017 16:59:43 -0700
+Subject: [PATCH] xfs: validate sb_logsunit is a multiple of the fs blocksize
+Git-commit: 9c92ee208b1faa0ef2cc899b85fd0607b6fac7fe
+Patch-mainline: v4.15
+References: bsc#1077513
+
+Make sure the log stripe unit is sane before proceeding with mounting.
+AFAICT this means that logsunit has to be 0, 1, or a multiple of the fs
+block size. Found this by setting the LSB of logsunit in xfs/350 and
+watching the system crash as soon as we try to write to the log.
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Reviewed-by: Brian Foster <bfoster@redhat.com>
+Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com>
+---
+ fs/xfs/xfs_log.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c
+index ab59e78a5d87..0c4c9ad3be70 100644
+--- a/fs/xfs/xfs_log.c
++++ b/fs/xfs/xfs_log.c
+@@ -608,6 +608,7 @@ xfs_log_mount(
+ xfs_daddr_t blk_offset,
+ int num_bblks)
+ {
++ bool fatal = xfs_sb_version_hascrc(&mp->m_sb);
+ int error = 0;
+ int min_logfsbs;
+
+@@ -659,9 +660,20 @@ xfs_log_mount(
+ XFS_FSB_TO_B(mp, mp->m_sb.sb_logblocks),
+ XFS_MAX_LOG_BYTES);
+ error = -EINVAL;
++ } else if (mp->m_sb.sb_logsunit > 1 &&
++ mp->m_sb.sb_logsunit % mp->m_sb.sb_blocksize) {
++ xfs_warn(mp,
++ "log stripe unit %u bytes must be a multiple of block size",
++ mp->m_sb.sb_logsunit);
++ error = -EINVAL;
++ fatal = true;
+ }
+ if (error) {
+- if (xfs_sb_version_hascrc(&mp->m_sb)) {
++ /*
++ * Log check errors are always fatal on v5; or whenever bad
++ * metadata leads to a crash.
++ */
++ if (fatal) {
+ xfs_crit(mp, "AAIEEE! Log failed size checks. Abort!");
+ ASSERT(0);
+ goto out_free_log;
+--
+2.15.0
+
diff --git a/patches.kabi/kabi-KVM-s390-wire-up-bpb-feature.patch b/patches.kabi/kabi-KVM-s390-wire-up-bpb-feature.patch
new file mode 100644
index 0000000000..46d28401c4
--- /dev/null
+++ b/patches.kabi/kabi-KVM-s390-wire-up-bpb-feature.patch
@@ -0,0 +1,57 @@
+From de50be6dde3be057e213679fdc33c0b05090c609 Mon Sep 17 00:00:00 2001
+From: Liang Yan <lyan@suse.com>
+Date: Fri, 26 Jan 2018 16:22:46 -0500
+Subject: [PATCH] Kabi: Keep KVM stable after enable s390 wire up bpb feature
+Patch-mainline: no, kabi patches are downstream
+References: bsc#1076805
+
+The patch "patches.arch/KVM-s390-wire-up-bpb-feature.patch"
+changed two structs, however both structs are only extended,
+either a previously reserved fields is now being used
+or a new field is added at the end. The overall size of the
+structure does not change (the sie_block stays at 512
+and the sync_regs is only used as part of the kvm_run structure
+which also stays the same. So include __GENKSYMS__ to hide it from
+the kABI checker.
+
+Signed-off-by: Liang Yan <lyan@suse.com>
+---
+ arch/s390/include/asm/kvm_host.h | 6 +++++-
+ arch/s390/include/uapi/asm/kvm.h | 2 ++
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
+index 76737b6adbbd..64a7c12e16a1 100644
+--- a/arch/s390/include/asm/kvm_host.h
++++ b/arch/s390/include/asm/kvm_host.h
+@@ -136,8 +136,12 @@ struct kvm_s390_sie_block {
+ __u16 ipa; /* 0x0056 */
+ __u32 ipb; /* 0x0058 */
+ __u32 scaoh; /* 0x005c */
+-#define FPF_BPBC 0x20
++#ifdef __GENKSYMS__
++ __u8 reserved60; /* 0x0060 */
++#else
++#define FPF_BPBC 0x20
+ __u8 fpf; /* 0x0060 */
++#endif
+ __u8 ecb; /* 0x0061 */
+ __u8 ecb2; /* 0x0062 */
+ #define ECB3_AES 0x04
+diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h
+index 60f92c0761ce..cff397553996 100644
+--- a/arch/s390/include/uapi/asm/kvm.h
++++ b/arch/s390/include/uapi/asm/kvm.h
+@@ -169,7 +169,9 @@ struct kvm_sync_regs {
+ __u64 vrs[32][2]; /* vector registers */
+ __u8 reserved[512]; /* for future vector expansion */
+ __u32 fpc; /* only valid with vector registers */
++#ifndef __GENKSYMS__
+ __u8 bpbc : 1; /* bp mode */
++#endif
+ };
+
+ #define KVM_REG_S390_TODPR (KVM_REG_S390 | KVM_REG_SIZE_U32 | 0x1)
+--
+2.16.1
+
diff --git a/patches.kabi/kabi-protect-struct-bpf_map.patch b/patches.kabi/kabi-protect-struct-bpf_map.patch
index a84131e5ac..55931b2de1 100644
--- a/patches.kabi/kabi-protect-struct-bpf_map.patch
+++ b/patches.kabi/kabi-protect-struct-bpf_map.patch
@@ -3,8 +3,10 @@ Subject: kABI: protect struct bpf_map
Patch-mainline: never, kabi
References: kabi
-In patches.suse/bpf-prevent-out-of-bounds-speculation.patch, we added
-one bool to struct bpf_map. It indeed made the kABI checker to complain.
+In 4.4.112, commit 9a7fad4c0e215fb1c256fee27c45f9f8bc4364c5 (bpf:
+prevent out-of-bounds speculation), upstream commit
+b2157399cc9898260d6031c5bfe45fe137c1fbe7 added one bool to struct
+bpf_map. It indeed made the kABI checker to complain.
Given this is only bpf-internal structure (bpf_register_map_type is not
exported), let's ignore this change and hide it from the kABI checker.
diff --git a/patches.kabi/kabi-protect-struct-usbip_device.patch b/patches.kabi/kabi-protect-struct-usbip_device.patch
new file mode 100644
index 0000000000..c8795d6758
--- /dev/null
+++ b/patches.kabi/kabi-protect-struct-usbip_device.patch
@@ -0,0 +1,30 @@
+From: Jiri Slaby <jslaby@suse.cz>
+Subject: kABI: protect struct usbip_device
+Patch-mainline: never, kabi
+References: kabi
+
+In 4.4.114, commit 28f467e0bdda754aa36390fd90b01823f0d3b18d (usbip:
+prevent vhci_hcd driver from leaking a socket pointer address), upstream
+commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 added an int to struct
+usbip_device. It indeed made the kABI checker to complain.
+
+Given the structure is internal to usbip, let's ignore this change and
+hide it from the kABI checker.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/usb/usbip/usbip_common.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/usbip/usbip_common.h
++++ b/drivers/usb/usbip/usbip_common.h
+@@ -261,7 +261,9 @@ struct usbip_device {
+ /* lock for status */
+ spinlock_t lock;
+
++#ifndef __GENKSYMS__
+ int sockfd;
++#endif
+ struct socket *tcp_socket;
+
+ struct task_struct *tcp_rx;
diff --git a/patches.kabi/partially-revert-tipc-improve-link-resiliency-when-r.patch b/patches.kabi/partially-revert-tipc-improve-link-resiliency-when-r.patch
new file mode 100644
index 0000000000..800cd99438
--- /dev/null
+++ b/patches.kabi/partially-revert-tipc-improve-link-resiliency-when-r.patch
@@ -0,0 +1,112 @@
+From: Jiri Wiesner <jwiesner@suse.com>
+Date: Mon, 20 Nov 2017 16:32:30 +0100
+Subject: partially revert tipc improve link resiliency when rps is activated
+Patch-mainline: Never, kabi workaround
+References: bsc#1068038
+
+Mainline commit 8d6e79d3ce13 ("tipc: improve link resiliency when rps is
+activated") renames some symbols which are part of kABI. As these changes
+are not actually needed, revert them and keep only important parts of the
+commit in SLE12-SP2 backport.
+
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+---
+ include/net/flow_dissector.h | 12 ++++++------
+ net/core/flow_dissector.c | 20 ++++++++++----------
+ 2 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
+index c1c50f71c2c8..2b50f19fe9f0 100644
+--- a/include/net/flow_dissector.h
++++ b/include/net/flow_dissector.h
+@@ -68,11 +68,11 @@ struct flow_dissector_key_ipv6_addrs {
+ };
+
+ /**
+- * struct flow_dissector_key_tipc:
+- * @key: source node address combined with selector
++ * struct flow_dissector_key_tipc_addrs:
++ * @srcnode: source node address combined with selector
+ */
+-struct flow_dissector_key_tipc {
+- __be32 key;
++struct flow_dissector_key_tipc_addrs {
++ __be32 srcnode;
+ };
+
+ /**
+@@ -84,7 +84,7 @@ struct flow_dissector_key_addrs {
+ union {
+ struct flow_dissector_key_ipv4_addrs v4addrs;
+ struct flow_dissector_key_ipv6_addrs v6addrs;
+- struct flow_dissector_key_tipc tipckey;
++ struct flow_dissector_key_tipc_addrs tipcaddrs;
+ };
+ };
+
+@@ -123,7 +123,7 @@ enum flow_dissector_key_id {
+ FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
+ FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
+ FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
+- FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
++ FLOW_DISSECTOR_KEY_TIPC_ADDRS, /* struct flow_dissector_key_tipc_addrs */
+ FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_flow_vlan */
+ FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_flow_tags */
+ FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
+index 75e67a8d6b6b..6b21cae0c7ea 100644
+--- a/net/core/flow_dissector.c
++++ b/net/core/flow_dissector.c
+@@ -312,12 +312,12 @@ ipv6:
+ goto out_bad;
+
+ if (dissector_uses_key(flow_dissector,
+- FLOW_DISSECTOR_KEY_TIPC)) {
++ FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
+ key_addrs = skb_flow_dissector_target(flow_dissector,
+- FLOW_DISSECTOR_KEY_TIPC,
++ FLOW_DISSECTOR_KEY_TIPC_ADDRS,
+ target_container);
+- key_addrs->tipckey.key = tipc_hdr_rps_key(hdr);
+- key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC;
++ key_addrs->tipcaddrs.srcnode = tipc_hdr_rps_key(hdr);
++ key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
+ }
+ goto out_good;
+ }
+@@ -550,8 +550,8 @@ static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
+ case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
+ diff -= sizeof(flow->addrs.v6addrs);
+ break;
+- case FLOW_DISSECTOR_KEY_TIPC:
+- diff -= sizeof(flow->addrs.tipckey);
++ case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
++ diff -= sizeof(flow->addrs.tipcaddrs);
+ break;
+ }
+ return (sizeof(*flow) - diff) / sizeof(u32);
+@@ -565,8 +565,8 @@ __be32 flow_get_u32_src(const struct flow_keys *flow)
+ case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
+ return (__force __be32)ipv6_addr_hash(
+ &flow->addrs.v6addrs.src);
+- case FLOW_DISSECTOR_KEY_TIPC:
+- return flow->addrs.tipckey.key;
++ case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
++ return flow->addrs.tipcaddrs.srcnode;
+ default:
+ return 0;
+ }
+@@ -885,8 +885,8 @@ static const struct flow_dissector_key flow_keys_dissector_keys[] = {
+ .offset = offsetof(struct flow_keys, addrs.v6addrs),
+ },
+ {
+- .key_id = FLOW_DISSECTOR_KEY_TIPC,
+- .offset = offsetof(struct flow_keys, addrs.tipckey),
++ .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
++ .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
+ },
+ {
+ .key_id = FLOW_DISSECTOR_KEY_PORTS,
+--
+2.16.0
+
diff --git a/patches.kabi/revert-sched-deadline-Use-the-revised-wakeup-rule-fo.patch b/patches.kabi/revert-sched-deadline-Use-the-revised-wakeup-rule-fo.patch
new file mode 100644
index 0000000000..bf57bcfca8
--- /dev/null
+++ b/patches.kabi/revert-sched-deadline-Use-the-revised-wakeup-rule-fo.patch
@@ -0,0 +1,185 @@
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Thu, 1 Feb 2018 10:07:43 +0100
+Subject: Revert "sched/deadline: Use the revised wakeup rule for suspending
+ constrained dl tasks"
+Patch-mainline: never, kabi
+References: kabi
+
+This reverts commit 1d00e3d9b7ed8fbf6729b7c5a8aae9f2711d2655, upstream
+commit 3effcb4247e74a51f5d8b775a1ee4abf87cc089a. It added "u64
+dl_density" into struct sched_dl_entity which is embedded in struct
+task_struct. This obviously broke kABI and I see no way out.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ include/linux/sched.h | 1 -
+ kernel/sched/core.c | 2 -
+ kernel/sched/deadline.c | 98 ++++++-------------------------------------------
+ 3 files changed, 12 insertions(+), 89 deletions(-)
+
+diff --git a/include/linux/sched.h b/include/linux/sched.h
+index 90bea398e5e0..e887c8d6f395 100644
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1313,7 +1313,6 @@ struct sched_dl_entity {
+ u64 dl_deadline; /* relative deadline of each instance */
+ u64 dl_period; /* separation of two instances (period) */
+ u64 dl_bw; /* dl_runtime / dl_deadline */
+- u64 dl_density; /* dl_runtime / dl_deadline */
+
+ /*
+ * Actual scheduling parameters. Initialized with the values above,
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index e6d1173a2046..9d6b3d869592 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -2109,7 +2109,6 @@ void __dl_clear_params(struct task_struct *p)
+ dl_se->dl_period = 0;
+ dl_se->flags = 0;
+ dl_se->dl_bw = 0;
+- dl_se->dl_density = 0;
+
+ dl_se->dl_throttled = 0;
+ dl_se->dl_new = 1;
+@@ -3648,7 +3647,6 @@ __setparam_dl(struct task_struct *p, const struct sched_attr *attr)
+ dl_se->dl_period = attr->sched_period ?: dl_se->dl_deadline;
+ dl_se->flags = attr->sched_flags;
+ dl_se->dl_bw = to_ratio(dl_se->dl_period, dl_se->dl_runtime);
+- dl_se->dl_density = to_ratio(dl_se->dl_deadline, dl_se->dl_runtime);
+
+ /*
+ * Changing the parameters of a task is 'tricky' and we're not doing
+diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
+index e12b0a4df891..6be2afd9bfd6 100644
+--- a/kernel/sched/deadline.c
++++ b/kernel/sched/deadline.c
+@@ -480,84 +480,13 @@ static bool dl_entity_overflow(struct sched_dl_entity *dl_se,
+ }
+
+ /*
+- * Revised wakeup rule [1]: For self-suspending tasks, rather then
+- * re-initializing task's runtime and deadline, the revised wakeup
+- * rule adjusts the task's runtime to avoid the task to overrun its
+- * density.
++ * When a -deadline entity is queued back on the runqueue, its runtime and
++ * deadline might need updating.
+ *
+- * Reasoning: a task may overrun the density if:
+- * runtime / (deadline - t) > dl_runtime / dl_deadline
+- *
+- * Therefore, runtime can be adjusted to:
+- * runtime = (dl_runtime / dl_deadline) * (deadline - t)
+- *
+- * In such way that runtime will be equal to the maximum density
+- * the task can use without breaking any rule.
+- *
+- * [1] Luca Abeni, Giuseppe Lipari, and Juri Lelli. 2015. Constant
+- * bandwidth server revisited. SIGBED Rev. 11, 4 (January 2015), 19-24.
+- */
+-static void
+-update_dl_revised_wakeup(struct sched_dl_entity *dl_se, struct rq *rq)
+-{
+- u64 laxity = dl_se->deadline - rq_clock(rq);
+-
+- /*
+- * If the task has deadline < period, and the deadline is in the past,
+- * it should already be throttled before this check.
+- *
+- * See update_dl_entity() comments for further details.
+- */
+- WARN_ON(dl_time_before(dl_se->deadline, rq_clock(rq)));
+-
+- dl_se->runtime = (dl_se->dl_density * laxity) >> 20;
+-}
+-
+-/*
+- * Regarding the deadline, a task with implicit deadline has a relative
+- * deadline == relative period. A task with constrained deadline has a
+- * relative deadline <= relative period.
+- *
+- * We support constrained deadline tasks. However, there are some restrictions
+- * applied only for tasks which do not have an implicit deadline. See
+- * update_dl_entity() to know more about such restrictions.
+- *
+- * The dl_is_implicit() returns true if the task has an implicit deadline.
+- */
+-static inline bool dl_is_implicit(struct sched_dl_entity *dl_se)
+-{
+- return dl_se->dl_deadline == dl_se->dl_period;
+-}
+-
+-/*
+- * When a deadline entity is placed in the runqueue, its runtime and deadline
+- * might need to be updated. This is done by a CBS wake up rule. There are two
+- * different rules: 1) the original CBS; and 2) the Revisited CBS.
+- *
+- * When the task is starting a new period, the Original CBS is used. In this
+- * case, the runtime is replenished and a new absolute deadline is set.
+- *
+- * When a task is queued before the begin of the next period, using the
+- * remaining runtime and deadline could make the entity to overflow, see
+- * dl_entity_overflow() to find more about runtime overflow. When such case
+- * is detected, the runtime and deadline need to be updated.
+- *
+- * If the task has an implicit deadline, i.e., deadline == period, the Original
+- * CBS is applied. the runtime is replenished and a new absolute deadline is
+- * set, as in the previous cases.
+- *
+- * However, the Original CBS does not work properly for tasks with
+- * deadline < period, which are said to have a constrained deadline. By
+- * applying the Original CBS, a constrained deadline task would be able to run
+- * runtime/deadline in a period. With deadline < period, the task would
+- * overrun the runtime/period allowed bandwidth, breaking the admission test.
+- *
+- * In order to prevent this misbehave, the Revisited CBS is used for
+- * constrained deadline tasks when a runtime overflow is detected. In the
+- * Revisited CBS, rather than replenishing & setting a new absolute deadline,
+- * the remaining runtime of the task is reduced to avoid runtime overflow.
+- * Please refer to the comments update_dl_revised_wakeup() function to find
+- * more about the Revised CBS rule.
++ * The policy here is that we update the deadline of the entity only if:
++ * - the current deadline is in the past,
++ * - using the remaining runtime with the current deadline would make
++ * the entity exceed its bandwidth.
+ */
+ static void update_dl_entity(struct sched_dl_entity *dl_se,
+ struct sched_dl_entity *pi_se)
+@@ -576,14 +505,6 @@ static void update_dl_entity(struct sched_dl_entity *dl_se,
+
+ if (dl_time_before(dl_se->deadline, rq_clock(rq)) ||
+ dl_entity_overflow(dl_se, pi_se, rq_clock(rq))) {
+-
+- if (unlikely(!dl_is_implicit(dl_se) &&
+- !dl_time_before(dl_se->deadline, rq_clock(rq)) &&
+- !dl_se->dl_boosted)){
+- update_dl_revised_wakeup(dl_se, rq);
+- return;
+- }
+-
+ dl_se->deadline = rq_clock(rq) + pi_se->dl_deadline;
+ dl_se->runtime = pi_se->dl_runtime;
+ }
+@@ -1070,6 +991,11 @@ static void dequeue_dl_entity(struct sched_dl_entity *dl_se)
+ __dequeue_dl_entity(dl_se);
+ }
+
++static inline bool dl_is_constrained(struct sched_dl_entity *dl_se)
++{
++ return dl_se->dl_deadline < dl_se->dl_period;
++}
++
+ static void enqueue_task_dl(struct rq *rq, struct task_struct *p, int flags)
+ {
+ struct task_struct *pi_task = rt_mutex_get_top_task(p);
+@@ -1101,7 +1027,7 @@ static void enqueue_task_dl(struct rq *rq, struct task_struct *p, int flags)
+ * If that is the case, the task will be throttled and
+ * the replenishment timer will be set to the next period.
+ */
+- if (!p->dl.dl_throttled && !dl_is_implicit(&p->dl))
++ if (!p->dl.dl_throttled && dl_is_constrained(&p->dl))
+ dl_check_constrained_dl(&p->dl);
+
+ /*
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.113-001-gcov-disable-for-COMPILE_TEST.patch b/patches.kernel.org/4.4.113-001-gcov-disable-for-COMPILE_TEST.patch
new file mode 100644
index 0000000000..506a51139a
--- /dev/null
+++ b/patches.kernel.org/4.4.113-001-gcov-disable-for-COMPILE_TEST.patch
@@ -0,0 +1,45 @@
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 25 Apr 2016 17:35:29 +0200
+Subject: [PATCH] gcov: disable for COMPILE_TEST
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: cc622420798c4bcf093785d872525087a7798db9
+
+commit cc622420798c4bcf093785d872525087a7798db9 upstream.
+
+Enabling gcov is counterproductive to compile testing: it significantly
+increases the kernel image size, compile time, and it produces lots
+of false positive "may be used uninitialized" warnings as the result
+of missed optimizations.
+
+This is in line with how UBSAN_SANITIZE_ALL and PROFILE_ALL_BRANCHES
+work, both of which have similar problems.
+
+With an ARM allmodconfig kernel, I see the build time drop from
+283 minutes CPU time to 225 minutes, and the vmlinux size drops
+from 43MB to 26MB.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
+Signed-off-by: Michal Marek <mmarek@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ kernel/gcov/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/kernel/gcov/Kconfig b/kernel/gcov/Kconfig
+index c92e44855ddd..1276aabaab55 100644
+--- a/kernel/gcov/Kconfig
++++ b/kernel/gcov/Kconfig
+@@ -37,6 +37,7 @@ config ARCH_HAS_GCOV_PROFILE_ALL
+
+ config GCOV_PROFILE_ALL
+ bool "Profile entire Kernel"
++ depends on !COMPILE_TEST
+ depends on GCOV_KERNEL
+ depends on ARCH_HAS_GCOV_PROFILE_ALL
+ default n
+--
+2.16.0
+
diff --git a/patches.suse/0001-x86-cpu-AMD-Make-LFENCE-a-serializing-instruction.patch b/patches.kernel.org/4.4.113-002-x86-cpu-AMD-Make-LFENCE-a-serializing-instruc.patch
index 962b0dc85b..e5c32d5475 100644
--- a/patches.suse/0001-x86-cpu-AMD-Make-LFENCE-a-serializing-instruction.patch
+++ b/patches.kernel.org/4.4.113-002-x86-cpu-AMD-Make-LFENCE-a-serializing-instruc.patch
@@ -1,9 +1,9 @@
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 8 Jan 2018 16:09:21 -0600
-Subject: x86/cpu/AMD: Make LFENCE a serializing instruction
+Subject: [PATCH] x86/cpu/AMD: Make LFENCE a serializing instruction
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 CVE-2017-5754 bnc#1012382 bsc#1068032
Git-commit: e4d0e84e490790798691aaa0f2e598637f1867ec
-Patch-mainline: v4.16
-References: bsc#1068032 CVE-2017-5715 CVE-2017-5754
commit e4d0e84e490790798691aaa0f2e598637f1867ec upstream.
@@ -35,7 +35,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2 files changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index 37db36fddc..f00dfff813 100644
+index 37db36fddc88..f00dfff81370 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -330,6 +330,8 @@
@@ -48,7 +48,7 @@ index 37db36fddc..f00dfff813 100644
/* K8 MSRs */
#define MSR_K8_TOP_MEM1 0xc001001a
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index e2defc7593..7f2e9c6ff2 100644
+index e2defc7593a4..7f2e9c6ff239 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -746,6 +746,16 @@ static void init_amd(struct cpuinfo_x86 *c)
@@ -69,5 +69,5 @@ index e2defc7593..7f2e9c6ff2 100644
set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
}
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0002-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to-MFENCE.patch b/patches.kernel.org/4.4.113-003-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to.patch
index 49410e6c73..ba6890a2b0 100644
--- a/patches.suse/0002-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to-MFENCE.patch
+++ b/patches.kernel.org/4.4.113-003-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to.patch
@@ -1,9 +1,9 @@
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 8 Jan 2018 16:09:32 -0600
-Subject: x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
+Subject: [PATCH] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 CVE-2017-5754 bnc#1012382 bsc#1068032
Git-commit: 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f
-Patch-mainline: v4.16
-References: bsc#1068032 CVE-2017-5715 CVE-2017-5754
commit 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f upstream.
@@ -36,7 +36,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index f00dfff813..b8911aecf0 100644
+index f00dfff81370..b8911aecf035 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -332,6 +332,7 @@
@@ -48,7 +48,7 @@ index f00dfff813..b8911aecf0 100644
/* K8 MSRs */
#define MSR_K8_TOP_MEM1 0xc001001a
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 7f2e9c6ff2..4bf9e77f3e 100644
+index 7f2e9c6ff239..4bf9e77f3e05 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -746,6 +746,9 @@ static void init_amd(struct cpuinfo_x86 *c)
@@ -84,5 +84,5 @@ index 7f2e9c6ff2..4bf9e77f3e 100644
/*
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0003-x86-mm-32-Move-setup_clear_cpu_cap-X86_FEATURE_PCID-.patch b/patches.kernel.org/4.4.113-004-x86-mm-32-Move-setup_clear_cpu_cap-X86_FEATUR.patch
index c7f05322bd..ea7c95c574 100644
--- a/patches.suse/0003-x86-mm-32-Move-setup_clear_cpu_cap-X86_FEATURE_PCID-.patch
+++ b/patches.kernel.org/4.4.113-004-x86-mm-32-Move-setup_clear_cpu_cap-X86_FEATUR.patch
@@ -1,9 +1,9 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Sun, 17 Sep 2017 09:03:50 -0700
-Subject: x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
+Subject: [PATCH] x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: b8b7abaed7a49b350f8ba659ddc264b04931d581
-Patch-mainline: v4.14-rc2
-References: bsc#1068032 CVE-2017-5715
commit b8b7abaed7a49b350f8ba659ddc264b04931d581 upstream.
@@ -28,7 +28,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index cd46f90391..cb6b4f9d0b 100644
+index cd46f9039119..cb6b4f9d0b7a 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -22,14 +22,6 @@
@@ -47,7 +47,7 @@ index cd46f90391..cb6b4f9d0b 100644
if (!IS_ENABLED(CONFIG_SMP)) {
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index dc4dfad66a..0531c1707b 100644
+index dc4dfad66a70..0531c1707b40 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -838,6 +838,14 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
@@ -66,5 +66,5 @@ index dc4dfad66a..0531c1707b 100644
void __init early_cpu_init(void)
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0004-x86-asm-Use-register-variable-to-get-stack-pointer-v.patch b/patches.kernel.org/4.4.113-005-x86-asm-Use-register-variable-to-get-stack-po.patch
index 5c66cd62b3..3dfb110460 100644
--- a/patches.suse/0004-x86-asm-Use-register-variable-to-get-stack-pointer-v.patch
+++ b/patches.kernel.org/4.4.113-005-x86-asm-Use-register-variable-to-get-stack-po.patch
@@ -1,9 +1,9 @@
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
Date: Fri, 29 Sep 2017 17:15:36 +0300
-Subject: x86/asm: Use register variable to get stack pointer value
+Subject: [PATCH] x86/asm: Use register variable to get stack pointer value
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 196bd485ee4f03ce4c690bfcf38138abfcd0a4bc
-Patch-mainline: v4.14-rc3
-References: bsc#1068032 CVE-2017-5715
commit 196bd485ee4f03ce4c690bfcf38138abfcd0a4bc upstream.
@@ -39,6 +39,7 @@ Signed-off-by: Ingo Molnar <mingo@kernel.org>
[dwmw2: We want ASM_CALL_CONSTRAINT for retpoline]
Signed-off-by: David Woodhouse <dwmw@amazon.co.ku>
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/include/asm/asm.h | 11 +++++++++++
@@ -48,7 +49,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
-index 189679aba7..b9c6c7a6f5 100644
+index 189679aba703..b9c6c7a6f5a6 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -105,4 +105,15 @@
@@ -68,7 +69,7 @@ index 189679aba7..b9c6c7a6f5 100644
+
#endif /* _ASM_X86_ASM_H */
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index c7b5510287..9b02820468 100644
+index c7b551028740..9b028204685d 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -166,17 +166,6 @@ static inline struct thread_info *current_thread_info(void)
@@ -90,7 +91,7 @@ index c7b5510287..9b02820468 100644
#ifdef CONFIG_X86_64
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
-index 38da8f29a9..647089c64d 100644
+index 38da8f29a9c8..647089c64d13 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -65,7 +65,7 @@ static void call_on_stack(void *func, void *stack)
@@ -121,7 +122,7 @@ index 38da8f29a9..647089c64d 100644
call_on_stack(__do_softirq, isp);
}
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 679302c312..22b81f35c5 100644
+index 679302c312f8..22b81f35c500 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -166,7 +166,7 @@ void ist_begin_non_atomic(struct pt_regs *regs)
@@ -134,5 +135,5 @@ index 679302c312..22b81f35c5 100644
preempt_enable_no_resched();
}
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0005-x86-kbuild-enable-modversions-for-symbols-exported-f.patch b/patches.kernel.org/4.4.113-006-x86-kbuild-enable-modversions-for-symbols-exp.patch
index 948401fd09..1be716ed35 100644
--- a/patches.suse/0005-x86-kbuild-enable-modversions-for-symbols-exported-f.patch
+++ b/patches.kernel.org/4.4.113-006-x86-kbuild-enable-modversions-for-symbols-exp.patch
@@ -1,9 +1,9 @@
From: Adam Borowski <kilobyte@angband.pl>
Date: Sun, 11 Dec 2016 02:09:18 +0100
-Subject: x86/kbuild: enable modversions for symbols exported from asm
+Subject: [PATCH] x86/kbuild: enable modversions for symbols exported from asm
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 334bb773876403eae3457d81be0b8ea70f8e4ccc
-Patch-mainline: v4.10-rc1
-References: bsc#1068032 CVE-2017-5715
commit 334bb773876403eae3457d81be0b8ea70f8e4ccc upstream.
@@ -24,10 +24,8 @@ Acked-by: Nicholas Piggin <npiggin@gmail.com>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Michal Marek <mmarek@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-(cherry picked from commit 705df55bd0cf3530cc7e2b517f77d14585d3d24f)
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/include/asm/asm-prototypes.h | 16 ++++++++++++++++
@@ -38,7 +36,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h
new file mode 100644
-index 0000000000..44b8762fa0
+index 000000000000..44b8762fa0c7
--- /dev/null
+++ b/arch/x86/include/asm/asm-prototypes.h
@@ -0,0 +1,16 @@
@@ -60,7 +58,7 @@ index 0000000000..44b8762fa0
+#endif
diff --git a/include/asm-generic/asm-prototypes.h b/include/asm-generic/asm-prototypes.h
new file mode 100644
-index 0000000000..df13637e40
+index 000000000000..df13637e4017
--- /dev/null
+++ b/include/asm-generic/asm-prototypes.h
@@ -0,0 +1,7 @@
@@ -72,5 +70,5 @@ index 0000000000..df13637e40
+extern void *memcpy(void *, const void *, __kernel_size_t);
+extern void *memmove(void *, const void *, __kernel_size_t);
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0006-x86-asm-Make-asm-alternative.h-safe-from-assembly.patch b/patches.kernel.org/4.4.113-007-x86-asm-Make-asm-alternative.h-safe-from-asse.patch
index 384bb3bdd7..6f107e0999 100644
--- a/patches.suse/0006-x86-asm-Make-asm-alternative.h-safe-from-assembly.patch
+++ b/patches.kernel.org/4.4.113-007-x86-asm-Make-asm-alternative.h-safe-from-asse.patch
@@ -1,9 +1,11 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Tue, 26 Apr 2016 12:23:25 -0700
-Subject: x86/asm: Make asm/alternative.h safe from assembly
-Git-commit: f005f5d860e0231fe212cfda8c1a3148b99609f4 (partial)
-Patch-mainline: v4.7-rc1
-References: bsc#1068032 CVE-2017-5715
+Subject: [PATCH] x86/asm: Make asm/alternative.h safe from assembly
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: f005f5d860e0231fe212cfda8c1a3148b99609f4
+
+commit f005f5d860e0231fe212cfda8c1a3148b99609f4 upstream.
asm/alternative.h isn't directly useful from assembly, but it
shouldn't break the build.
@@ -19,15 +21,15 @@ Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/e5b693fcef99fe6e80341c9e97a002fb23871e91.1461698311.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
-(cherry picked from commit f005f5d860e0231fe212cfda8c1a3148b99609f4)
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/include/asm/alternative.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h
-index d1cf17173b..215ea92142 100644
+index d1cf17173b1b..215ea9214215 100644
--- a/arch/x86/include/asm/alternative.h
+++ b/arch/x86/include/asm/alternative.h
@@ -1,6 +1,8 @@
@@ -47,5 +49,5 @@ index d1cf17173b..215ea92142 100644
+
#endif /* _ASM_X86_ALTERNATIVE_H */
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0007-EXPORT_SYMBOL-for-asm.patch b/patches.kernel.org/4.4.113-008-EXPORT_SYMBOL-for-asm.patch
index 0ef80e6a05..63ebb571e8 100644
--- a/patches.suse/0007-EXPORT_SYMBOL-for-asm.patch
+++ b/patches.kernel.org/4.4.113-008-EXPORT_SYMBOL-for-asm.patch
@@ -1,9 +1,11 @@
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Mon, 11 Jan 2016 10:54:54 -0500
-Subject: EXPORT_SYMBOL() for asm
-Git-commit: 22823ab419d8ed884195cfa75483fd3a99bb1462 (partial)
-Patch-mainline: v4.9-rc1
-References: bsc#1068032 CVE-2017-5715
+Subject: [PATCH] EXPORT_SYMBOL() for asm
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 22823ab419d8ed884195cfa75483fd3a99bb1462
+
+commit 22823ab419d8ed884195cfa75483fd3a99bb1462 upstream.
Add asm-usable variants of EXPORT_SYMBOL/EXPORT_SYMBOL_GPL. This
commit just adds the default implementation; most of the architectures
@@ -55,8 +57,8 @@ right one needs to be used. Most of the exports are functions, so we
keep EXPORT_SYMBOL for those...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-(cherry picked from commit 22823ab419d8ed884195cfa75483fd3a99bb1462)
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
include/asm-generic/export.h | 94 ++++++++++++++++++++++++++++++++++++++++++++
@@ -65,7 +67,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
diff --git a/include/asm-generic/export.h b/include/asm-generic/export.h
new file mode 100644
-index 0000000000..43199a049d
+index 000000000000..43199a049da5
--- /dev/null
+++ b/include/asm-generic/export.h
@@ -0,0 +1,94 @@
@@ -164,5 +166,5 @@ index 0000000000..43199a049d
+
+#endif
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0008-kconfig.h-use-__is_defined-to-check-if-MODULE-is-def.patch b/patches.kernel.org/4.4.113-009-kconfig.h-use-__is_defined-to-check-if-MODULE.patch
index ba566a09d7..62cfd73fa8 100644
--- a/patches.suse/0008-kconfig.h-use-__is_defined-to-check-if-MODULE-is-def.patch
+++ b/patches.kernel.org/4.4.113-009-kconfig.h-use-__is_defined-to-check-if-MODULE.patch
@@ -1,9 +1,11 @@
From: Masahiro Yamada <yamada.masahiro@socionext.com>
Date: Tue, 14 Jun 2016 14:58:54 +0900
-Subject: kconfig.h: use __is_defined() to check if MODULE is defined
-Git-commit: 4f920843d248946545415c1bf6120942048708ed (partial)
-Patch-mainline: v4.8-rc1
-References: bsc#1068032 CVE-2017-5715
+Subject: [PATCH] kconfig.h: use __is_defined() to check if MODULE is defined
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 4f920843d248946545415c1bf6120942048708ed
+
+commit 4f920843d248946545415c1bf6120942048708ed upstream.
The macro MODULE is not a config option, it is a per-file build
option. So, config_enabled(MODULE) is not sensible. (There is
@@ -19,15 +21,15 @@ some places, but I expect it would be deprecated in the future.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
-(cherry picked from commit 4f920843d248946545415c1bf6120942048708ed)
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
include/linux/kconfig.h | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/include/linux/kconfig.h b/include/linux/kconfig.h
-index b33c7797eb..a94b5bf57f 100644
+index b33c7797eb57..a94b5bf57f51 100644
--- a/include/linux/kconfig.h
+++ b/include/linux/kconfig.h
@@ -17,10 +17,11 @@
@@ -56,5 +58,5 @@ index b33c7797eb..a94b5bf57f 100644
/*
* IS_ENABLED(CONFIG_FOO) evaluates to 1 if CONFIG_FOO is set to 'y' or 'm',
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0009-x86-retpoline-Add-initial-retpoline-support.patch b/patches.kernel.org/4.4.113-010-x86-retpoline-Add-initial-retpoline-support.patch
index 0ef80cb19c..d7c9528279 100644
--- a/patches.suse/0009-x86-retpoline-Add-initial-retpoline-support.patch
+++ b/patches.kernel.org/4.4.113-010-x86-retpoline-Add-initial-retpoline-support.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:25 +0000
-Subject: x86/retpoline: Add initial retpoline support
+Subject: [PATCH] x86/retpoline: Add initial retpoline support
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 76b043848fd22dbf7f8bf3a1452f8c70d557b860
-Patch-mainline: 4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 76b043848fd22dbf7f8bf3a1452f8c70d557b860 upstream.
@@ -50,11 +50,9 @@ Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-4.4 backport: removed objtool annotation since there is no objtool
-
+[ 4.4 backport: removed objtool annotation since there is no objtool ]
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/Kconfig | 13 +++++
@@ -70,7 +68,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
create mode 100644 arch/x86/lib/retpoline.S
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 0ef2cdd116..75d0053b49 100644
+index 0ef2cdd11616..75d0053b495a 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -379,6 +379,19 @@ config GOLDFISH
@@ -94,7 +92,7 @@ index 0ef2cdd116..75d0053b49 100644
config X86_EXTENDED_PLATFORM
bool "Support for extended (non-PC) x86 platforms"
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 4086abca0b..34fdac520e 100644
+index 4086abca0b32..34fdac520edb 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -189,6 +189,16 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
@@ -115,7 +113,7 @@ index 4086abca0b..34fdac520e 100644
$(Q)$(MAKE) $(build)=arch/x86/tools relocs
diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h
-index 44b8762fa0..b15aa4083d 100644
+index 44b8762fa0c7..b15aa4083dfd 100644
--- a/arch/x86/include/asm/asm-prototypes.h
+++ b/arch/x86/include/asm/asm-prototypes.h
@@ -10,7 +10,32 @@
@@ -152,7 +150,7 @@ index 44b8762fa0..b15aa4083d 100644
+INDIRECT_THUNK(sp)
+#endif /* CONFIG_RETPOLINE */
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index 142028afd0..0fbc985680 100644
+index 142028afd049..0fbc98568018 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -200,6 +200,8 @@
@@ -166,7 +164,7 @@ index 142028afd0..0fbc985680 100644
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
new file mode 100644
-index 0000000000..5763548fb3
+index 000000000000..5763548fb30b
--- /dev/null
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -0,0 +1,106 @@
@@ -277,7 +275,7 @@ index 0000000000..5763548fb3
+#endif /* __ASSEMBLY__ */
+#endif /* __NOSPEC_BRANCH_H__ */
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 0531c1707b..5b3a6e888b 100644
+index 0531c1707b40..5b3a6e888bc5 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -837,6 +837,10 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
@@ -292,7 +290,7 @@ index 0531c1707b..5b3a6e888b 100644
#ifdef CONFIG_X86_32
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
-index f2587888d9..12a34d15b6 100644
+index f2587888d987..12a34d15b648 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -21,6 +21,7 @@ lib-y += usercopy_$(BITS).o usercopy.o getuser.o putuser.o
@@ -305,7 +303,7 @@ index f2587888d9..12a34d15b6 100644
diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S
new file mode 100644
-index 0000000000..019a03599b
+index 000000000000..019a03599bb0
--- /dev/null
+++ b/arch/x86/lib/retpoline.S
@@ -0,0 +1,48 @@
@@ -358,5 +356,5 @@ index 0000000000..019a03599b
+GENERATE_THUNK(r15)
+#endif
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0010-x86-spectre-Add-boot-time-option-to-select-Spectre-v.patch b/patches.kernel.org/4.4.113-011-x86-spectre-Add-boot-time-option-to-select-Sp.patch
index 2b7641f34a..2759473a0a 100644
--- a/patches.suse/0010-x86-spectre-Add-boot-time-option-to-select-Spectre-v.patch
+++ b/patches.kernel.org/4.4.113-011-x86-spectre-Add-boot-time-option-to-select-Sp.patch
@@ -1,9 +1,10 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:26 +0000
-Subject: x86/spectre: Add boot time option to select Spectre v2 mitigation
+Subject: [PATCH] x86/spectre: Add boot time option to select Spectre v2
+ mitigation
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: da285121560e769cc31797bba6422eea71d473e0
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit da285121560e769cc31797bba6422eea71d473e0 upstream.
@@ -48,7 +49,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
4 files changed, 195 insertions(+), 5 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 39280b72f2..22a4688dc0 100644
+index 39280b72f27a..22a4688dc0c8 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2452,6 +2452,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -94,7 +95,7 @@ index 39280b72f2..22a4688dc0 100644
spia_fio_base=
spia_pedr=
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
-index 5763548fb3..fe48aeee79 100644
+index 5763548fb30b..fe48aeee79d1 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -102,5 +102,15 @@
@@ -114,7 +115,7 @@ index 5763548fb3..fe48aeee79 100644
#endif /* __ASSEMBLY__ */
#endif /* __NOSPEC_BRANCH_H__ */
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index cb6b4f9d0b..49d25ddf0e 100644
+index cb6b4f9d0b7a..49d25ddf0e9f 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -10,6 +10,9 @@
@@ -310,7 +311,7 @@ index cb6b4f9d0b..49d25ddf0e 100644
}
#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 5b3a6e888b..0531c1707b 100644
+index 5b3a6e888bc5..0531c1707b40 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -837,10 +837,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
@@ -325,5 +326,5 @@ index 5b3a6e888b..0531c1707b 100644
#ifdef CONFIG_X86_32
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0011-x86-retpoline-crypto-Convert-crypto-assembler-indire.patch b/patches.kernel.org/4.4.113-012-x86-retpoline-crypto-Convert-crypto-assembler.patch
index 8709f40369..451729353b 100644
--- a/patches.suse/0011-x86-retpoline-crypto-Convert-crypto-assembler-indire.patch
+++ b/patches.kernel.org/4.4.113-012-x86-retpoline-crypto-Convert-crypto-assembler.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:27 +0000
-Subject: x86/retpoline/crypto: Convert crypto assembler indirect jumps
+Subject: [PATCH] x86/retpoline/crypto: Convert crypto assembler indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 9697fa39efd3fc3692f2949d4045f393ec58450b
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 9697fa39efd3fc3692f2949d4045f393ec58450b upstream.
@@ -40,7 +40,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
4 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
-index 6bd2c6c953..3f93dedb5a 100644
+index 6bd2c6c95373..3f93dedb5a4d 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -31,6 +31,7 @@
@@ -70,7 +70,7 @@ index 6bd2c6c953..3f93dedb5a 100644
movdqu 0x40(OUTP), INC
pxor INC, STATE1
diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
-index ce71f92124..5881756f78 100644
+index ce71f9212409..5881756f78a2 100644
--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
@@ -16,6 +16,7 @@
@@ -91,7 +91,7 @@ index ce71f92124..5881756f78 100644
addq $(16 * 16), %rsp;
diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
-index 0e0b8863a3..0d45b04b49 100644
+index 0e0b8863a34b..0d45b04b490a 100644
--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
@@ -11,6 +11,7 @@
@@ -112,7 +112,7 @@ index 0e0b8863a3..0d45b04b49 100644
addq $(16 * 32), %rsp;
diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
-index 4fe27e0741..48767520cb 100644
+index 4fe27e074194..48767520cbe0 100644
--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
@@ -45,6 +45,7 @@
@@ -133,5 +133,5 @@ index 4fe27e0741..48767520cb 100644
################################################################
## 2a) PROCESS FULL BLOCKS:
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0012-x86-retpoline-entry-Convert-entry-assembler-indirect.patch b/patches.kernel.org/4.4.113-013-x86-retpoline-entry-Convert-entry-assembler-i.patch
index c312e2d3fd..9f8f47c6f2 100644
--- a/patches.suse/0012-x86-retpoline-entry-Convert-entry-assembler-indirect.patch
+++ b/patches.kernel.org/4.4.113-013-x86-retpoline-entry-Convert-entry-assembler-i.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:28 +0000
-Subject: x86/retpoline/entry: Convert entry assembler indirect jumps
+Subject: [PATCH] x86/retpoline/entry: Convert entry assembler indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 2641f08bb7fc63a636a2b18173221d7040a3512e
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 2641f08bb7fc63a636a2b18173221d7040a3512e upstream.
@@ -39,16 +39,16 @@ Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-7-git-send-email-dwmw@amazon.co.uk
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- arch/x86/entry/entry_32.S | 5 +++--
+ arch/x86/entry/entry_32.S | 6 ++++--
arch/x86/entry/entry_64.S | 14 +++++++++++++-
- 2 files changed, 16 insertions(+), 3 deletions(-)
+ 2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
-index ae678ad128..30b0a3071d 100644
+index ae678ad128a9..adbbd4f538e9 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -44,6 +44,7 @@
@@ -59,16 +59,17 @@ index ae678ad128..30b0a3071d 100644
.section .entry.text, "ax"
-@@ -226,7 +227,7 @@ ENTRY(ret_from_kernel_thread)
+@@ -226,7 +227,8 @@ ENTRY(ret_from_kernel_thread)
pushl $0x0202 # Reset kernel eflags
popfl
movl PT_EBP(%esp), %eax
- call *PT_EBX(%esp)
-+ CALL_NOSPEC PT_EBX(%esp)
++ movl PT_EBX(%esp), %edx
++ CALL_NOSPEC %edx
movl $0, PT_EAX(%esp)
/*
-@@ -938,7 +939,7 @@ error_code:
+@@ -938,7 +940,7 @@ error_code:
movl %ecx, %es
TRACE_IRQS_OFF
movl %esp, %eax # pt_regs pointer
@@ -78,7 +79,7 @@ index ae678ad128..30b0a3071d 100644
END(page_fault)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
-index 952b23b5d4..81b1cd5339 100644
+index 952b23b5d4e9..81b1cd533965 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -36,6 +36,7 @@
@@ -126,5 +127,5 @@ index 952b23b5d4..81b1cd5339 100644
RESTORE_EXTRA_REGS
jmp int_ret_from_sys_call
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0013-x86-retpoline-ftrace-Convert-ftrace-assembler-indire.patch b/patches.kernel.org/4.4.113-014-x86-retpoline-ftrace-Convert-ftrace-assembler.patch
index 0d1d8354c4..e3dbfb8c15 100644
--- a/patches.suse/0013-x86-retpoline-ftrace-Convert-ftrace-assembler-indire.patch
+++ b/patches.kernel.org/4.4.113-014-x86-retpoline-ftrace-Convert-ftrace-assembler.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:29 +0000
-Subject: x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
+Subject: [PATCH] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 9351803bd803cdbeb9b5a7850b7b6f464806e3db
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 9351803bd803cdbeb9b5a7850b7b6f464806e3db upstream.
@@ -30,8 +30,8 @@ Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-8-git-send-email-dwmw@amazon.co.uk
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/entry/entry_32.S | 5 +++--
@@ -39,10 +39,10 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
-index 30b0a3071d..0789e93218 100644
+index adbbd4f538e9..d437f3871e53 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
-@@ -862,7 +862,8 @@ trace:
+@@ -863,7 +863,8 @@ trace:
movl 0x4(%ebp), %edx
subl $MCOUNT_INSN_SIZE, %eax
@@ -52,7 +52,7 @@ index 30b0a3071d..0789e93218 100644
popl %edx
popl %ecx
-@@ -897,7 +898,7 @@ return_to_handler:
+@@ -898,7 +899,7 @@ return_to_handler:
movl %eax, %ecx
popl %edx
popl %eax
@@ -62,7 +62,7 @@ index 30b0a3071d..0789e93218 100644
#ifdef CONFIG_TRACING
diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S
-index 5d9afbcb60..09284cfab8 100644
+index 5d9afbcb6074..09284cfab86f 100644
--- a/arch/x86/kernel/mcount_64.S
+++ b/arch/x86/kernel/mcount_64.S
@@ -7,7 +7,7 @@
@@ -93,5 +93,5 @@ index 5d9afbcb60..09284cfab8 100644
+ JMP_NOSPEC %rdi
#endif
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0014-x86-retpoline-hyperv-Convert-assembler-indirect-jump.patch b/patches.kernel.org/4.4.113-015-x86-retpoline-hyperv-Convert-assembler-indire.patch
index 363391f5b7..0c487b97b4 100644
--- a/patches.suse/0014-x86-retpoline-hyperv-Convert-assembler-indirect-jump.patch
+++ b/patches.kernel.org/4.4.113-015-x86-retpoline-hyperv-Convert-assembler-indire.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:30 +0000
-Subject: x86/retpoline/hyperv: Convert assembler indirect jumps
+Subject: [PATCH] x86/retpoline/hyperv: Convert assembler indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: e70e5892b28c18f517f29ab6e83bd57705104b31
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit e70e5892b28c18f517f29ab6e83bd57705104b31 upstream.
@@ -29,7 +29,7 @@ Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-9-git-send-email-dwmw@amazon.co.uk
-[ backport to 4.9, hopefully correct, not tested... - gregkh ]
+[ backport to 4.4, hopefully correct, not tested... - gregkh ]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
@@ -37,7 +37,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 8ce1f2e229..d415a804fd 100644
+index 8ce1f2e22912..d415a804fd26 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -31,6 +31,7 @@
@@ -77,5 +77,5 @@ index 8ce1f2e229..d415a804fd 100644
return hv_status_lo | ((u64)hv_status_hi << 32);
#endif /* !x86_64 */
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0015-x86-retpoline-xen-Convert-Xen-hypercall-indirect-jum.patch b/patches.kernel.org/4.4.113-016-x86-retpoline-xen-Convert-Xen-hypercall-indir.patch
index 51cc1c94ae..ab78fb33cb 100644
--- a/patches.suse/0015-x86-retpoline-xen-Convert-Xen-hypercall-indirect-jum.patch
+++ b/patches.kernel.org/4.4.113-016-x86-retpoline-xen-Convert-Xen-hypercall-indir.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:31 +0000
-Subject: x86/retpoline/xen: Convert Xen hypercall indirect jumps
+Subject: [PATCH] x86/retpoline/xen: Convert Xen hypercall indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: ea08816d5b185ab3d09e95e393f265af54560350
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit ea08816d5b185ab3d09e95e393f265af54560350 upstream.
@@ -38,7 +38,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
-index 85133b2b8e..0977e76070 100644
+index 85133b2b8e99..0977e7607046 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -44,6 +44,7 @@
@@ -62,5 +62,5 @@ index 85133b2b8e..0977e76070 100644
clac();
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0016-x86-retpoline-checksum32-Convert-assembler-indirect-.patch b/patches.kernel.org/4.4.113-017-x86-retpoline-checksum32-Convert-assembler-in.patch
index 9e17cad3f8..f109bc2625 100644
--- a/patches.suse/0016-x86-retpoline-checksum32-Convert-assembler-indirect-.patch
+++ b/patches.kernel.org/4.4.113-017-x86-retpoline-checksum32-Convert-assembler-in.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:32 +0000
-Subject: x86/retpoline/checksum32: Convert assembler indirect jumps
+Subject: [PATCH] x86/retpoline/checksum32: Convert assembler indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 5096732f6f695001fa2d6f1335a2680b37912c69
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 5096732f6f695001fa2d6f1335a2680b37912c69 upstream.
@@ -36,7 +36,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S
-index c1e6232098..90353a26ed 100644
+index c1e623209853..90353a26ed95 100644
--- a/arch/x86/lib/checksum_32.S
+++ b/arch/x86/lib/checksum_32.S
@@ -28,7 +28,8 @@
@@ -68,5 +68,5 @@ index c1e6232098..90353a26ed 100644
addl $64,%edi
SRC(movb -32(%edx),%bl) ; SRC(movb (%edx),%bl)
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0017-x86-retpoline-irq32-Convert-assembler-indirect-jumps.patch b/patches.kernel.org/4.4.113-018-x86-retpoline-irq32-Convert-assembler-indirec.patch
index 30797d59ed..6ec4e09491 100644
--- a/patches.suse/0017-x86-retpoline-irq32-Convert-assembler-indirect-jumps.patch
+++ b/patches.kernel.org/4.4.113-018-x86-retpoline-irq32-Convert-assembler-indirec.patch
@@ -1,9 +1,9 @@
From: Andi Kleen <ak@linux.intel.com>
Date: Thu, 11 Jan 2018 21:46:33 +0000
-Subject: x86/retpoline/irq32: Convert assembler indirect jumps
+Subject: [PATCH] x86/retpoline/irq32: Convert assembler indirect jumps
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 7614e913db1f40fff819b36216484dc3808995d4
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 7614e913db1f40fff819b36216484dc3808995d4 upstream.
@@ -29,15 +29,15 @@ Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-12-git-send-email-dwmw@amazon.co.uk
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/kernel/irq_32.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
-index 647089c64d..528b7aa178 100644
+index 647089c64d13..528b7aa1780d 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -20,6 +20,7 @@
@@ -77,5 +77,5 @@ index 647089c64d..528b7aa178 100644
return 1;
}
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0018-x86-retpoline-Fill-return-stack-buffer-on-vmexit.patch b/patches.kernel.org/4.4.113-019-x86-retpoline-Fill-return-stack-buffer-on-vme.patch
index f09ca8f018..1dea055ea9 100644
--- a/patches.suse/0018-x86-retpoline-Fill-return-stack-buffer-on-vmexit.patch
+++ b/patches.kernel.org/4.4.113-019-x86-retpoline-Fill-return-stack-buffer-on-vme.patch
@@ -1,9 +1,9 @@
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Fri, 12 Jan 2018 11:11:27 +0000
-Subject: x86/retpoline: Fill return stack buffer on vmexit
+Subject: [PATCH] x86/retpoline: Fill return stack buffer on vmexit
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: 117cc7a908c83697b0b737d15ae1eb5943afe35b
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit 117cc7a908c83697b0b737d15ae1eb5943afe35b upstream.
@@ -32,8 +32,8 @@ Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515755487-8524-1-git-send-email-dwmw@amazon.co.uk
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Razvan Ghitulete <rga@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/include/asm/nospec-branch.h | 76 +++++++++++++++++++++++++++++++++++-
@@ -42,7 +42,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
3 files changed, 83 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
-index fe48aeee79..1afd04eb5f 100644
+index fe48aeee79d1..1afd04eb5fb7 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -7,6 +7,48 @@
@@ -149,7 +149,7 @@ index fe48aeee79..1afd04eb5f 100644
#endif /* __ASSEMBLY__ */
#endif /* __NOSPEC_BRANCH_H__ */
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index 900ffb6c28..2038e5bacc 100644
+index 900ffb6c28b5..2038e5bacce6 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -37,6 +37,7 @@
@@ -171,7 +171,7 @@ index 900ffb6c28..2038e5bacc 100644
wrmsrl(MSR_GS_BASE, svm->host.gs_base);
#else
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index c26255f196..75d60e40c3 100644
+index c26255f19603..75d60e40c389 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -47,6 +47,7 @@
@@ -193,5 +193,5 @@ index c26255f196..75d60e40c3 100644
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
--
-2.15.1
+2.16.0
diff --git a/patches.suse/0019-x86-retpoline-Remove-compile-time-warning.patch b/patches.kernel.org/4.4.113-020-x86-retpoline-Remove-compile-time-warning.patch
index 6d0ed5d20e..04f8c0f993 100644
--- a/patches.suse/0019-x86-retpoline-Remove-compile-time-warning.patch
+++ b/patches.kernel.org/4.4.113-020-x86-retpoline-Remove-compile-time-warning.patch
@@ -1,9 +1,9 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Sun, 14 Jan 2018 22:13:29 +0100
-Subject: x86/retpoline: Remove compile time warning
+Subject: [PATCH] x86/retpoline: Remove compile time warning
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
Git-commit: b8b9ce4b5aec8de9e23cabb0a26b78641f9ab1d6
-Patch-mainline: v4.15-rc8
-References: bsc#1068032 CVE-2017-5715
commit b8b9ce4b5aec8de9e23cabb0a26b78641f9ab1d6 upstream.
@@ -48,7 +48,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
1 file changed, 2 deletions(-)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 34fdac520e..1f9caa041b 100644
+index 34fdac520edb..1f9caa041bf7 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -194,8 +194,6 @@ ifdef CONFIG_RETPOLINE
@@ -61,5 +61,5 @@ index 34fdac520e..1f9caa041b 100644
endif
--
-2.15.1
+2.16.0
diff --git a/patches.kernel.org/4.4.113-021-scsi-sg-disable-SET_FORCE_LOW_DMA.patch b/patches.kernel.org/4.4.113-021-scsi-sg-disable-SET_FORCE_LOW_DMA.patch
new file mode 100644
index 0000000000..09b16b0272
--- /dev/null
+++ b/patches.kernel.org/4.4.113-021-scsi-sg-disable-SET_FORCE_LOW_DMA.patch
@@ -0,0 +1,118 @@
+From: Hannes Reinecke <hare@suse.de>
+Date: Fri, 7 Apr 2017 09:34:12 +0200
+Subject: [PATCH] scsi: sg: disable SET_FORCE_LOW_DMA
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 745dfa0d8ec26b24f3304459ff6e9eacc5c8351b
+
+commit 745dfa0d8ec26b24f3304459ff6e9eacc5c8351b upstream.
+
+The ioctl SET_FORCE_LOW_DMA has never worked since the initial git
+check-in, and the respective setting is nowadays handled correctly. So
+disable it entirely.
+
+Signed-off-by: Hannes Reinecke <hare@suse.com>
+Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
+Tested-by: Johannes Thumshirn <jthumshirn@suse.de>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/scsi/sg.c | 30 +++++++++---------------------
+ include/scsi/sg.h | 1 -
+ 2 files changed, 9 insertions(+), 22 deletions(-)
+
+diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
+index 38f77e127349..0f0ff75755e0 100644
+--- a/drivers/scsi/sg.c
++++ b/drivers/scsi/sg.c
+@@ -160,7 +160,6 @@ typedef struct sg_fd { /* holds the state of a file descriptor */
+ struct list_head rq_list; /* head of request list */
+ struct fasync_struct *async_qp; /* used by asynchronous notification */
+ Sg_request req_arr[SG_MAX_QUEUE]; /* used as singly-linked list */
+- char low_dma; /* as in parent but possibly overridden to 1 */
+ char force_packid; /* 1 -> pack_id input to read(), 0 -> ignored */
+ char cmd_q; /* 1 -> allow command queuing, 0 -> don't */
+ unsigned char next_cmd_len; /* 0: automatic, >0: use on next write() */
+@@ -932,24 +931,14 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
+ /* strange ..., for backward compatibility */
+ return sfp->timeout_user;
+ case SG_SET_FORCE_LOW_DMA:
+- result = get_user(val, ip);
+- if (result)
+- return result;
+- if (val) {
+- sfp->low_dma = 1;
+- if ((0 == sfp->low_dma) && !sfp->res_in_use) {
+- val = (int) sfp->reserve.bufflen;
+- sg_remove_scat(sfp, &sfp->reserve);
+- sg_build_reserve(sfp, val);
+- }
+- } else {
+- if (atomic_read(&sdp->detaching))
+- return -ENODEV;
+- sfp->low_dma = sdp->device->host->unchecked_isa_dma;
+- }
++ /*
++ * N.B. This ioctl never worked properly, but failed to
++ * return an error value. So returning '0' to keep compability
++ * with legacy applications.
++ */
+ return 0;
+ case SG_GET_LOW_DMA:
+- return put_user((int) sfp->low_dma, ip);
++ return put_user((int) sdp->device->host->unchecked_isa_dma, ip);
+ case SG_GET_SCSI_ID:
+ if (!access_ok(VERIFY_WRITE, p, sizeof (sg_scsi_id_t)))
+ return -EFAULT;
+@@ -1870,6 +1859,7 @@ sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
+ int sg_tablesize = sfp->parentdp->sg_tablesize;
+ int blk_size = buff_size, order;
+ gfp_t gfp_mask = GFP_ATOMIC | __GFP_COMP | __GFP_NOWARN;
++ struct sg_device *sdp = sfp->parentdp;
+
+ if (blk_size < 0)
+ return -EFAULT;
+@@ -1895,7 +1885,7 @@ sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
+ scatter_elem_sz_prev = num;
+ }
+
+- if (sfp->low_dma)
++ if (sdp->device->host->unchecked_isa_dma)
+ gfp_mask |= GFP_DMA;
+
+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
+@@ -2158,8 +2148,6 @@ sg_add_sfp(Sg_device * sdp)
+ sfp->timeout = SG_DEFAULT_TIMEOUT;
+ sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER;
+ sfp->force_packid = SG_DEF_FORCE_PACK_ID;
+- sfp->low_dma = (SG_DEF_FORCE_LOW_DMA == 0) ?
+- sdp->device->host->unchecked_isa_dma : 1;
+ sfp->cmd_q = SG_DEF_COMMAND_Q;
+ sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
+ sfp->parentdp = sdp;
+@@ -2618,7 +2606,7 @@ static void sg_proc_debug_helper(struct seq_file *s, Sg_device * sdp)
+ jiffies_to_msecs(fp->timeout),
+ fp->reserve.bufflen,
+ (int) fp->reserve.k_use_sg,
+- (int) fp->low_dma);
++ (int) sdp->device->host->unchecked_isa_dma);
+ seq_printf(s, " cmd_q=%d f_packid=%d k_orphan=%d closed=0\n",
+ (int) fp->cmd_q, (int) fp->force_packid,
+ (int) fp->keep_orphan);
+diff --git a/include/scsi/sg.h b/include/scsi/sg.h
+index 3afec7032448..20bc71c3e0b8 100644
+--- a/include/scsi/sg.h
++++ b/include/scsi/sg.h
+@@ -197,7 +197,6 @@ typedef struct sg_req_info { /* used by SG_GET_REQUEST_TABLE ioctl() */
+ #define SG_DEFAULT_RETRIES 0
+
+ /* Defaults, commented if they differ from original sg driver */
+-#define SG_DEF_FORCE_LOW_DMA 0 /* was 1 -> memory below 16MB on i386 */
+ #define SG_DEF_FORCE_PACK_ID 0
+ #define SG_DEF_KEEP_ORPHAN 0
+ #define SG_DEF_RESERVED_SIZE SG_SCATTER_SZ /* load time option */
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-022-futex-Prevent-overflow-by-strengthen-input-va.patch b/patches.kernel.org/4.4.113-022-futex-Prevent-overflow-by-strengthen-input-va.patch
new file mode 100644
index 0000000000..3b02681178
--- /dev/null
+++ b/patches.kernel.org/4.4.113-022-futex-Prevent-overflow-by-strengthen-input-va.patch
@@ -0,0 +1,45 @@
+From: Li Jinyue <lijinyue@huawei.com>
+Date: Thu, 14 Dec 2017 17:04:54 +0800
+Subject: [PATCH] futex: Prevent overflow by strengthen input validation
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
+
+commit fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a upstream.
+
+UBSAN reports signed integer overflow in kernel/futex.c:
+
+ UBSAN: Undefined behaviour in kernel/futex.c:2041:18
+ signed integer overflow:
+ 0 - -2147483648 cannot be represented in type 'int'
+
+Add a sanity check to catch negative values of nr_wake and nr_requeue.
+
+Signed-off-by: Li Jinyue <lijinyue@huawei.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: peterz@infradead.org
+Cc: dvhart@infradead.org
+Link: https://lkml.kernel.org/r/1513242294-31786-1-git-send-email-lijinyue@huawei.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ kernel/futex.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index fc68462801de..1fce19fc824c 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1621,6 +1621,9 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags,
+ struct futex_q *this, *next;
+ WAKE_Q(wake_q);
+
++ if (nr_wake < 0 || nr_requeue < 0)
++ return -EINVAL;
++
+ if (requeue_pi) {
+ /*
+ * Requeue PI only works on two distinct uaddrs. This
+--
+2.16.0
+
diff --git a/patches.drivers/ALSA-pcm-Remove-yet-superfluous-WARN_ON b/patches.kernel.org/4.4.113-023-ALSA-pcm-Remove-yet-superfluous-WARN_ON.patch
index 7ae8321f0f..68959875d9 100644
--- a/patches.drivers/ALSA-pcm-Remove-yet-superfluous-WARN_ON
+++ b/patches.kernel.org/4.4.113-023-ALSA-pcm-Remove-yet-superfluous-WARN_ON.patch
@@ -1,10 +1,11 @@
-From 23b19b7b50fe1867da8d431eea9cd3e4b6328c2c Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 10 Jan 2018 23:48:05 +0100
Subject: [PATCH] ALSA: pcm: Remove yet superfluous WARN_ON()
+Patch-mainline: 4.4.113
+References: bnc#1012382 bsc#1031717
Git-commit: 23b19b7b50fe1867da8d431eea9cd3e4b6328c2c
-Patch-mainline: v4.15
-References: bsc#1031717
+
+commit 23b19b7b50fe1867da8d431eea9cd3e4b6328c2c upstream.
muldiv32() contains a snd_BUG_ON() (which is morphed as WARN_ON() with
debug option) for checking the case of 0 / 0. This would be helpful
@@ -18,16 +19,18 @@ So, having snd_BUG_ON() there is simply superfluous and rather
harmful to give unnecessary confusions. Let's get rid of it.
Reported-by: syzbot+7e6ee55011deeebce15d@syzkaller.appspotmail.com
-Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- sound/core/pcm_lib.c | 1 -
+ sound/core/pcm_lib.c | 1 -
1 file changed, 1 deletion(-)
+diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
+index 7b805766306e..4c145d6bccd4 100644
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
-@@ -578,7 +578,6 @@ static inline unsigned int muldiv32(unsi
+@@ -578,7 +578,6 @@ static inline unsigned int muldiv32(unsigned int a, unsigned int b,
{
u_int64_t n = (u_int64_t) a * b;
if (c == 0) {
@@ -35,3 +38,6 @@ Signed-off-by: Takashi Iwai <tiwai@suse.de>
*r = 0;
return UINT_MAX;
}
+--
+2.16.0
+
diff --git a/patches.drivers/ALSA-hda-Apply-headphone-noise-quirk-for-another-Del b/patches.kernel.org/4.4.113-024-ALSA-hda-Apply-headphone-noise-quirk-for-anot.patch
index 67acdb93a6..71805096d7 100644
--- a/patches.drivers/ALSA-hda-Apply-headphone-noise-quirk-for-another-Del
+++ b/patches.kernel.org/4.4.113-024-ALSA-hda-Apply-headphone-noise-quirk-for-anot.patch
@@ -1,27 +1,31 @@
-From e4c9fd10eb21376f44723c40ad12395089251c28 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 10 Jan 2018 08:34:28 +0100
-Subject: [PATCH] ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
+Subject: [PATCH] ALSA: hda - Apply headphone noise quirk for another Dell XPS
+ 13 variant
+Patch-mainline: 4.4.113
+References: bnc#1012382 bsc#1031717
Git-commit: e4c9fd10eb21376f44723c40ad12395089251c28
-Patch-mainline: v4.15
-References: bsc#1031717
+
+commit e4c9fd10eb21376f44723c40ad12395089251c28 upstream.
There is another Dell XPS 13 variant (SSID 1028:082a) that requires
the existing fixup for reducing the headphone noise.
This patch adds the quirk entry for that.
-Buglink: http://lkml.kernel.org/r/CAHXyb9ZCZJzVisuBARa+UORcjRERV8yokez=DP1_5O5isTz0ZA@mail.gmail.com
+BugLink: http://lkml.kernel.org/r/CAHXyb9ZCZJzVisuBARa+UORcjRERV8yokez=DP1_5O5isTz0ZA@mail.gmail.com
Reported-and-tested-by: Francisco G. <frangio.1@gmail.com>
-Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- sound/pci/hda/patch_realtek.c | 1 +
+ sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index 5875a08d555e..f14c1f288443 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
-@@ -6091,6 +6091,7 @@ static const struct snd_pci_quirk alc269
+@@ -5600,6 +5600,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x1028, 0x0798, "Dell Inspiron 17 7000 Gaming", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER),
@@ -29,3 +33,6 @@ Signed-off-by: Takashi Iwai <tiwai@suse.de>
SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
+--
+2.16.0
+
diff --git a/patches.drivers/ALSA-hda-Apply-the-existing-quirk-to-iMac-14-1 b/patches.kernel.org/4.4.113-025-ALSA-hda-Apply-the-existing-quirk-to-iMac-14-.patch
index 876772b839..bb6be76189 100644
--- a/patches.drivers/ALSA-hda-Apply-the-existing-quirk-to-iMac-14-1
+++ b/patches.kernel.org/4.4.113-025-ALSA-hda-Apply-the-existing-quirk-to-iMac-14-.patch
@@ -1,27 +1,30 @@
-From 031f335cda879450095873003abb03ae8ed3b74a Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 10 Jan 2018 10:53:18 +0100
Subject: [PATCH] ALSA: hda - Apply the existing quirk to iMac 14,1
+Patch-mainline: 4.4.113
+References: bnc#1012382 bsc#1031717
Git-commit: 031f335cda879450095873003abb03ae8ed3b74a
-Patch-mainline: v4.15
-References: bsc#1031717
+
+commit 031f335cda879450095873003abb03ae8ed3b74a upstream.
iMac 14,1 requires the same quirk as iMac 12,2, using GPIO 2 and 3 for
headphone and speaker output amps. Add the codec SSID quirk entry
(106b:0600) accordingly.
-Buglink: http://lkml.kernel.org/r/CAEw6Zyteav09VGHRfD5QwsfuWv5a43r0tFBNbfcHXoNrxVz7ew@mail.gmail.com
+BugLink: http://lkml.kernel.org/r/CAEw6Zyteav09VGHRfD5QwsfuWv5a43r0tFBNbfcHXoNrxVz7ew@mail.gmail.com
Reported-by: Freaky <freaky2000@gmail.com>
-Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- sound/pci/hda/patch_cirrus.c | 1 +
+ sound/pci/hda/patch_cirrus.c | 1 +
1 file changed, 1 insertion(+)
+diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
+index 80bbadc83721..d6e079f4ec09 100644
--- a/sound/pci/hda/patch_cirrus.c
+++ b/sound/pci/hda/patch_cirrus.c
-@@ -408,6 +408,7 @@ static const struct snd_pci_quirk cs420x
+@@ -408,6 +408,7 @@ static const struct snd_pci_quirk cs420x_fixup_tbl[] = {
/*SND_PCI_QUIRK(0x8086, 0x7270, "IMac 27 Inch", CS420X_IMAC27),*/
/* codec SSID */
@@ -29,3 +32,6 @@ Signed-off-by: Takashi Iwai <tiwai@suse.de>
SND_PCI_QUIRK(0x106b, 0x1c00, "MacBookPro 8,1", CS420X_MBP81),
SND_PCI_QUIRK(0x106b, 0x2000, "iMac 12,2", CS420X_IMAC27_122),
SND_PCI_QUIRK(0x106b, 0x2800, "MacBookPro 10,1", CS420X_MBP101),
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-026-af_key-fix-buffer-overread-in-verify_address_.patch b/patches.kernel.org/4.4.113-026-af_key-fix-buffer-overread-in-verify_address_.patch
new file mode 100644
index 0000000000..e30b07ee79
--- /dev/null
+++ b/patches.kernel.org/4.4.113-026-af_key-fix-buffer-overread-in-verify_address_.patch
@@ -0,0 +1,68 @@
+From: Eric Biggers <ebiggers@google.com>
+Date: Fri, 29 Dec 2017 18:13:05 -0600
+Subject: [PATCH] af_key: fix buffer overread in verify_address_len()
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 06b335cb51af018d5feeff5dd4fd53847ddb675a
+
+commit 06b335cb51af018d5feeff5dd4fd53847ddb675a upstream.
+
+If a message sent to a PF_KEY socket ended with one of the extensions
+that takes a 'struct sadb_address' but there were not enough bytes
+remaining in the message for the ->sa_family member of the 'struct
+sockaddr' which is supposed to follow, then verify_address_len() read
+past the end of the message, into uninitialized memory. Fix it by
+returning -EINVAL in this case.
+
+This bug was found using syzkaller with KMSAN.
+
+Reproducer:
+
+ #include <linux/pfkeyv2.h>
+ #include <sys/socket.h>
+ #include <unistd.h>
+
+ int main()
+ {
+ int sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
+ char buf[24] = { 0 };
+ struct sadb_msg *msg = (void *)buf;
+ struct sadb_address *addr = (void *)(msg + 1);
+
+ msg->sadb_msg_version = PF_KEY_V2;
+ msg->sadb_msg_type = SADB_DELETE;
+ msg->sadb_msg_len = 3;
+ addr->sadb_address_len = 1;
+ addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
+
+ write(sock, buf, 24);
+ }
+
+Reported-by: Alexander Potapenko <glider@google.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/key/af_key.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/net/key/af_key.c b/net/key/af_key.c
+index 94bf810ad242..ea81a58a4ff6 100644
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -401,6 +401,11 @@ static int verify_address_len(const void *p)
+ #endif
+ int len;
+
++ if (sp->sadb_address_len <
++ DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
++ sizeof(uint64_t)))
++ return -EINVAL;
++
+ switch (addr->sa_family) {
+ case AF_INET:
+ len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-027-af_key-fix-buffer-overread-in-parse_exthdrs.patch b/patches.kernel.org/4.4.113-027-af_key-fix-buffer-overread-in-parse_exthdrs.patch
new file mode 100644
index 0000000000..2cc5d12386
--- /dev/null
+++ b/patches.kernel.org/4.4.113-027-af_key-fix-buffer-overread-in-parse_exthdrs.patch
@@ -0,0 +1,58 @@
+From: Eric Biggers <ebiggers@google.com>
+Date: Fri, 29 Dec 2017 18:15:23 -0600
+Subject: [PATCH] af_key: fix buffer overread in parse_exthdrs()
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 4e765b4972af7b07adcb1feb16e7a525ce1f6b28
+
+commit 4e765b4972af7b07adcb1feb16e7a525ce1f6b28 upstream.
+
+If a message sent to a PF_KEY socket ended with an incomplete extension
+header (fewer than 4 bytes remaining), then parse_exthdrs() read past
+the end of the message, into uninitialized memory. Fix it by returning
+-EINVAL in this case.
+
+Reproducer:
+
+ #include <linux/pfkeyv2.h>
+ #include <sys/socket.h>
+ #include <unistd.h>
+
+ int main()
+ {
+ int sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
+ char buf[17] = { 0 };
+ struct sadb_msg *msg = (void *)buf;
+
+ msg->sadb_msg_version = PF_KEY_V2;
+ msg->sadb_msg_type = SADB_DELETE;
+ msg->sadb_msg_len = 2;
+
+ write(sock, buf, 17);
+ }
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/key/af_key.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/key/af_key.c b/net/key/af_key.c
+index ea81a58a4ff6..6482b001f19a 100644
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -516,6 +516,9 @@ static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void *
+ uint16_t ext_type;
+ int ext_len;
+
++ if (len < sizeof(*ehdr))
++ return -EINVAL;
++
+ ext_len = ehdr->sadb_ext_len;
+ ext_len *= sizeof(uint64_t);
+ ext_type = ehdr->sadb_ext_type;
+--
+2.16.0
+
diff --git a/patches.drivers/scsi-hpsa-fix-volume-offline-state.patch b/patches.kernel.org/4.4.113-028-scsi-hpsa-fix-volume-offline-state.patch
index bd05595646..9a8a8a6074 100644
--- a/patches.drivers/scsi-hpsa-fix-volume-offline-state.patch
+++ b/patches.kernel.org/4.4.113-028-scsi-hpsa-fix-volume-offline-state.patch
@@ -1,9 +1,11 @@
From: Tomas Henzl <thenzl@redhat.com>
Date: Mon, 20 Mar 2017 16:42:48 +0100
-Subject: scsi: hpsa: fix volume offline state
+Subject: [PATCH] scsi: hpsa: fix volume offline state
+Patch-mainline: 4.4.113
+References: FATE#321928 bnc#1012382 bsc#1022600 bsc#1028971
Git-commit: eb94588dabec82e012281608949a860f64752914
-Patch-mainline: v4.11-rc5
-References: bsc#1022600 bsc#1028971 fate#321928
+
+commit eb94588dabec82e012281608949a860f64752914 upstream.
In a previous patch a hpsa_scsi_dev_t.volume_offline update line has
been removed, so let us put it back..
@@ -12,14 +14,18 @@ Fixes: 85b29008d8 (hpsa: update check for logical volume status)
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Acked-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
-Acked-by: Martin Wilck <mwilck@suse.com>
+Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- drivers/scsi/hpsa.c | 1 +
+ drivers/scsi/hpsa.c | 1 +
1 file changed, 1 insertion(+)
+diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
+index 0c87f341fed4..910b795fc5eb 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
-@@ -3896,6 +3896,7 @@ static int hpsa_update_device_info(struc
+@@ -3638,6 +3638,7 @@ static int hpsa_update_device_info(struct ctlr_info *h,
if (h->fw_support & MISC_FW_RAID_OFFLOAD_BASIC)
hpsa_get_ioaccel_status(h, scsi3addr, this_device);
volume_offline = hpsa_volume_offline(h, scsi3addr);
@@ -27,3 +33,6 @@ Acked-by: Martin Wilck <mwilck@suse.com>
if (volume_offline == HPSA_LV_FAILED) {
rc = HPSA_LV_FAILED;
dev_err(&h->pdev->dev,
+--
+2.16.0
+
diff --git a/patches.suse/sched-deadline-Zero-out-positive-runtime-after-throt.patch b/patches.kernel.org/4.4.113-029-sched-deadline-Zero-out-positive-runtime-afte.patch
index cacf4b526b..1496c5eea1 100644
--- a/patches.suse/sched-deadline-Zero-out-positive-runtime-after-throt.patch
+++ b/patches.kernel.org/4.4.113-029-sched-deadline-Zero-out-positive-runtime-afte.patch
@@ -1,10 +1,12 @@
From: Xunlei Pang <xlpang@redhat.com>
Date: Wed, 10 May 2017 21:03:37 +0800
-Subject: sched/deadline: Zero out positive runtime after throttling
+Subject: [PATCH] sched/deadline: Zero out positive runtime after throttling
constrained tasks
+Patch-mainline: 4.4.113
+References: bnc#1012382 git-fixes
Git-commit: ae83b56a56f8d9643dedbee86b457fa1c5d42f59
-Patch-mainline: v4.13-rc1
-References: git-fixes
+
+commit ae83b56a56f8d9643dedbee86b457fa1c5d42f59 upstream.
When a contrained task is throttled by dl_check_constrained_dl(),
it may carry the remaining positive runtime, as a result when
@@ -26,14 +28,18 @@ Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: df8eac8cafce ("sched/deadline: Throttle a constrained deadline task activated after the deadline)
Link: http://lkml.kernel.org/r/1494421417-27550-1-git-send-email-xlpang@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- kernel/sched/deadline.c | 2 ++
+ kernel/sched/deadline.c | 2 ++
1 file changed, 2 insertions(+)
+diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
+index a996f7356216..6be2afd9bfd6 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
-@@ -744,6 +744,8 @@ static inline void dl_check_constrained_
+@@ -732,6 +732,8 @@ static inline void dl_check_constrained_dl(struct sched_dl_entity *dl_se)
if (unlikely(dl_se->dl_boosted || !start_dl_timer(p)))
return;
dl_se->dl_throttled = 1;
@@ -42,3 +48,6 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
}
}
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-030-x86-retpoline-Add-LFENCE-to-the-retpoline-RSB.patch b/patches.kernel.org/4.4.113-030-x86-retpoline-Add-LFENCE-to-the-retpoline-RSB.patch
new file mode 100644
index 0000000000..34f330f02f
--- /dev/null
+++ b/patches.kernel.org/4.4.113-030-x86-retpoline-Add-LFENCE-to-the-retpoline-RSB.patch
@@ -0,0 +1,97 @@
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Sat, 13 Jan 2018 17:27:30 -0600
+Subject: [PATCH] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+ macros
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 28d437d550e1e39f805d99f9f8ac399c778827b7
+
+commit 28d437d550e1e39f805d99f9f8ac399c778827b7 upstream.
+
+The PAUSE instruction is currently used in the retpoline and RSB filling
+macros as a speculation trap. The use of PAUSE was originally suggested
+because it showed a very, very small difference in the amount of
+cycles/time used to execute the retpoline as compared to LFENCE. On AMD,
+the PAUSE instruction is not a serializing instruction, so the pause/jmp
+loop will use excess power as it is speculated over waiting for return
+to mispredict to the correct target.
+
+The RSB filling macro is applicable to AMD, and, if software is unable to
+verify that LFENCE is serializing on AMD (possible when running under a
+hypervisor), the generic retpoline support will be used and, so, is also
+applicable to AMD. Keep the current usage of PAUSE for Intel, but add an
+LFENCE instruction to the speculation trap for AMD.
+
+The same sequence has been adopted by GCC for the GCC generated retpolines.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@alien8.de>
+Acked-by: David Woodhouse <dwmw@amazon.co.uk>
+Acked-by: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Paul Turner <pjt@google.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Cc: Jiri Kosina <jikos@kernel.org>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Dan Williams <dan.j.williams@intel.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
+Cc: Kees Cook <keescook@google.com>
+Link: https://lkml.kernel.org/r/20180113232730.31060.36287.stgit@tlendack-t1.amdoffice.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/include/asm/nospec-branch.h | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
+index 1afd04eb5fb7..e28a9ff1246c 100644
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -11,7 +11,7 @@
+ * Fill the CPU return stack buffer.
+ *
+ * Each entry in the RSB, if used for a speculative 'ret', contains an
+- * infinite 'pause; jmp' loop to capture speculative execution.
++ * infinite 'pause; lfence; jmp' loop to capture speculative execution.
+ *
+ * This is required in various cases for retpoline and IBRS-based
+ * mitigations for the Spectre variant 2 vulnerability. Sometimes to
+@@ -38,11 +38,13 @@
+ call 772f; \
+ 773: /* speculation trap */ \
+ pause; \
++ lfence; \
+ jmp 773b; \
+ 772: \
+ call 774f; \
+ 775: /* speculation trap */ \
+ pause; \
++ lfence; \
+ jmp 775b; \
+ 774: \
+ dec reg; \
+@@ -60,6 +62,7 @@
+ call .Ldo_rop_\@
+ .Lspec_trap_\@:
+ pause
++ lfence
+ jmp .Lspec_trap_\@
+ .Ldo_rop_\@:
+ mov \reg, (%_ASM_SP)
+@@ -142,6 +145,7 @@
+ " .align 16\n" \
+ "901: call 903f;\n" \
+ "902: pause;\n" \
++ " lfence;\n" \
+ " jmp 902b;\n" \
+ " .align 16\n" \
+ "903: addl $4, %%esp;\n" \
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-031-module-Add-retpoline-tag-to-VERMAGIC.patch b/patches.kernel.org/4.4.113-031-module-Add-retpoline-tag-to-VERMAGIC.patch
new file mode 100644
index 0000000000..2332c0b031
--- /dev/null
+++ b/patches.kernel.org/4.4.113-031-module-Add-retpoline-tag-to-VERMAGIC.patch
@@ -0,0 +1,58 @@
+From: Andi Kleen <ak@linux.intel.com>
+Date: Tue, 16 Jan 2018 12:52:28 -0800
+Subject: [PATCH] module: Add retpoline tag to VERMAGIC
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 6cfb521ac0d5b97470883ff9b7facae264b7ab12
+
+commit 6cfb521ac0d5b97470883ff9b7facae264b7ab12 upstream.
+
+Add a marker for retpoline to the module VERMAGIC. This catches the case
+when a non RETPOLINE compiled module gets loaded into a retpoline kernel,
+making it insecure.
+
+It doesn't handle the case when retpoline has been runtime disabled. Even
+in this case the match of the retcompile status will be enforced. This
+implies that even with retpoline run time disabled all modules loaded need
+to be recompiled.
+
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: David Woodhouse <dwmw@amazon.co.uk>
+Cc: rusty@rustcorp.com.au
+Cc: arjan.van.de.ven@intel.com
+Cc: jeyu@kernel.org
+Cc: torvalds@linux-foundation.org
+Link: https://lkml.kernel.org/r/20180116205228.4890-1-andi@firstfloor.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ include/linux/vermagic.h | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
+index 6f8fbcf10dfb..a3d04934aa96 100644
+--- a/include/linux/vermagic.h
++++ b/include/linux/vermagic.h
+@@ -24,10 +24,16 @@
+ #ifndef MODULE_ARCH_VERMAGIC
+ #define MODULE_ARCH_VERMAGIC ""
+ #endif
++#ifdef RETPOLINE
++#define MODULE_VERMAGIC_RETPOLINE "retpoline "
++#else
++#define MODULE_VERMAGIC_RETPOLINE ""
++#endif
+
+ #define VERMAGIC_STRING \
+ UTS_RELEASE " " \
+ MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
+ MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
+- MODULE_ARCH_VERMAGIC
++ MODULE_ARCH_VERMAGIC \
++ MODULE_VERMAGIC_RETPOLINE
+
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-032-pipe-avoid-round_pipe_size-nr_pages-overflow-.patch b/patches.kernel.org/4.4.113-032-pipe-avoid-round_pipe_size-nr_pages-overflow-.patch
new file mode 100644
index 0000000000..f16bdb9ec4
--- /dev/null
+++ b/patches.kernel.org/4.4.113-032-pipe-avoid-round_pipe_size-nr_pages-overflow-.patch
@@ -0,0 +1,120 @@
+From: Joe Lawrence <joe.lawrence@redhat.com>
+Date: Fri, 17 Nov 2017 15:29:21 -0800
+Subject: [PATCH] pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: d3f14c485867cfb2e0c48aa88c41d0ef4bf5209c
+
+commit d3f14c485867cfb2e0c48aa88c41d0ef4bf5209c upstream.
+
+round_pipe_size() contains a right-bit-shift expression which may
+overflow, which would cause undefined results in a subsequent
+roundup_pow_of_two() call.
+
+ static inline unsigned int round_pipe_size(unsigned int size)
+ {
+ unsigned long nr_pages;
+
+ nr_pages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ return roundup_pow_of_two(nr_pages) << PAGE_SHIFT;
+ }
+
+PAGE_SIZE is defined as (1UL << PAGE_SHIFT), so:
+ - 4 bytes wide on 32-bit (0 to 0xffffffff)
+ - 8 bytes wide on 64-bit (0 to 0xffffffffffffffff)
+
+That means that 32-bit round_pipe_size(), nr_pages may overflow to 0:
+
+ size=0x00000000 nr_pages=0x0
+ size=0x00000001 nr_pages=0x1
+ size=0xfffff000 nr_pages=0xfffff
+ size=0xfffff001 nr_pages=0x0 << !
+ size=0xffffffff nr_pages=0x0 << !
+
+This is bad because roundup_pow_of_two(n) is undefined when n == 0!
+
+64-bit is not a problem as the unsigned int size is 4 bytes wide
+(similar to 32-bit) and the larger, 8 byte wide unsigned long, is
+sufficient to handle the largest value of the bit shift expression:
+
+ size=0xffffffff nr_pages=100000
+
+Modify round_pipe_size() to return 0 if n == 0 and updates its callers to
+handle accordingly.
+
+Link: http://lkml.kernel.org/r/1507658689-11669-3-git-send-email-joe.lawrence@redhat.com
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+Reported-by: Mikulas Patocka <mpatocka@redhat.com>
+Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Michael Kerrisk <mtk.manpages@gmail.com>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Dong Jinguang <dongjinguang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ fs/pipe.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/fs/pipe.c b/fs/pipe.c
+index ab8dad3ccb6a..39eff9a67253 100644
+--- a/fs/pipe.c
++++ b/fs/pipe.c
+@@ -1001,6 +1001,9 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages)
+ {
+ struct pipe_buffer *bufs;
+
++ if (!nr_pages)
++ return -EINVAL;
++
+ /*
+ * We can shrink the pipe, if arg >= pipe->nrbufs. Since we don't
+ * expect a lot of shrink+grow operations, just free and allocate
+@@ -1045,13 +1048,19 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages)
+
+ /*
+ * Currently we rely on the pipe array holding a power-of-2 number
+- * of pages.
++ * of pages. Returns 0 on error.
+ */
+ static inline unsigned int round_pipe_size(unsigned int size)
+ {
+ unsigned long nr_pages;
+
++ if (size < pipe_min_size)
++ size = pipe_min_size;
++
+ nr_pages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
++ if (nr_pages == 0)
++ return 0;
++
+ return roundup_pow_of_two(nr_pages) << PAGE_SHIFT;
+ }
+
+@@ -1062,13 +1071,18 @@ static inline unsigned int round_pipe_size(unsigned int size)
+ int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf,
+ size_t *lenp, loff_t *ppos)
+ {
++ unsigned int rounded_pipe_max_size;
+ int ret;
+
+ ret = proc_dointvec_minmax(table, write, buf, lenp, ppos);
+ if (ret < 0 || !write)
+ return ret;
+
+- pipe_max_size = round_pipe_size(pipe_max_size);
++ rounded_pipe_max_size = round_pipe_size(pipe_max_size);
++ if (rounded_pipe_max_size == 0)
++ return -EINVAL;
++
++ pipe_max_size = rounded_pipe_max_size;
+ return ret;
+ }
+
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-033-x86-apic-vector-Fix-off-by-one-in-error-path.patch b/patches.kernel.org/4.4.113-033-x86-apic-vector-Fix-off-by-one-in-error-path.patch
new file mode 100644
index 0000000000..4559c1b819
--- /dev/null
+++ b/patches.kernel.org/4.4.113-033-x86-apic-vector-Fix-off-by-one-in-error-path.patch
@@ -0,0 +1,61 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 16 Jan 2018 12:20:18 +0100
+Subject: [PATCH] x86/apic/vector: Fix off by one in error path
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 45d55e7bac4028af93f5fa324e69958a0b868e96
+
+commit 45d55e7bac4028af93f5fa324e69958a0b868e96 upstream.
+
+Keith reported the following warning:
+
+WARNING: CPU: 28 PID: 1420 at kernel/irq/matrix.c:222 irq_matrix_remove_managed+0x10f/0x120
+ x86_vector_free_irqs+0xa1/0x180
+ x86_vector_alloc_irqs+0x1e4/0x3a0
+ msi_domain_alloc+0x62/0x130
+
+The reason for this is that if the vector allocation fails the error
+handling code tries to free the failed vector as well, which causes the
+above imbalance warning to trigger.
+
+Adjust the error path to handle this correctly.
+
+Fixes: b5dc8e6c21e7 ("x86/irq: Use hierarchical irqdomain to manage CPU interrupt vectors")
+Reported-by: Keith Busch <keith.busch@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Keith Busch <keith.busch@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801161217300.1823@nanos
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/kernel/apic/vector.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
+index 0988e204f1e3..a41e523536a2 100644
+--- a/arch/x86/kernel/apic/vector.c
++++ b/arch/x86/kernel/apic/vector.c
+@@ -359,14 +359,17 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq,
+ irq_data->chip_data = data;
+ irq_data->hwirq = virq + i;
+ err = assign_irq_vector_policy(virq + i, node, data, info);
+- if (err)
++ if (err) {
++ irq_data->chip_data = NULL;
++ free_apic_chip_data(data);
+ goto error;
++ }
+ }
+
+ return 0;
+
+ error:
+- x86_vector_free_irqs(domain, virq, i + 1);
++ x86_vector_free_irqs(domain, virq, i);
+ return err;
+ }
+
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-034-Input-88pm860x-ts-fix-child-node-lookup.patch b/patches.kernel.org/4.4.113-034-Input-88pm860x-ts-fix-child-node-lookup.patch
new file mode 100644
index 0000000000..060c51c7e6
--- /dev/null
+++ b/patches.kernel.org/4.4.113-034-Input-88pm860x-ts-fix-child-node-lookup.patch
@@ -0,0 +1,77 @@
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 8 Jan 2018 17:20:18 -0800
+Subject: [PATCH] Input: 88pm860x-ts - fix child-node lookup
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 906bf7daa0618d0ef39f4872ca42218c29a3631f
+
+commit 906bf7daa0618d0ef39f4872ca42218c29a3631f upstream.
+
+Fix child node-lookup during probe, which ended up searching the whole
+device tree depth-first starting at parent rather than just matching on
+its children.
+
+To make things worse, the parent node was prematurely freed, while the
+child node was leaked.
+
+Fixes: 2e57d56747e6 ("mfd: 88pm860x: Device tree support")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/input/touchscreen/88pm860x-ts.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/input/touchscreen/88pm860x-ts.c b/drivers/input/touchscreen/88pm860x-ts.c
+index 251ff2aa0633..7a0dbce4dae9 100644
+--- a/drivers/input/touchscreen/88pm860x-ts.c
++++ b/drivers/input/touchscreen/88pm860x-ts.c
+@@ -126,7 +126,7 @@ static int pm860x_touch_dt_init(struct platform_device *pdev,
+ int data, n, ret;
+ if (!np)
+ return -ENODEV;
+- np = of_find_node_by_name(np, "touch");
++ np = of_get_child_by_name(np, "touch");
+ if (!np) {
+ dev_err(&pdev->dev, "Can't find touch node\n");
+ return -EINVAL;
+@@ -144,13 +144,13 @@ static int pm860x_touch_dt_init(struct platform_device *pdev,
+ if (data) {
+ ret = pm860x_reg_write(i2c, PM8607_GPADC_MISC1, data);
+ if (ret < 0)
+- return -EINVAL;
++ goto err_put_node;
+ }
+ /* set tsi prebias time */
+ if (!of_property_read_u32(np, "marvell,88pm860x-tsi-prebias", &data)) {
+ ret = pm860x_reg_write(i2c, PM8607_TSI_PREBIAS, data);
+ if (ret < 0)
+- return -EINVAL;
++ goto err_put_node;
+ }
+ /* set prebias & prechg time of pen detect */
+ data = 0;
+@@ -161,10 +161,18 @@ static int pm860x_touch_dt_init(struct platform_device *pdev,
+ if (data) {
+ ret = pm860x_reg_write(i2c, PM8607_PD_PREBIAS, data);
+ if (ret < 0)
+- return -EINVAL;
++ goto err_put_node;
+ }
+ of_property_read_u32(np, "marvell,88pm860x-resistor-X", res_x);
++
++ of_node_put(np);
++
+ return 0;
++
++err_put_node:
++ of_node_put(np);
++
++ return -EINVAL;
+ }
+ #else
+ #define pm860x_touch_dt_init(x, y, z) (-1)
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-035-Input-twl6040-vibra-fix-DT-node-memory-manage.patch b/patches.kernel.org/4.4.113-035-Input-twl6040-vibra-fix-DT-node-memory-manage.patch
new file mode 100644
index 0000000000..07547060db
--- /dev/null
+++ b/patches.kernel.org/4.4.113-035-Input-twl6040-vibra-fix-DT-node-memory-manage.patch
@@ -0,0 +1,42 @@
+From: "H. Nikolaus Schaller" <hns@goldelico.com>
+Date: Mon, 9 May 2016 17:01:01 -0700
+Subject: [PATCH] Input: twl6040-vibra - fix DT node memory management
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: c52c545ead97fcc2f4f8ea38f1ae3c23211e09a8
+
+commit c52c545ead97fcc2f4f8ea38f1ae3c23211e09a8 upstream.
+
+commit e7ec014a47e4 ("Input: twl6040-vibra - update for device tree support")
+
+made the separate vibra DT node to a subnode of the twl6040.
+
+It now calls of_find_node_by_name() to locate the "vibra" subnode.
+This function has a side effect to call of_node_put on() for the twl6040
+parent node passed in as a parameter. This causes trouble later on.
+
+Solution: we must call of_node_get() before of_find_node_by_name()
+
+Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/input/misc/twl6040-vibra.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/input/misc/twl6040-vibra.c b/drivers/input/misc/twl6040-vibra.c
+index ea63fad48de6..7221a00168bd 100644
+--- a/drivers/input/misc/twl6040-vibra.c
++++ b/drivers/input/misc/twl6040-vibra.c
+@@ -262,6 +262,7 @@ static int twl6040_vibra_probe(struct platform_device *pdev)
+ int vddvibr_uV = 0;
+ int error;
+
++ of_node_get(twl6040_core_dev->of_node);
+ twl6040_core_node = of_find_node_by_name(twl6040_core_dev->of_node,
+ "vibra");
+ if (!twl6040_core_node) {
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-036-Input-twl6040-vibra-fix-child-node-lookup.patch b/patches.kernel.org/4.4.113-036-Input-twl6040-vibra-fix-child-node-lookup.patch
new file mode 100644
index 0000000000..b4bdc6c144
--- /dev/null
+++ b/patches.kernel.org/4.4.113-036-Input-twl6040-vibra-fix-child-node-lookup.patch
@@ -0,0 +1,47 @@
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 8 Jan 2018 17:17:48 -0800
+Subject: [PATCH] Input: twl6040-vibra - fix child-node lookup
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: dcaf12a8b0bbdbfcfa2be8dff2c4948d9844b4ad
+
+commit dcaf12a8b0bbdbfcfa2be8dff2c4948d9844b4ad upstream.
+
+Fix child-node lookup during probe, which ended up searching the whole
+device tree depth-first starting at parent rather than just matching on
+its children.
+
+Later sanity checks on node properties (which would likely be missing)
+should prevent this from causing much trouble however, especially as the
+original premature free of the parent node has already been fixed
+separately (but that "fix" was apparently never backported to stable).
+
+Fixes: e7ec014a47e4 ("Input: twl6040-vibra - update for device tree support")
+Fixes: c52c545ead97 ("Input: twl6040-vibra - fix DT node memory management")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
+Tested-by: H. Nikolaus Schaller <hns@goldelico.com> (on Pyra OMAP5 hardware)
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/input/misc/twl6040-vibra.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/drivers/input/misc/twl6040-vibra.c b/drivers/input/misc/twl6040-vibra.c
+index 7221a00168bd..1e968ae37f60 100644
+--- a/drivers/input/misc/twl6040-vibra.c
++++ b/drivers/input/misc/twl6040-vibra.c
+@@ -262,8 +262,7 @@ static int twl6040_vibra_probe(struct platform_device *pdev)
+ int vddvibr_uV = 0;
+ int error;
+
+- of_node_get(twl6040_core_dev->of_node);
+- twl6040_core_node = of_find_node_by_name(twl6040_core_dev->of_node,
++ twl6040_core_node = of_get_child_by_name(twl6040_core_dev->of_node,
+ "vibra");
+ if (!twl6040_core_node) {
+ dev_err(&pdev->dev, "parent of node is missing?\n");
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-037-Input-twl4030-vibra-fix-sibling-node-lookup.patch b/patches.kernel.org/4.4.113-037-Input-twl4030-vibra-fix-sibling-node-lookup.patch
new file mode 100644
index 0000000000..d17ad6267b
--- /dev/null
+++ b/patches.kernel.org/4.4.113-037-Input-twl4030-vibra-fix-sibling-node-lookup.patch
@@ -0,0 +1,48 @@
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 8 Jan 2018 17:15:06 -0800
+Subject: [PATCH] Input: twl4030-vibra - fix sibling-node lookup
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 5b189201993ab03001a398de731045bfea90c689
+
+commit 5b189201993ab03001a398de731045bfea90c689 upstream.
+
+A helper purported to look up a child node based on its name was using
+the wrong of-helper and ended up prematurely freeing the parent of-node
+while searching the whole device tree depth-first starting at the parent
+node.
+
+Fixes: 64b9e4d803b1 ("input: twl4030-vibra: Support for DT booted kernel")
+Fixes: e661d0a04462 ("Input: twl4030-vibra - fix ERROR: Bad of_node_put() warning")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/input/misc/twl4030-vibra.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/input/misc/twl4030-vibra.c b/drivers/input/misc/twl4030-vibra.c
+index 10c4e3d462f1..7233db002588 100644
+--- a/drivers/input/misc/twl4030-vibra.c
++++ b/drivers/input/misc/twl4030-vibra.c
+@@ -178,12 +178,14 @@ static SIMPLE_DEV_PM_OPS(twl4030_vibra_pm_ops,
+ twl4030_vibra_suspend, twl4030_vibra_resume);
+
+ static bool twl4030_vibra_check_coexist(struct twl4030_vibra_data *pdata,
+- struct device_node *node)
++ struct device_node *parent)
+ {
++ struct device_node *node;
++
+ if (pdata && pdata->coexist)
+ return true;
+
+- node = of_find_node_by_name(node, "codec");
++ node = of_get_child_by_name(parent, "codec");
+ if (node) {
+ of_node_put(node);
+ return true;
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-038-tracing-Fix-converting-enum-s-from-the-map-in.patch b/patches.kernel.org/4.4.113-038-tracing-Fix-converting-enum-s-from-the-map-in.patch
new file mode 100644
index 0000000000..9d4ef3026c
--- /dev/null
+++ b/patches.kernel.org/4.4.113-038-tracing-Fix-converting-enum-s-from-the-map-in.patch
@@ -0,0 +1,100 @@
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Thu, 18 Jan 2018 15:53:10 -0500
+Subject: [PATCH] tracing: Fix converting enum's from the map in
+ trace_event_eval_update()
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 1ebe1eaf2f02784921759992ae1fde1a9bec8fd0
+
+commit 1ebe1eaf2f02784921759992ae1fde1a9bec8fd0 upstream.
+
+Since enums do not get converted by the TRACE_EVENT macro into their values,
+the event format displaces the enum name and not the value. This breaks
+tools like perf and trace-cmd that need to interpret the raw binary data. To
+solve this, an enum map was created to convert these enums into their actual
+numbers on boot up. This is done by TRACE_EVENTS() adding a
+TRACE_DEFINE_ENUM() macro.
+
+Some enums were not being converted. This was caused by an optization that
+had a bug in it.
+
+All calls get checked against this enum map to see if it should be converted
+or not, and it compares the call's system to the system that the enum map
+was created under. If they match, then they call is processed.
+
+To cut down on the number of iterations needed to find the maps with a
+matching system, since calls and maps are grouped by system, when a match is
+made, the index into the map array is saved, so that the next call, if it
+belongs to the same system as the previous call, could start right at that
+array index and not have to scan all the previous arrays.
+
+The problem was, the saved index was used as the variable to know if this is
+a call in a new system or not. If the index was zero, it was assumed that
+the call is in a new system and would keep incrementing the saved index
+until it found a matching system. The issue arises when the first matching
+system was at index zero. The next map, if it belonged to the same system,
+would then think it was the first match and increment the index to one. If
+the next call belong to the same system, it would begin its search of the
+maps off by one, and miss the first enum that should be converted. This left
+a single enum not converted properly.
+
+Also add a comment to describe exactly what that index was for. It took me a
+bit too long to figure out what I was thinking when debugging this issue.
+
+Link: http://lkml.kernel.org/r/717BE572-2070-4C1E-9902-9F2E0FEDA4F8@oracle.com
+
+Fixes: 0c564a538aa93 ("tracing: Add TRACE_DEFINE_ENUM() macro to map enums to their values")
+Reported-by: Chuck Lever <chuck.lever@oracle.com>
+Teste-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ kernel/trace/trace_events.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
+index 996f0fd34312..ba5392807912 100644
+--- a/kernel/trace/trace_events.c
++++ b/kernel/trace/trace_events.c
+@@ -2300,6 +2300,7 @@ void trace_event_enum_update(struct trace_enum_map **map, int len)
+ {
+ struct trace_event_call *call, *p;
+ const char *last_system = NULL;
++ bool first = false;
+ int last_i;
+ int i;
+
+@@ -2307,15 +2308,28 @@ void trace_event_enum_update(struct trace_enum_map **map, int len)
+ list_for_each_entry_safe(call, p, &ftrace_events, list) {
+ /* events are usually grouped together with systems */
+ if (!last_system || call->class->system != last_system) {
++ first = true;
+ last_i = 0;
+ last_system = call->class->system;
+ }
+
++ /*
++ * Since calls are grouped by systems, the likelyhood that the
++ * next call in the iteration belongs to the same system as the
++ * previous call is high. As an optimization, we skip seaching
++ * for a map[] that matches the call's system if the last call
++ * was from the same system. That's what last_i is for. If the
++ * call has the same system as the previous call, then last_i
++ * will be the index of the first map[] that has a matching
++ * system.
++ */
+ for (i = last_i; i < len; i++) {
+ if (call->class->system == map[i]->system) {
+ /* Save the first system if need be */
+- if (!last_i)
++ if (first) {
+ last_i = i;
++ first = false;
++ }
+ update_event_printk(call, map[i]);
+ }
+ }
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-039-phy-work-around-phys-references-to-usb-nop-xc.patch b/patches.kernel.org/4.4.113-039-phy-work-around-phys-references-to-usb-nop-xc.patch
new file mode 100644
index 0000000000..cbb4443e64
--- /dev/null
+++ b/patches.kernel.org/4.4.113-039-phy-work-around-phys-references-to-usb-nop-xc.patch
@@ -0,0 +1,84 @@
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 12 Jan 2018 11:12:05 +0100
+Subject: [PATCH] phy: work around 'phys' references to usb-nop-xceiv devices
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: b7563e2796f8b23c98afcfea7363194227fa089d
+
+commit b7563e2796f8b23c98afcfea7363194227fa089d upstream.
+
+Stefan Wahren reports a problem with a warning fix that was merged
+for v4.15: we had lots of device nodes with a 'phys' property pointing
+to a device node that is not compliant with the binding documented in
+Documentation/devicetree/bindings/phy/phy-bindings.txt
+
+This generally works because USB HCD drivers that support both the generic
+phy subsystem and the older usb-phy subsystem ignore most errors from
+phy_get() and related calls and then use the usb-phy driver instead.
+
+However, it turns out that making the usb-nop-xceiv device compatible with
+the generic-phy binding changes the phy_get() return code from -EINVAL to
+-EPROBE_DEFER, and the dwc2 usb controller driver for bcm2835 now returns
+-EPROBE_DEFER from its probe function rather than ignoring the failure,
+breaking all USB support on raspberry-pi when CONFIG_GENERIC_PHY is
+enabled. The same code is used in the dwc3 driver and the usb_add_hcd()
+function, so a reasonable assumption would be that many other platforms
+are affected as well.
+
+I have reviewed all the related patches and concluded that "usb-nop-xceiv"
+is the only USB phy that is affected by the change, and since it is by far
+the most commonly referenced phy, all the other USB phy drivers appear
+to be used in ways that are are either safe in DT (they don't use the
+'phys' property), or in the driver (they already ignore -EPROBE_DEFER
+from generic-phy when usb-phy is available).
+
+To work around the problem, this adds a special case to _of_phy_get()
+so we ignore any PHY node that is compatible with "usb-nop-xceiv",
+as we know that this can never load no matter how much we defer. In the
+future, we might implement a generic-phy driver for "usb-nop-xceiv"
+and then remove this workaround.
+
+Since we generally want older kernels to also want to work with the
+fixed devicetree files, it would be good to backport the patch into
+stable kernels as well (3.13+ are possibly affected), even though they
+don't contain any of the patches that may have caused regressions.
+
+Fixes: 014d6da6cb25 ARM: dts: bcm283x: Fix DTC warnings about missing phy-cells
+Fixes: c5bbf358b790 arm: dts: nspire: Add missing #phy-cells to usb-nop-xceiv
+Fixes: 44e5dced2ef6 arm: dts: marvell: Add missing #phy-cells to usb-nop-xceiv
+Fixes: f568f6f554b8 ARM: dts: omap: Add missing #phy-cells to usb-nop-xceiv
+Fixes: d745d5f277bf ARM: dts: imx51-zii-rdu1: Add missing #phy-cells to usb-nop-xceiv
+Fixes: 915fbe59cbf2 ARM: dts: imx: Add missing #phy-cells to usb-nop-xceiv
+Link: https://marc.info/?l=linux-usb&m=151518314314753&w=2
+Link: https://patchwork.kernel.org/patch/10158145/
+Cc: Felipe Balbi <balbi@kernel.org>
+Cc: Eric Anholt <eric@anholt.net>
+Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
+Acked-by: Rob Herring <robh@kernel.org>
+Tested-by: Hans Verkuil <hans.verkuil@cisco.com>
+Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/phy/phy-core.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
+index e7e574dc667a..be1f0276ab23 100644
+--- a/drivers/phy/phy-core.c
++++ b/drivers/phy/phy-core.c
+@@ -365,6 +365,10 @@ static struct phy *_of_phy_get(struct device_node *np, int index)
+ if (ret)
+ return ERR_PTR(-ENODEV);
+
++ /* This phy type handled by the usb-phy subsystem for now */
++ if (of_device_is_compatible(args.np, "usb-nop-xceiv"))
++ return ERR_PTR(-ENODEV);
++
+ mutex_lock(&phy_provider_mutex);
+ phy_provider = of_phy_provider_lookup(args.np);
+ if (IS_ERR(phy_provider) || !try_module_get(phy_provider->owner)) {
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-040-ARM-dts-kirkwood-fix-pin-muxing-of-MPP7-on-Op.patch b/patches.kernel.org/4.4.113-040-ARM-dts-kirkwood-fix-pin-muxing-of-MPP7-on-Op.patch
new file mode 100644
index 0000000000..5438a4b947
--- /dev/null
+++ b/patches.kernel.org/4.4.113-040-ARM-dts-kirkwood-fix-pin-muxing-of-MPP7-on-Op.patch
@@ -0,0 +1,81 @@
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Thu, 4 Jan 2018 17:53:12 +0100
+Subject: [PATCH] ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 56aeb07c914a616ab84357d34f8414a69b140cdf
+
+commit 56aeb07c914a616ab84357d34f8414a69b140cdf upstream.
+
+MPP7 is currently muxed as "gpio", but this function doesn't exist for
+MPP7, only "gpo" is available. This causes the following error:
+
+kirkwood-pinctrl f1010000.pin-controller: unsupported function gpio on pin mpp7
+pinctrl core: failed to register map default (6): invalid type given
+kirkwood-pinctrl f1010000.pin-controller: error claiming hogs: -22
+kirkwood-pinctrl f1010000.pin-controller: could not claim hogs: -22
+kirkwood-pinctrl f1010000.pin-controller: unable to register pinctrl driver
+kirkwood-pinctrl: probe of f1010000.pin-controller failed with error -22
+
+So the pinctrl driver is not probed, all device drivers (including the
+UART driver) do a -EPROBE_DEFER, and therefore the system doesn't
+really boot (well, it boots, but with no UART, and no devices that
+require pin-muxing).
+
+Back when the Device Tree file for this board was introduced, the
+definition was already wrong. The pinctrl driver also always described
+as "gpo" this function for MPP7. However, between Linux 4.10 and 4.11,
+a hog pin failing to be muxed was turned from a simple warning to a
+hard error that caused the entire pinctrl driver probe to bail
+out. This is probably the result of commit 6118714275f0a ("pinctrl:
+core: Fix pinctrl_register_and_init() with pinctrl_enable()").
+
+This commit fixes the Device Tree to use the proper "gpo" function for
+MPP7, which fixes the boot of OpenBlocks A7, which was broken since
+Linux 4.11.
+
+Fixes: f24b56cbcd9d ("ARM: kirkwood: add support for OpenBlocks A7 platform")
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/arm/boot/dts/kirkwood-openblocks_a7.dts | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/boot/dts/kirkwood-openblocks_a7.dts b/arch/arm/boot/dts/kirkwood-openblocks_a7.dts
+index d5e3bc518968..d57f48543f76 100644
+--- a/arch/arm/boot/dts/kirkwood-openblocks_a7.dts
++++ b/arch/arm/boot/dts/kirkwood-openblocks_a7.dts
+@@ -53,7 +53,8 @@
+ };
+
+ pinctrl: pin-controller@10000 {
+- pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header>;
++ pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header
++ &pmx_gpio_header_gpo>;
+ pinctrl-names = "default";
+
+ pmx_uart0: pmx-uart0 {
+@@ -85,11 +86,16 @@
+ * ground.
+ */
+ pmx_gpio_header: pmx-gpio-header {
+- marvell,pins = "mpp17", "mpp7", "mpp29", "mpp28",
++ marvell,pins = "mpp17", "mpp29", "mpp28",
+ "mpp35", "mpp34", "mpp40";
+ marvell,function = "gpio";
+ };
+
++ pmx_gpio_header_gpo: pxm-gpio-header-gpo {
++ marvell,pins = "mpp7";
++ marvell,function = "gpo";
++ };
++
+ pmx_gpio_init: pmx-init {
+ marvell,pins = "mpp38";
+ marvell,function = "gpio";
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-041-can-peak-fix-potential-bug-in-packet-fragment.patch b/patches.kernel.org/4.4.113-041-can-peak-fix-potential-bug-in-packet-fragment.patch
new file mode 100644
index 0000000000..a4d5cfdbab
--- /dev/null
+++ b/patches.kernel.org/4.4.113-041-can-peak-fix-potential-bug-in-packet-fragment.patch
@@ -0,0 +1,75 @@
+From: Stephane Grosjean <s.grosjean@peak-system.com>
+Date: Mon, 15 Jan 2018 16:31:19 +0100
+Subject: [PATCH] can: peak: fix potential bug in packet fragmentation
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: d8a243af1a68395e07ac85384a2740d4134c67f4
+
+commit d8a243af1a68395e07ac85384a2740d4134c67f4 upstream.
+
+In some rare conditions when running one PEAK USB-FD interface over
+a non high-speed USB controller, one useless USB fragment might be sent.
+This patch fixes the way a USB command is fragmented when its length is
+greater than 64 bytes and when the underlying USB controller is not a
+high-speed one.
+
+Signed-off-by: Stephane Grosjean <s.grosjean@peak-system.com>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c
+index ce44a033f63b..64cc86a82b2d 100644
+--- a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c
++++ b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c
+@@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail)
+ void *cmd_head = pcan_usb_fd_cmd_buffer(dev);
+ int err = 0;
+ u8 *packet_ptr;
+- int i, n = 1, packet_len;
++ int packet_len;
+ ptrdiff_t cmd_len;
+
+ /* usb device unregistered? */
+@@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail)
+ }
+
+ packet_ptr = cmd_head;
++ packet_len = cmd_len;
+
+ /* firmware is not able to re-assemble 512 bytes buffer in full-speed */
+- if ((dev->udev->speed != USB_SPEED_HIGH) &&
+- (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) {
+- packet_len = PCAN_UFD_LOSPD_PKT_SIZE;
+- n += cmd_len / packet_len;
+- } else {
+- packet_len = cmd_len;
+- }
++ if (unlikely(dev->udev->speed != USB_SPEED_HIGH))
++ packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE);
+
+- for (i = 0; i < n; i++) {
++ do {
+ err = usb_bulk_msg(dev->udev,
+ usb_sndbulkpipe(dev->udev,
+ PCAN_USBPRO_EP_CMDOUT),
+@@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail)
+ }
+
+ packet_ptr += packet_len;
+- }
++ cmd_len -= packet_len;
++
++ if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE)
++ packet_len = cmd_len;
++
++ } while (packet_len > 0);
+
+ return err;
+ }
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-042-libata-apply-MAX_SEC_1024-to-all-LITEON-EP1-s.patch b/patches.kernel.org/4.4.113-042-libata-apply-MAX_SEC_1024-to-all-LITEON-EP1-s.patch
new file mode 100644
index 0000000000..af8a2f7c42
--- /dev/null
+++ b/patches.kernel.org/4.4.113-042-libata-apply-MAX_SEC_1024-to-all-LITEON-EP1-s.patch
@@ -0,0 +1,37 @@
+From: Xinyu Lin <xinyu0123@gmail.com>
+Date: Sun, 17 Dec 2017 20:13:39 +0800
+Subject: [PATCH] libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: db5ff909798ef0099004ad50a0ff5fde92426fd1
+
+commit db5ff909798ef0099004ad50a0ff5fde92426fd1 upstream.
+
+LITEON EP1 has the same timeout issues as CX1 series devices.
+
+Revert max_sectors to the value of 1024.
+
+Fixes: e0edc8c54646 ("libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices")
+Signed-off-by: Xinyu Lin <xinyu0123@gmail.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/ata/libata-core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
+index b0b77b61c40c..69ec1c5d7152 100644
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4143,6 +4143,7 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
+ * https://bugzilla.kernel.org/show_bug.cgi?id=121671
+ */
+ { "LITEON CX1-JB*-HP", NULL, ATA_HORKAGE_MAX_SEC_1024 },
++ { "LITEON EP1-*", NULL, ATA_HORKAGE_MAX_SEC_1024 },
+
+ /* Devices we expect to fail diagnostics */
+
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-043-dm-btree-fix-serious-bug-in-btree_split_benea.patch b/patches.kernel.org/4.4.113-043-dm-btree-fix-serious-bug-in-btree_split_benea.patch
new file mode 100644
index 0000000000..ff9885f8df
--- /dev/null
+++ b/patches.kernel.org/4.4.113-043-dm-btree-fix-serious-bug-in-btree_split_benea.patch
@@ -0,0 +1,77 @@
+From: Joe Thornber <thornber@redhat.com>
+Date: Wed, 20 Dec 2017 09:56:06 +0000
+Subject: [PATCH] dm btree: fix serious bug in btree_split_beneath()
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: bc68d0a43560e950850fc69b58f0f8254b28f6d6
+
+commit bc68d0a43560e950850fc69b58f0f8254b28f6d6 upstream.
+
+When inserting a new key/value pair into a btree we walk down the spine of
+btree nodes performing the following 2 operations:
+
+ i) space for a new entry
+ ii) adjusting the first key entry if the new key is lower than any in the node.
+
+If the _root_ node is full, the function btree_split_beneath() allocates 2 new
+nodes, and redistibutes the root nodes entries between them. The root node is
+left with 2 entries corresponding to the 2 new nodes.
+
+btree_split_beneath() then adjusts the spine to point to one of the two new
+children. This means the first key is never adjusted if the new key was lower,
+ie. operation (ii) gets missed out. This can result in the new key being
+'lost' for a period; until another low valued key is inserted that will uncover
+it.
+
+This is a serious bug, and quite hard to make trigger in normal use. A
+reproducing test case ("thin create devices-in-reverse-order") is
+available as part of the thin-provision-tools project:
+ https://github.com/jthornber/thin-provisioning-tools/blob/master/functional-tests/device-mapper/dm-tests.scm#L593
+
+Fix the issue by changing btree_split_beneath() so it no longer adjusts
+the spine. Instead it unlocks both the new nodes, and lets the main
+loop in btree_insert_raw() relock the appropriate one and make any
+neccessary adjustments.
+
+Reported-by: Monty Pavel <monty_pavel@sina.com>
+Signed-off-by: Joe Thornber <thornber@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/md/persistent-data/dm-btree.c | 19 ++-----------------
+ 1 file changed, 2 insertions(+), 17 deletions(-)
+
+diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
+index a1a68209bd36..880b7dee9c52 100644
+--- a/drivers/md/persistent-data/dm-btree.c
++++ b/drivers/md/persistent-data/dm-btree.c
+@@ -671,23 +671,8 @@ static int btree_split_beneath(struct shadow_spine *s, uint64_t key)
+ pn->keys[1] = rn->keys[0];
+ memcpy_disk(value_ptr(pn, 1), &val, sizeof(__le64));
+
+- /*
+- * rejig the spine. This is ugly, since it knows too
+- * much about the spine
+- */
+- if (s->nodes[0] != new_parent) {
+- unlock_block(s->info, s->nodes[0]);
+- s->nodes[0] = new_parent;
+- }
+- if (key < le64_to_cpu(rn->keys[0])) {
+- unlock_block(s->info, right);
+- s->nodes[1] = left;
+- } else {
+- unlock_block(s->info, left);
+- s->nodes[1] = right;
+- }
+- s->count = 2;
+-
++ unlock_block(s->info, left);
++ unlock_block(s->info, right);
+ return 0;
+ }
+
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-044-dm-thin-metadata-THIN_MAX_CONCURRENT_LOCKS-sh.patch b/patches.kernel.org/4.4.113-044-dm-thin-metadata-THIN_MAX_CONCURRENT_LOCKS-sh.patch
new file mode 100644
index 0000000000..2b23d2be4e
--- /dev/null
+++ b/patches.kernel.org/4.4.113-044-dm-thin-metadata-THIN_MAX_CONCURRENT_LOCKS-sh.patch
@@ -0,0 +1,59 @@
+From: Dennis Yang <dennisyang@qnap.com>
+Date: Tue, 12 Dec 2017 18:21:40 +0800
+Subject: [PATCH] dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 490ae017f54e55bde382d45ea24bddfb6d1a0aaf
+
+commit 490ae017f54e55bde382d45ea24bddfb6d1a0aaf upstream.
+
+For btree removal, there is a corner case that a single thread
+could takes 6 locks which is more than THIN_MAX_CONCURRENT_LOCKS(5)
+and leads to deadlock.
+
+A btree removal might eventually call
+rebalance_children()->rebalance3() to rebalance entries of three
+neighbor child nodes when shadow_spine has already acquired two
+write locks. In rebalance3(), it tries to shadow and acquire the
+write locks of all three child nodes. However, shadowing a child
+node requires acquiring a read lock of the original child node and
+a write lock of the new block. Although the read lock will be
+released after block shadowing, shadowing the third child node
+in rebalance3() could still take the sixth lock.
+(2 write locks for shadow_spine +
+ 2 write locks for the first two child nodes's shadow +
+ 1 write lock for the last child node's shadow +
+ 1 read lock for the last child node)
+
+Signed-off-by: Dennis Yang <dennisyang@qnap.com>
+Acked-by: Joe Thornber <thornber@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/md/dm-thin-metadata.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
+index 3b67afda430b..e339f4288e8f 100644
+--- a/drivers/md/dm-thin-metadata.c
++++ b/drivers/md/dm-thin-metadata.c
+@@ -81,10 +81,14 @@
+ #define SECTOR_TO_BLOCK_SHIFT 3
+
+ /*
++ * For btree insert:
+ * 3 for btree insert +
+ * 2 for btree lookup used within space map
++ * For btree remove:
++ * 2 for shadow spine +
++ * 4 for rebalance 3 child node
+ */
+-#define THIN_MAX_CONCURRENT_LOCKS 5
++#define THIN_MAX_CONCURRENT_LOCKS 6
+
+ /* This should be plenty */
+ #define SPACE_MAP_ROOT_SIZE 128
+--
+2.16.0
+
diff --git a/patches.suse/0030-arm64-KVM-Fix-SMCCC-handling-of-unimplemented-SMC-HV.patch b/patches.kernel.org/4.4.113-045-arm64-KVM-Fix-SMCCC-handling-of-unimplemented.patch
index e08d5705e1..0c777bd681 100644
--- a/patches.suse/0030-arm64-KVM-Fix-SMCCC-handling-of-unimplemented-SMC-HV.patch
+++ b/patches.kernel.org/4.4.113-045-arm64-KVM-Fix-SMCCC-handling-of-unimplemented.patch
@@ -1,12 +1,11 @@
-From daeaaac3e16f71022dd55763acf90263dcc482e2 Mon Sep 17 00:00:00 2001
From: Marc Zyngier <marc.zyngier@arm.com>
Date: Tue, 16 Jan 2018 10:23:47 +0000
Subject: [PATCH] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
-
+Patch-mainline: 4.4.113
+References: bnc#1012382 bsc#1076232
Git-commit: acfb3b883f6d6a4b5d27ad7fdded11f6a09ae6dd
-Patch-mainline: Queued
-Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
-References: bsc#1076232
+
+commit acfb3b883f6d6a4b5d27ad7fdded11f6a09ae6dd upstream.
KVM doesn't follow the SMCCC when it comes to unimplemented calls,
and inject an UNDEF instead of returning an error. Since firmware
@@ -16,19 +15,19 @@ common, and the undef is counter productive.
Instead, let's follow the SMCCC which states that -1 must be returned
to the caller when getting an unknown function number.
-Cc: <stable@vger.kernel.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
-Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/arm64/kvm/handle_exit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
-index 85baadab02d3..2e6e9e99977b 100644
+index ba93a09eb536..5295aef7c8f0 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
-@@ -44,7 +44,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run)
+@@ -42,7 +42,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run)
ret = kvm_psci_call(vcpu);
if (ret < 0) {
@@ -37,7 +36,7 @@ index 85baadab02d3..2e6e9e99977b 100644
return 1;
}
-@@ -53,7 +53,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run)
+@@ -51,7 +51,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run)
static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run)
{
@@ -47,5 +46,5 @@ index 85baadab02d3..2e6e9e99977b 100644
}
--
-2.11.0
+2.16.0
diff --git a/patches.kernel.org/4.4.113-046-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-proc.patch b/patches.kernel.org/4.4.113-046-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-proc.patch
new file mode 100644
index 0000000000..fa5c9b9a29
--- /dev/null
+++ b/patches.kernel.org/4.4.113-046-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-proc.patch
@@ -0,0 +1,51 @@
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 26 Dec 2017 23:43:54 -0600
+Subject: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 694d99d40972f12e59a3696effee8a376b79d7c8
+
+commit 694d99d40972f12e59a3696effee8a376b79d7c8 upstream.
+
+AMD processors are not subject to the types of attacks that the kernel
+page table isolation feature protects against. The AMD microarchitecture
+does not allow memory references, including speculative references, that
+access higher privileged data when running in a lesser privileged mode
+when that access would result in a page fault.
+
+Disable page table isolation by default on AMD processors by not setting
+the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
+is set.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20171227054354.20369.94587.stgit@tlendack-t1.amdoffice.net
+Cc: Nick Lowe <nick.lowe@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/kernel/cpu/common.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
+index 0531c1707b40..f7f2ad3687ee 100644
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -831,8 +831,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
+
+ setup_force_cpu_cap(X86_FEATURE_ALWAYS);
+
+- /* Assume for now that ALL x86 CPUs are insecure */
+- setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
++ if (c->x86_vendor != X86_VENDOR_AMD)
++ setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
+
+ setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
+ setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-047-kbuild-modversions-for-EXPORT_SYMBOL-for-asm.patch b/patches.kernel.org/4.4.113-047-kbuild-modversions-for-EXPORT_SYMBOL-for-asm.patch
new file mode 100644
index 0000000000..e213427361
--- /dev/null
+++ b/patches.kernel.org/4.4.113-047-kbuild-modversions-for-EXPORT_SYMBOL-for-asm.patch
@@ -0,0 +1,169 @@
+From: Nicholas Piggin <npiggin@gmail.com>
+Date: Tue, 1 Nov 2016 12:46:19 +1100
+Subject: [PATCH] kbuild: modversions for EXPORT_SYMBOL() for asm
+Patch-mainline: 4.4.113
+References: bnc#1012382 bsc#1068032 bsc#1074621
+Git-commit: 4efca4ed05cbdfd13ec3e8cb623fb77d6e4ab187
+
+commit 4efca4ed05cbdfd13ec3e8cb623fb77d6e4ab187 upstream.
+
+Allow architectures to create asm/asm-prototypes.h file that
+provides C prototypes for exported asm functions, which enables
+proper CRC versions to be generated for them.
+
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Signed-off-by: Michal Marek <mmarek@suse.com>
+[jkosina@suse.cz: folded cc6acc11cad1 fixup in as well ]
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ scripts/Makefile.build | 87 ++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 80 insertions(+), 7 deletions(-)
+
+diff --git a/scripts/Makefile.build b/scripts/Makefile.build
+index 01df30af4d4a..18209917e379 100644
+--- a/scripts/Makefile.build
++++ b/scripts/Makefile.build
+@@ -158,7 +158,8 @@ cmd_cc_i_c = $(CPP) $(c_flags) -o $@ $<
+ $(obj)/%.i: $(src)/%.c FORCE
+ $(call if_changed_dep,cc_i_c)
+
+-cmd_gensymtypes = \
++# These mirror gensymtypes_S and co below, keep them in synch.
++cmd_gensymtypes_c = \
+ $(CPP) -D__GENKSYMS__ $(c_flags) $< | \
+ $(GENKSYMS) $(if $(1), -T $(2)) \
+ $(patsubst y,-s _,$(CONFIG_HAVE_UNDERSCORE_SYMBOL_PREFIX)) \
+@@ -168,7 +169,7 @@ cmd_gensymtypes = \
+ quiet_cmd_cc_symtypes_c = SYM $(quiet_modtag) $@
+ cmd_cc_symtypes_c = \
+ set -e; \
+- $(call cmd_gensymtypes,true,$@) >/dev/null; \
++ $(call cmd_gensymtypes_c,true,$@) >/dev/null; \
+ test -s $@ || rm -f $@
+
+ $(obj)/%.symtypes : $(src)/%.c FORCE
+@@ -197,9 +198,10 @@ else
+ # the actual value of the checksum generated by genksyms
+
+ cmd_cc_o_c = $(CC) $(c_flags) -c -o $(@D)/.tmp_$(@F) $<
+-cmd_modversions = \
++
++cmd_modversions_c = \
+ if $(OBJDUMP) -h $(@D)/.tmp_$(@F) | grep -q __ksymtab; then \
+- $(call cmd_gensymtypes,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \
++ $(call cmd_gensymtypes_c,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \
+ > $(@D)/.tmp_$(@F:.o=.ver); \
+ \
+ $(LD) $(LDFLAGS) -r -o $@ $(@D)/.tmp_$(@F) \
+@@ -244,7 +246,7 @@ endif
+ define rule_cc_o_c
+ $(call echo-cmd,checksrc) $(cmd_checksrc) \
+ $(call echo-cmd,cc_o_c) $(cmd_cc_o_c); \
+- $(cmd_modversions) \
++ $(cmd_modversions_c) \
+ $(call echo-cmd,record_mcount) \
+ $(cmd_record_mcount) \
+ scripts/basic/fixdep $(depfile) $@ '$(call make-cmd,cc_o_c)' > \
+@@ -253,6 +255,15 @@ define rule_cc_o_c
+ mv -f $(dot-target).tmp $(dot-target).cmd
+ endef
+
++define rule_as_o_S
++ $(call echo-cmd,as_o_S) $(cmd_as_o_S); \
++ scripts/basic/fixdep $(depfile) $@ '$(call make-cmd,as_o_S)' > \
++ $(dot-target).tmp; \
++ $(cmd_modversions_S) \
++ rm -f $(depfile); \
++ mv -f $(dot-target).tmp $(dot-target).cmd
++endef
++
+ # Built-in and composite module parts
+ $(obj)/%.o: $(src)/%.c $(recordmcount_source) FORCE
+ $(call cmd,force_checksrc)
+@@ -281,6 +292,38 @@ modkern_aflags := $(KBUILD_AFLAGS_KERNEL) $(AFLAGS_KERNEL)
+ $(real-objs-m) : modkern_aflags := $(KBUILD_AFLAGS_MODULE) $(AFLAGS_MODULE)
+ $(real-objs-m:.o=.s): modkern_aflags := $(KBUILD_AFLAGS_MODULE) $(AFLAGS_MODULE)
+
++# .S file exports must have their C prototypes defined in asm/asm-prototypes.h
++# or a file that it includes, in order to get versioned symbols. We build a
++# dummy C file that includes asm-prototypes and the EXPORT_SYMBOL lines from
++# the .S file (with trailing ';'), and run genksyms on that, to extract vers.
++#
++# This is convoluted. The .S file must first be preprocessed to run guards and
++# expand names, then the resulting exports must be constructed into plain
++# EXPORT_SYMBOL(symbol); to build our dummy C file, and that gets preprocessed
++# to make the genksyms input.
++#
++# These mirror gensymtypes_c and co above, keep them in synch.
++cmd_gensymtypes_S = \
++ (echo "\#include <linux/kernel.h>" ; \
++ echo "\#include <asm/asm-prototypes.h>" ; \
++ $(CPP) $(a_flags) $< | \
++ grep "\<___EXPORT_SYMBOL\>" | \
++ sed 's/.*___EXPORT_SYMBOL[[:space:]]*\([a-zA-Z0-9_]*\)[[:space:]]*,.*/EXPORT_SYMBOL(\1);/' ) | \
++ $(CPP) -D__GENKSYMS__ $(c_flags) -xc - | \
++ $(GENKSYMS) $(if $(1), -T $(2)) \
++ $(patsubst y,-s _,$(CONFIG_HAVE_UNDERSCORE_SYMBOL_PREFIX)) \
++ $(if $(KBUILD_PRESERVE),-p) \
++ -r $(firstword $(wildcard $(2:.symtypes=.symref) /dev/null))
++
++quiet_cmd_cc_symtypes_S = SYM $(quiet_modtag) $@
++cmd_cc_symtypes_S = \
++ set -e; \
++ $(call cmd_gensymtypes_S,true,$@) >/dev/null; \
++ test -s $@ || rm -f $@
++
++$(obj)/%.symtypes : $(src)/%.S FORCE
++ $(call cmd,cc_symtypes_S)
++
+ quiet_cmd_as_s_S = CPP $(quiet_modtag) $@
+ cmd_as_s_S = $(CPP) $(a_flags) -o $@ $<
+
+@@ -288,10 +331,40 @@ $(obj)/%.s: $(src)/%.S FORCE
+ $(call if_changed_dep,as_s_S)
+
+ quiet_cmd_as_o_S = AS $(quiet_modtag) $@
+-cmd_as_o_S = $(CC) $(a_flags) -c -o $@ $<
++
++ifndef CONFIG_MODVERSIONS
++cmd_as_o_S = $(CC) $(a_flags) -c -o $@ $<
++
++else
++
++ASM_PROTOTYPES := $(wildcard $(srctree)/arch/$(SRCARCH)/include/asm/asm-prototypes.h)
++
++ifeq ($(ASM_PROTOTYPES),)
++cmd_as_o_S = $(CC) $(a_flags) -c -o $@ $<
++
++else
++
++# versioning matches the C process described above, with difference that
++# we parse asm-prototypes.h C header to get function definitions.
++
++cmd_as_o_S = $(CC) $(a_flags) -c -o $(@D)/.tmp_$(@F) $<
++
++cmd_modversions_S = \
++ if $(OBJDUMP) -h $(@D)/.tmp_$(@F) | grep -q __ksymtab; then \
++ $(call cmd_gensymtypes_S,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \
++ > $(@D)/.tmp_$(@F:.o=.ver); \
++ \
++ $(LD) $(LDFLAGS) -r -o $@ $(@D)/.tmp_$(@F) \
++ -T $(@D)/.tmp_$(@F:.o=.ver); \
++ rm -f $(@D)/.tmp_$(@F) $(@D)/.tmp_$(@F:.o=.ver); \
++ else \
++ mv -f $(@D)/.tmp_$(@F) $@; \
++ fi;
++endif
++endif
+
+ $(obj)/%.o: $(src)/%.S FORCE
+- $(call if_changed_dep,as_o_S)
++ $(call if_changed_rule,as_o_S)
+
+ targets += $(real-objs-y) $(real-objs-m) $(lib-y)
+ targets += $(extra-y) $(MAKECMDGOALS) $(always)
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-048-x86-mce-Make-machine-check-speculation-protec.patch b/patches.kernel.org/4.4.113-048-x86-mce-Make-machine-check-speculation-protec.patch
new file mode 100644
index 0000000000..841592e15e
--- /dev/null
+++ b/patches.kernel.org/4.4.113-048-x86-mce-Make-machine-check-speculation-protec.patch
@@ -0,0 +1,72 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 18 Jan 2018 16:28:26 +0100
+Subject: [PATCH] x86/mce: Make machine check speculation protected
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 6f41c34d69eb005e7848716bbcafc979b35037d5
+
+commit 6f41c34d69eb005e7848716bbcafc979b35037d5 upstream.
+
+The machine check idtentry uses an indirect branch directly from the low
+level code. This evades the speculation protection.
+
+Replace it by a direct call into C code and issue the indirect call there
+so the compiler can apply the proper speculation protection.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by:Borislav Petkov <bp@alien8.de>
+Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
+Niced-by: Peter Zijlstra <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801181626290.1847@nanos
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/entry/entry_64.S | 2 +-
+ arch/x86/include/asm/traps.h | 1 +
+ arch/x86/kernel/cpu/mcheck/mce.c | 5 +++++
+ 3 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
+index 81b1cd533965..a03b22c615d9 100644
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -1031,7 +1031,7 @@ idtentry async_page_fault do_async_page_fault has_error_code=1
+ #endif
+
+ #ifdef CONFIG_X86_MCE
+-idtentry machine_check has_error_code=0 paranoid=1 do_sym=*machine_check_vector(%rip)
++idtentry machine_check do_mce has_error_code=0 paranoid=1
+ #endif
+
+ /*
+diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
+index c3496619740a..156959ca49ce 100644
+--- a/arch/x86/include/asm/traps.h
++++ b/arch/x86/include/asm/traps.h
+@@ -92,6 +92,7 @@ dotraplinkage void do_simd_coprocessor_error(struct pt_regs *, long);
+ #ifdef CONFIG_X86_32
+ dotraplinkage void do_iret_error(struct pt_regs *, long);
+ #endif
++dotraplinkage void do_mce(struct pt_regs *, long);
+
+ static inline int get_si_code(unsigned long condition)
+ {
+diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
+index 7e8a736d09db..364fbad72e60 100644
+--- a/arch/x86/kernel/cpu/mcheck/mce.c
++++ b/arch/x86/kernel/cpu/mcheck/mce.c
+@@ -1672,6 +1672,11 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+ void (*machine_check_vector)(struct pt_regs *, long error_code) =
+ unexpected_machine_check;
+
++dotraplinkage void do_mce(struct pt_regs *regs, long error_code)
++{
++ machine_check_vector(regs, error_code);
++}
++
+ /*
+ * Called for each booted CPU to set up machine checks.
+ * Must be called with preempt off:
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-049-retpoline-Introduce-start-end-markers-of-indi.patch b/patches.kernel.org/4.4.113-049-retpoline-Introduce-start-end-markers-of-indi.patch
new file mode 100644
index 0000000000..5161a0081e
--- /dev/null
+++ b/patches.kernel.org/4.4.113-049-retpoline-Introduce-start-end-markers-of-indi.patch
@@ -0,0 +1,80 @@
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Fri, 19 Jan 2018 01:14:21 +0900
+Subject: [PATCH] retpoline: Introduce start/end markers of indirect thunk
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 736e80a4213e9bbce40a7c050337047128b472ac
+
+commit 736e80a4213e9bbce40a7c050337047128b472ac upstream.
+
+Introduce start/end markers of __x86_indirect_thunk_* functions.
+To make it easy, consolidate .text.__x86.indirect_thunk.* sections
+to one .text.__x86.indirect_thunk section and put it in the
+end of kernel text section and adds __indirect_thunk_start/end
+so that other subsystem (e.g. kprobes) can identify it.
+
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: David Woodhouse <dwmw@amazon.co.uk>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
+Link: https://lkml.kernel.org/r/151629206178.10241.6828804696410044771.stgit@devbox
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/include/asm/nospec-branch.h | 3 +++
+ arch/x86/kernel/vmlinux.lds.S | 7 +++++++
+ arch/x86/lib/retpoline.S | 2 +-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
+index e28a9ff1246c..4f7a5d3fed91 100644
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -171,6 +171,9 @@ enum spectre_v2_mitigation {
+ SPECTRE_V2_IBRS,
+ };
+
++extern char __indirect_thunk_start[];
++extern char __indirect_thunk_end[];
++
+ /*
+ * On VMEXIT we must ensure that no RSB predictions learned in the guest
+ * can be followed in the host, by overwriting the RSB completely. Both
+diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
+index 74e4bf11f562..e065065a4dfb 100644
+--- a/arch/x86/kernel/vmlinux.lds.S
++++ b/arch/x86/kernel/vmlinux.lds.S
+@@ -104,6 +104,13 @@ SECTIONS
+ IRQENTRY_TEXT
+ *(.fixup)
+ *(.gnu.warning)
++
++#ifdef CONFIG_RETPOLINE
++ __indirect_thunk_start = .;
++ *(.text.__x86.indirect_thunk)
++ __indirect_thunk_end = .;
++#endif
++
+ /* End of text section */
+ _etext = .;
+ } :text = 0x9090
+diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S
+index 019a03599bb0..8a8093e9cf01 100644
+--- a/arch/x86/lib/retpoline.S
++++ b/arch/x86/lib/retpoline.S
+@@ -9,7 +9,7 @@
+ #include <asm/nospec-branch.h>
+
+ .macro THUNK reg
+- .section .text.__x86.indirect_thunk.\reg
++ .section .text.__x86.indirect_thunk
+
+ ENTRY(__x86_indirect_thunk_\reg)
+ CFI_STARTPROC
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-050-kprobes-x86-Blacklist-indirect-thunk-function.patch b/patches.kernel.org/4.4.113-050-kprobes-x86-Blacklist-indirect-thunk-function.patch
new file mode 100644
index 0000000000..091dfb9f96
--- /dev/null
+++ b/patches.kernel.org/4.4.113-050-kprobes-x86-Blacklist-indirect-thunk-function.patch
@@ -0,0 +1,45 @@
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Fri, 19 Jan 2018 01:14:51 +0900
+Subject: [PATCH] kprobes/x86: Blacklist indirect thunk functions for kprobes
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: c1804a236894ecc942da7dc6c5abe209e56cba93
+
+commit c1804a236894ecc942da7dc6c5abe209e56cba93 upstream.
+
+Mark __x86_indirect_thunk_* functions as blacklist for kprobes
+because those functions can be called from anywhere in the kernel
+including blacklist functions of kprobes.
+
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: David Woodhouse <dwmw@amazon.co.uk>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
+Link: https://lkml.kernel.org/r/151629209111.10241.5444852823378068683.stgit@devbox
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/lib/retpoline.S | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S
+index 8a8093e9cf01..e611a124c442 100644
+--- a/arch/x86/lib/retpoline.S
++++ b/arch/x86/lib/retpoline.S
+@@ -25,7 +25,8 @@ ENDPROC(__x86_indirect_thunk_\reg)
+ * than one per register with the correct names. So we do it
+ * the simple and nasty way...
+ */
+-#define EXPORT_THUNK(reg) EXPORT_SYMBOL(__x86_indirect_thunk_ ## reg)
++#define __EXPORT_THUNK(sym) _ASM_NOKPROBE(sym); EXPORT_SYMBOL(sym)
++#define EXPORT_THUNK(reg) __EXPORT_THUNK(__x86_indirect_thunk_ ## reg)
+ #define GENERATE_THUNK(reg) THUNK reg ; EXPORT_THUNK(reg)
+
+ GENERATE_THUNK(_ASM_AX)
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-051-kprobes-x86-Disable-optimizing-on-the-functio.patch b/patches.kernel.org/4.4.113-051-kprobes-x86-Disable-optimizing-on-the-functio.patch
new file mode 100644
index 0000000000..ccc3db8391
--- /dev/null
+++ b/patches.kernel.org/4.4.113-051-kprobes-x86-Disable-optimizing-on-the-functio.patch
@@ -0,0 +1,86 @@
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Fri, 19 Jan 2018 01:15:20 +0900
+Subject: [PATCH] kprobes/x86: Disable optimizing on the function jumps to
+ indirect thunk
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: c86a32c09f8ced67971a2310e3b0dda4d1749007
+
+commit c86a32c09f8ced67971a2310e3b0dda4d1749007 upstream.
+
+Since indirect jump instructions will be replaced by jump
+to __x86_indirect_thunk_*, those jmp instruction must be
+treated as an indirect jump. Since optprobe prohibits to
+optimize probes in the function which uses an indirect jump,
+it also needs to find out the function which jump to
+__x86_indirect_thunk_* and disable optimization.
+
+Add a check that the jump target address is between the
+__indirect_thunk_start/end when optimizing kprobe.
+
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: David Woodhouse <dwmw@amazon.co.uk>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
+Link: https://lkml.kernel.org/r/151629212062.10241.6991266100233002273.stgit@devbox
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/kernel/kprobes/opt.c | 23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c
+index c9d488f3e4cd..ea8e2b846101 100644
+--- a/arch/x86/kernel/kprobes/opt.c
++++ b/arch/x86/kernel/kprobes/opt.c
+@@ -36,6 +36,7 @@
+ #include <asm/alternative.h>
+ #include <asm/insn.h>
+ #include <asm/debugreg.h>
++#include <asm/nospec-branch.h>
+
+ #include "common.h"
+
+@@ -191,7 +192,7 @@ static int copy_optimized_instructions(u8 *dest, u8 *src)
+ }
+
+ /* Check whether insn is indirect jump */
+-static int insn_is_indirect_jump(struct insn *insn)
++static int __insn_is_indirect_jump(struct insn *insn)
+ {
+ return ((insn->opcode.bytes[0] == 0xff &&
+ (X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */
+@@ -225,6 +226,26 @@ static int insn_jump_into_range(struct insn *insn, unsigned long start, int len)
+ return (start <= target && target <= start + len);
+ }
+
++static int insn_is_indirect_jump(struct insn *insn)
++{
++ int ret = __insn_is_indirect_jump(insn);
++
++#ifdef CONFIG_RETPOLINE
++ /*
++ * Jump to x86_indirect_thunk_* is treated as an indirect jump.
++ * Note that even with CONFIG_RETPOLINE=y, the kernel compiled with
++ * older gcc may use indirect jump. So we add this check instead of
++ * replace indirect-jump check.
++ */
++ if (!ret)
++ ret = insn_jump_into_range(insn,
++ (unsigned long)__indirect_thunk_start,
++ (unsigned long)__indirect_thunk_end -
++ (unsigned long)__indirect_thunk_start);
++#endif
++ return ret;
++}
++
+ /* Decode whole function to ensure any instructions don't jump into target */
+ static int can_optimize(unsigned long paddr)
+ {
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-052-x86-pti-Document-fix-wrong-index.patch b/patches.kernel.org/4.4.113-052-x86-pti-Document-fix-wrong-index.patch
new file mode 100644
index 0000000000..a8b88ac37f
--- /dev/null
+++ b/patches.kernel.org/4.4.113-052-x86-pti-Document-fix-wrong-index.patch
@@ -0,0 +1,37 @@
+From: "zhenwei.pi" <zhenwei.pi@youruncloud.com>
+Date: Thu, 18 Jan 2018 09:04:52 +0800
+Subject: [PATCH] x86/pti: Document fix wrong index
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 98f0fceec7f84d80bc053e49e596088573086421
+
+commit 98f0fceec7f84d80bc053e49e596088573086421 upstream.
+
+In section <2. Runtime Cost>, fix wrong index.
+
+Signed-off-by: zhenwei.pi <zhenwei.pi@youruncloud.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: dave.hansen@linux.intel.com
+Link: https://lkml.kernel.org/r/1516237492-27739-1-git-send-email-zhenwei.pi@youruncloud.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ Documentation/x86/pti.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Documentation/x86/pti.txt b/Documentation/x86/pti.txt
+index d11eff61fc9a..5cd58439ad2d 100644
+--- a/Documentation/x86/pti.txt
++++ b/Documentation/x86/pti.txt
+@@ -78,7 +78,7 @@ this protection comes at a cost:
+ non-PTI SYSCALL entry code, so requires mapping fewer
+ things into the userspace page tables. The downside is
+ that stacks must be switched at entry time.
+- d. Global pages are disabled for all kernel structures not
++ c. Global pages are disabled for all kernel structures not
+ mapped into both kernel and userspace page tables. This
+ feature of the MMU allows different processes to share TLB
+ entries mapping the kernel. Losing the feature means more
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-053-x86-retpoline-Optimize-inline-assembler-for-v.patch b/patches.kernel.org/4.4.113-053-x86-retpoline-Optimize-inline-assembler-for-v.patch
new file mode 100644
index 0000000000..3dc87d3084
--- /dev/null
+++ b/patches.kernel.org/4.4.113-053-x86-retpoline-Optimize-inline-assembler-for-v.patch
@@ -0,0 +1,62 @@
+From: Andi Kleen <ak@linux.intel.com>
+Date: Wed, 17 Jan 2018 14:53:28 -0800
+Subject: [PATCH] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+Patch-mainline: 4.4.113
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: 3f7d875566d8e79c5e0b2c9a413e91b2c29e0854
+
+commit 3f7d875566d8e79c5e0b2c9a413e91b2c29e0854 upstream.
+
+The generated assembler for the C fill RSB inline asm operations has
+several issues:
+
+- The C code sets up the loop register, which is then immediately
+ overwritten in __FILL_RETURN_BUFFER with the same value again.
+
+- The C code also passes in the iteration count in another register, which
+ is not used at all.
+
+Remove these two unnecessary operations. Just rely on the single constant
+passed to the macro for the iterations.
+
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: David Woodhouse <dwmw@amazon.co.uk>
+Cc: dave.hansen@intel.com
+Cc: gregkh@linuxfoundation.org
+Cc: torvalds@linux-foundation.org
+Cc: arjan@linux.intel.com
+Link: https://lkml.kernel.org/r/20180117225328.15414-1-andi@firstfloor.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/include/asm/nospec-branch.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
+index 4f7a5d3fed91..492370b9b35b 100644
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -183,15 +183,16 @@ extern char __indirect_thunk_end[];
+ static inline void vmexit_fill_RSB(void)
+ {
+ #ifdef CONFIG_RETPOLINE
+- unsigned long loops = RSB_CLEAR_LOOPS / 2;
++ unsigned long loops;
+
+ asm volatile (ALTERNATIVE("jmp 910f",
+ __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)),
+ X86_FEATURE_RETPOLINE)
+ "910:"
+- : "=&r" (loops), ASM_CALL_CONSTRAINT
+- : "r" (loops) : "memory" );
++ : "=r" (loops), ASM_CALL_CONSTRAINT
++ : : "memory" );
+ #endif
+ }
++
+ #endif /* __ASSEMBLY__ */
+ #endif /* __NOSPEC_BRANCH_H__ */
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-054-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-.patch b/patches.kernel.org/4.4.113-054-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-.patch
new file mode 100644
index 0000000000..89508e92f4
--- /dev/null
+++ b/patches.kernel.org/4.4.113-054-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-.patch
@@ -0,0 +1,64 @@
+From: Jonas Gorski <jonas.gorski@gmail.com>
+Date: Sun, 29 Oct 2017 16:27:21 +0100
+Subject: [PATCH] MIPS: AR7: ensure the port type's FCR value is used
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: 0a5191efe06b5103909206e4fbcff81d30283f8e
+
+commit 0a5191efe06b5103909206e4fbcff81d30283f8e upstream.
+
+Since commit aef9a7bd9b67 ("serial/uart/8250: Add tunable RX interrupt
+trigger I/F of FIFO buffers"), the port's default FCR value isn't used
+in serial8250_do_set_termios anymore, but copied over once in
+serial8250_config_port and then modified as needed.
+
+Unfortunately, serial8250_config_port will never be called if the port
+is shared between kernel and userspace, and the port's flag doesn't have
+UPF_BOOT_AUTOCONF, which would trigger a serial8250_config_port as well.
+
+This causes garbled output from userspace:
+
+[ 5.220000] random: procd urandom read with 49 bits of entropy available
+ers
+ [kee
+
+Fix this by forcing it to be configured on boot, resulting in the
+expected output:
+
+[ 5.250000] random: procd urandom read with 50 bits of entropy available
+Press the [f] key and hit [enter] to enter failsafe mode
+Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
+
+Fixes: aef9a7bd9b67 ("serial/uart/8250: Add tunable RX interrupt trigger I/F of FIFO buffers")
+Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Yoshihiro YUNOMAE <yoshihiro.yunomae.ez@hitachi.com>
+Cc: Florian Fainelli <f.fainelli@gmail.com>
+Cc: Nicolas Schichan <nschichan@freebox.fr>
+Cc: linux-mips@linux-mips.org
+Cc: linux-serial@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/17544/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Cc: James Hogan <jhogan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/mips/ar7/platform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/mips/ar7/platform.c b/arch/mips/ar7/platform.c
+index 3446b6fb3acb..9da4e2292fc7 100644
+--- a/arch/mips/ar7/platform.c
++++ b/arch/mips/ar7/platform.c
+@@ -576,7 +576,7 @@ static int __init ar7_register_uarts(void)
+ uart_port.type = PORT_AR7;
+ uart_port.uartclk = clk_get_rate(bus_clk) / 2;
+ uart_port.iotype = UPIO_MEM32;
+- uart_port.flags = UPF_FIXED_TYPE;
++ uart_port.flags = UPF_FIXED_TYPE | UPF_BOOT_AUTOCONF;
+ uart_port.regshift = 2;
+
+ uart_port.line = 0;
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.113-055-Linux-4.4.113.patch b/patches.kernel.org/4.4.113-055-Linux-4.4.113.patch
new file mode 100644
index 0000000000..a0193f996c
--- /dev/null
+++ b/patches.kernel.org/4.4.113-055-Linux-4.4.113.patch
@@ -0,0 +1,27 @@
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Tue, 23 Jan 2018 19:50:18 +0100
+Subject: [PATCH] Linux 4.4.113
+References: bnc#1012382
+Patch-mainline: 4.4.113
+Git-commit: f0d0a93b0e81278e86c7d81c25a54ac4f4b739d2
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 07070a1e6292..39019c9d205c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 4
+-SUBLEVEL = 112
++SUBLEVEL = 113
+ EXTRAVERSION =
+ NAME = Blurry Fish Butt
+
+--
+2.16.0
+
diff --git a/patches.kernel.org/4.4.114-001-x86-asm-32-Make-sync_core-handle-missing-CPUI.patch b/patches.kernel.org/4.4.114-001-x86-asm-32-Make-sync_core-handle-missing-CPUI.patch
new file mode 100644
index 0000000000..3913d3b426
--- /dev/null
+++ b/patches.kernel.org/4.4.114-001-x86-asm-32-Make-sync_core-handle-missing-CPUI.patch
@@ -0,0 +1,50 @@
+From: Andy Lutomirski <luto@kernel.org>
+Date: Fri, 9 Dec 2016 10:24:05 -0800
+Subject: [PATCH] x86/asm/32: Make sync_core() handle missing CPUID on all
+ 32-bit kernels
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: 1c52d859cb2d417e7216d3e56bb7fea88444cec9
+
+commit 1c52d859cb2d417e7216d3e56bb7fea88444cec9 upstream.
+
+We support various non-Intel CPUs that don't have the CPUID
+instruction, so the M486 test was wrong. For now, fix it with a big
+hammer: handle missing CPUID on all 32-bit CPUs.
+
+Reported-by: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Juergen Gross <jgross@suse.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Matthew Whitehead <tedheadster@gmail.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
+Cc: Andrew Cooper <andrew.cooper3@citrix.com>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Cc: xen-devel <Xen-devel@lists.xen.org>
+Link: http://lkml.kernel.org/r/685bd083a7c036f7769510b6846315b17d6ba71f.1481307769.git.luto@kernel.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: "Zhang, Ning A" <ning.a.zhang@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/include/asm/processor.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
+index c124d6ab4bf9..86bccb4bd4dc 100644
+--- a/arch/x86/include/asm/processor.h
++++ b/arch/x86/include/asm/processor.h
+@@ -574,7 +574,7 @@ static inline void sync_core(void)
+ {
+ int tmp;
+
+-#ifdef CONFIG_M486
++#ifdef CONFIG_X86_32
+ /*
+ * Do a CPUID if available, otherwise do a jump. The jump
+ * can conveniently enough be the jump around CPUID.
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-002-usbip-prevent-vhci_hcd-driver-from-leaking-a-.patch b/patches.kernel.org/4.4.114-002-usbip-prevent-vhci_hcd-driver-from-leaking-a-.patch
new file mode 100644
index 0000000000..fd3146ffd4
--- /dev/null
+++ b/patches.kernel.org/4.4.114-002-usbip-prevent-vhci_hcd-driver-from-leaking-a-.patch
@@ -0,0 +1,132 @@
+From: Shuah Khan <shuahkh@osg.samsung.com>
+Date: Thu, 7 Dec 2017 14:16:49 -0700
+Subject: [PATCH] usbip: prevent vhci_hcd driver from leaking a socket pointer
+ address
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
+
+commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 upstream.
+
+When a client has a USB device attached over IP, the vhci_hcd driver is
+locally leaking a socket pointer address via the
+
+/sys/devices/platform/vhci_hcd/status file (world-readable) and in debug
+output when "usbip --debug port" is run.
+
+Fix it to not leak. The socket pointer address is not used at the moment
+and it was made visible as a convenient way to find IP address from socket
+pointer address by looking up /proc/net/{tcp,tcp6}.
+
+As this opens a security hole, the fix replaces socket pointer address with
+sockfd.
+
+Reported-by: Secunia Research <vuln@secunia.com>
+Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/usb/usbip/usbip_common.h | 1 +
+ drivers/usb/usbip/vhci_sysfs.c | 25 +++++++++++++++----------
+ tools/usb/usbip/libsrc/vhci_driver.c | 8 ++++----
+ 3 files changed, 20 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/usb/usbip/usbip_common.h b/drivers/usb/usbip/usbip_common.h
+index 86b08475c254..f875ccaa55f9 100644
+--- a/drivers/usb/usbip/usbip_common.h
++++ b/drivers/usb/usbip/usbip_common.h
+@@ -261,6 +261,7 @@ struct usbip_device {
+ /* lock for status */
+ spinlock_t lock;
+
++ int sockfd;
+ struct socket *tcp_socket;
+
+ struct task_struct *tcp_rx;
+diff --git a/drivers/usb/usbip/vhci_sysfs.c b/drivers/usb/usbip/vhci_sysfs.c
+index 211f43f67ea2..84c21c4ccf46 100644
+--- a/drivers/usb/usbip/vhci_sysfs.c
++++ b/drivers/usb/usbip/vhci_sysfs.c
+@@ -39,16 +39,20 @@ static ssize_t status_show(struct device *dev, struct device_attribute *attr,
+
+ /*
+ * output example:
+- * prt sta spd dev socket local_busid
+- * 000 004 000 000 c5a7bb80 1-2.3
+- * 001 004 000 000 d8cee980 2-3.4
++ * port sta spd dev sockfd local_busid
++ * 0000 004 000 00000000 000003 1-2.3
++ * 0001 004 000 00000000 000004 2-3.4
+ *
+- * IP address can be retrieved from a socket pointer address by looking
+- * up /proc/net/{tcp,tcp6}. Also, a userland program may remember a
+- * port number and its peer IP address.
++ * Output includes socket fd instead of socket pointer address to
++ * avoid leaking kernel memory address in:
++ * /sys/devices/platform/vhci_hcd.0/status and in debug output.
++ * The socket pointer address is not used at the moment and it was
++ * made visible as a convenient way to find IP address from socket
++ * pointer address by looking up /proc/net/{tcp,tcp6}. As this opens
++ * a security hole, the change is made to use sockfd instead.
+ */
+ out += sprintf(out,
+- "prt sta spd bus dev socket local_busid\n");
++ "prt sta spd bus dev sockfd local_busid\n");
+
+ for (i = 0; i < VHCI_NPORTS; i++) {
+ struct vhci_device *vdev = port_to_vdev(i);
+@@ -60,11 +64,11 @@ static ssize_t status_show(struct device *dev, struct device_attribute *attr,
+ out += sprintf(out, "%03u %08x ",
+ vdev->speed, vdev->devid);
+ out += sprintf(out, "%16p ", vdev->ud.tcp_socket);
++ out += sprintf(out, "%06u", vdev->ud.sockfd);
+ out += sprintf(out, "%s", dev_name(&vdev->udev->dev));
+
+- } else {
+- out += sprintf(out, "000 000 000 0000000000000000 0-0");
+- }
++ } else
++ out += sprintf(out, "000 000 000 000000 0-0");
+
+ out += sprintf(out, "\n");
+ spin_unlock(&vdev->ud.lock);
+@@ -223,6 +227,7 @@ static ssize_t store_attach(struct device *dev, struct device_attribute *attr,
+
+ vdev->devid = devid;
+ vdev->speed = speed;
++ vdev->ud.sockfd = sockfd;
+ vdev->ud.tcp_socket = socket;
+ vdev->ud.status = VDEV_ST_NOTASSIGNED;
+
+diff --git a/tools/usb/usbip/libsrc/vhci_driver.c b/tools/usb/usbip/libsrc/vhci_driver.c
+index ad9204773533..1274f326242c 100644
+--- a/tools/usb/usbip/libsrc/vhci_driver.c
++++ b/tools/usb/usbip/libsrc/vhci_driver.c
+@@ -55,12 +55,12 @@ static int parse_status(const char *value)
+
+ while (*c != '\0') {
+ int port, status, speed, devid;
+- unsigned long socket;
++ int sockfd;
+ char lbusid[SYSFS_BUS_ID_SIZE];
+
+- ret = sscanf(c, "%d %d %d %x %lx %31s\n",
++ ret = sscanf(c, "%d %d %d %x %u %31s\n",
+ &port, &status, &speed,
+- &devid, &socket, lbusid);
++ &devid, &sockfd, lbusid);
+
+ if (ret < 5) {
+ dbg("sscanf failed: %d", ret);
+@@ -69,7 +69,7 @@ static int parse_status(const char *value)
+
+ dbg("port %d status %d speed %d devid %x",
+ port, status, speed, devid);
+- dbg("socket %lx lbusid %s", socket, lbusid);
++ dbg("sockfd %u lbusid %s", sockfd, lbusid);
+
+
+ /* if a device is connected, look at it */
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-003-usbip-Fix-implicit-fallthrough-warning.patch b/patches.kernel.org/4.4.114-003-usbip-Fix-implicit-fallthrough-warning.patch
new file mode 100644
index 0000000000..15ce5a4d23
--- /dev/null
+++ b/patches.kernel.org/4.4.114-003-usbip-Fix-implicit-fallthrough-warning.patch
@@ -0,0 +1,40 @@
+From: Jonathan Dieter <jdieter@lesbg.com>
+Date: Mon, 27 Feb 2017 10:31:04 +0200
+Subject: [PATCH] usbip: Fix implicit fallthrough warning
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: cfd6ed4537a9e938fa76facecd4b9cd65b6d1563
+
+commit cfd6ed4537a9e938fa76facecd4b9cd65b6d1563 upstream.
+
+GCC 7 now warns when switch statements fall through implicitly, and with
+-Werror enabled in configure.ac, that makes these tools unbuildable.
+
+We fix this by notifying the compiler that this particular case statement
+is meant to fall through.
+
+Reviewed-by: Peter Senna Tschudin <peter.senna@gmail.com>
+Signed-off-by: Jonathan Dieter <jdieter@lesbg.com>
+Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ tools/usb/usbip/src/usbip.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/usb/usbip/src/usbip.c b/tools/usb/usbip/src/usbip.c
+index d7599d943529..73d8eee8130b 100644
+--- a/tools/usb/usbip/src/usbip.c
++++ b/tools/usb/usbip/src/usbip.c
+@@ -176,6 +176,8 @@ int main(int argc, char *argv[])
+ break;
+ case '?':
+ printf("usbip: invalid option\n");
++ /* Terminate after printing error */
++ /* FALLTHRU */
+ default:
+ usbip_usage();
+ goto out;
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-004-usbip-Fix-potential-format-overflow-in-usersp.patch b/patches.kernel.org/4.4.114-004-usbip-Fix-potential-format-overflow-in-usersp.patch
new file mode 100644
index 0000000000..39596fe37c
--- /dev/null
+++ b/patches.kernel.org/4.4.114-004-usbip-Fix-potential-format-overflow-in-usersp.patch
@@ -0,0 +1,113 @@
+From: Jonathan Dieter <jdieter@lesbg.com>
+Date: Mon, 27 Feb 2017 10:31:03 +0200
+Subject: [PATCH] usbip: Fix potential format overflow in userspace tools
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: e5dfa3f902b9a642ae8c6997d57d7c41e384a90b
+
+commit e5dfa3f902b9a642ae8c6997d57d7c41e384a90b upstream.
+
+The usbip userspace tools call sprintf()/snprintf() and don't check for
+the return value which can lead the paths to overflow, truncating the
+final file in the path.
+
+More urgently, GCC 7 now warns that these aren't checked with
+-Wformat-overflow, and with -Werror enabled in configure.ac, that makes
+these tools unbuildable.
+
+This patch fixes these problems by replacing sprintf() with snprintf() in
+one place and adding checks for the return value of snprintf().
+
+Reviewed-by: Peter Senna Tschudin <peter.senna@gmail.com>
+Signed-off-by: Jonathan Dieter <jdieter@lesbg.com>
+Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ tools/usb/usbip/libsrc/usbip_common.c | 9 ++++++++-
+ tools/usb/usbip/libsrc/usbip_host_driver.c | 27 ++++++++++++++++++++++-----
+ 2 files changed, 30 insertions(+), 6 deletions(-)
+
+diff --git a/tools/usb/usbip/libsrc/usbip_common.c b/tools/usb/usbip/libsrc/usbip_common.c
+index ac73710473de..8000445ff884 100644
+--- a/tools/usb/usbip/libsrc/usbip_common.c
++++ b/tools/usb/usbip/libsrc/usbip_common.c
+@@ -215,9 +215,16 @@ int read_usb_interface(struct usbip_usb_device *udev, int i,
+ struct usbip_usb_interface *uinf)
+ {
+ char busid[SYSFS_BUS_ID_SIZE];
++ int size;
+ struct udev_device *sif;
+
+- sprintf(busid, "%s:%d.%d", udev->busid, udev->bConfigurationValue, i);
++ size = snprintf(busid, sizeof(busid), "%s:%d.%d",
++ udev->busid, udev->bConfigurationValue, i);
++ if (size < 0 || (unsigned int)size >= sizeof(busid)) {
++ err("busid length %i >= %lu or < 0", size,
++ (unsigned long)sizeof(busid));
++ return -1;
++ }
+
+ sif = udev_device_new_from_subsystem_sysname(udev_context, "usb", busid);
+ if (!sif) {
+diff --git a/tools/usb/usbip/libsrc/usbip_host_driver.c b/tools/usb/usbip/libsrc/usbip_host_driver.c
+index bef08d5c44e8..071b9ce99420 100644
+--- a/tools/usb/usbip/libsrc/usbip_host_driver.c
++++ b/tools/usb/usbip/libsrc/usbip_host_driver.c
+@@ -39,13 +39,19 @@ struct udev *udev_context;
+ static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
+ {
+ char status_attr_path[SYSFS_PATH_MAX];
++ int size;
+ int fd;
+ int length;
+ char status;
+ int value = 0;
+
+- snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status",
+- udev->path);
++ size = snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status",
++ udev->path);
++ if (size < 0 || (unsigned int)size >= sizeof(status_attr_path)) {
++ err("usbip_status path length %i >= %lu or < 0", size,
++ (unsigned long)sizeof(status_attr_path));
++ return -1;
++ }
+
+ fd = open(status_attr_path, O_RDONLY);
+ if (fd < 0) {
+@@ -225,6 +231,7 @@ int usbip_host_export_device(struct usbip_exported_device *edev, int sockfd)
+ {
+ char attr_name[] = "usbip_sockfd";
+ char sockfd_attr_path[SYSFS_PATH_MAX];
++ int size;
+ char sockfd_buff[30];
+ int ret;
+
+@@ -244,10 +251,20 @@ int usbip_host_export_device(struct usbip_exported_device *edev, int sockfd)
+ }
+
+ /* only the first interface is true */
+- snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s",
+- edev->udev.path, attr_name);
++ size = snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s",
++ edev->udev.path, attr_name);
++ if (size < 0 || (unsigned int)size >= sizeof(sockfd_attr_path)) {
++ err("exported device path length %i >= %lu or < 0", size,
++ (unsigned long)sizeof(sockfd_attr_path));
++ return -1;
++ }
+
+- snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd);
++ size = snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd);
++ if (size < 0 || (unsigned int)size >= sizeof(sockfd_buff)) {
++ err("socket length %i >= %lu or < 0", size,
++ (unsigned long)sizeof(sockfd_buff));
++ return -1;
++ }
+
+ ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff,
+ strlen(sockfd_buff));
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-005-x86-microcode-intel-Fix-BDW-late-loading-revi.patch b/patches.kernel.org/4.4.114-005-x86-microcode-intel-Fix-BDW-late-loading-revi.patch
new file mode 100644
index 0000000000..27c3007267
--- /dev/null
+++ b/patches.kernel.org/4.4.114-005-x86-microcode-intel-Fix-BDW-late-loading-revi.patch
@@ -0,0 +1,33 @@
+From: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Date: Wed, 24 Jan 2018 02:31:19 +0000
+Subject: [PATCH] x86/microcode/intel: Fix BDW late-loading revision check
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: 20e3fa5dd5818b425b18528571e133034833df27
+
+The backport of commit b94b73733171 ("x86/microcode/intel: Extend BDW
+late-loading with a revision check") to 4.4-stable deleted a "return true"
+statement. This bug is not present upstream or other stable branches.
+
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ arch/x86/kernel/cpu/microcode/intel.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
+index b428a8174be1..ee011bd7934d 100644
+--- a/arch/x86/kernel/cpu/microcode/intel.c
++++ b/arch/x86/kernel/cpu/microcode/intel.c
+@@ -1005,6 +1005,7 @@ static bool is_blacklisted(unsigned int cpu)
+ c->microcode < 0x0b000021) {
+ pr_err_once("Erratum BDF90: late loading with revision < 0x0b000021 (0x%x) disabled.\n", c->microcode);
+ pr_err_once("Please consider either early loading through initrd/built-in or a potential BIOS update.\n");
++ return true;
+ }
+
+ return false;
+--
+2.16.1
+
diff --git a/patches.arch/x86-cpu-intel-introduce-macros-for-intel-family-numbers b/patches.kernel.org/4.4.114-006-x86-cpu-intel-Introduce-macros-for-Intel-fami.patch
index f26c0137a5..87511a036c 100644
--- a/patches.arch/x86-cpu-intel-introduce-macros-for-intel-family-numbers
+++ b/patches.kernel.org/4.4.114-006-x86-cpu-intel-Introduce-macros-for-Intel-fami.patch
@@ -1,9 +1,11 @@
From: Dave Hansen <dave@sr71.net>
Date: Thu, 2 Jun 2016 17:19:27 -0700
-Subject: x86/cpu/intel: Introduce macros for Intel family numbers
+Subject: [PATCH] x86/cpu/intel: Introduce macros for Intel family numbers
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#985025
Git-commit: 970442c599b22ccd644ebfe94d1d303bf6f87c05
-Patch-mainline: v4.7-rc3
-References: bsc985025
+
+commit 970442c599b22ccd644ebfe94d1d303bf6f87c05 upstream.
Problem:
@@ -63,11 +65,17 @@ Cc: linux-pm@vger.kernel.org
Cc: platform-driver-x86@vger.kernel.org
Link: http://lkml.kernel.org/r/20160603001927.F2A7D828@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Acked-by: Joerg Roedel <jroedel@suse.de>
+Cc: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- arch/x86/include/asm/intel-family.h | 68 ++++++++++++++++++++++++++++++++++++
+ arch/x86/include/asm/intel-family.h | 68 +++++++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
+ create mode 100644 arch/x86/include/asm/intel-family.h
+diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
+new file mode 100644
+index 000000000000..6999f7d01a0d
--- /dev/null
+++ b/arch/x86/include/asm/intel-family.h
@@ -0,0 +1,68 @@
@@ -91,10 +99,10 @@ Acked-by: Joerg Roedel <jroedel@suse.de>
+#define INTEL_FAM6_CORE2_DUNNINGTON 0x1D
+
+#define INTEL_FAM6_NEHALEM 0x1E
-+#define INTEL_FAM6_NEHALEM_G 0x1F /* Auburndale / Havendale */
+#define INTEL_FAM6_NEHALEM_EP 0x1A
+#define INTEL_FAM6_NEHALEM_EX 0x2E
+#define INTEL_FAM6_WESTMERE 0x25
++#define INTEL_FAM6_WESTMERE2 0x1F
+#define INTEL_FAM6_WESTMERE_EP 0x2C
+#define INTEL_FAM6_WESTMERE_EX 0x2F
+
@@ -129,8 +137,8 @@ Acked-by: Joerg Roedel <jroedel@suse.de>
+#define INTEL_FAM6_ATOM_SILVERMONT1 0x37 /* BayTrail/BYT / Valleyview */
+#define INTEL_FAM6_ATOM_SILVERMONT2 0x4D /* Avaton/Rangely */
+#define INTEL_FAM6_ATOM_AIRMONT 0x4C /* CherryTrail / Braswell */
-+#define INTEL_FAM6_ATOM_MERRIFIELD 0x4A /* Tangier */
-+#define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Annidale */
++#define INTEL_FAM6_ATOM_MERRIFIELD1 0x4A /* Tangier */
++#define INTEL_FAM6_ATOM_MERRIFIELD2 0x5A /* Annidale */
+#define INTEL_FAM6_ATOM_GOLDMONT 0x5C
+#define INTEL_FAM6_ATOM_DENVERTON 0x5F /* Goldmont Microserver */
+
@@ -139,3 +147,6 @@ Acked-by: Joerg Roedel <jroedel@suse.de>
+#define INTEL_FAM6_XEON_PHI_KNL 0x57 /* Knights Landing */
+
+#endif /* _ASM_X86_INTEL_FAMILY_H */
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-007-x86-retpoline-Fill-RSB-on-context-switch-for-.patch b/patches.kernel.org/4.4.114-007-x86-retpoline-Fill-RSB-on-context-switch-for-.patch
new file mode 100644
index 0000000000..d9318da41c
--- /dev/null
+++ b/patches.kernel.org/4.4.114-007-x86-retpoline-Fill-RSB-on-context-switch-for-.patch
@@ -0,0 +1,216 @@
+From: David Woodhouse <dwmw@amazon.co.uk>
+Date: Fri, 12 Jan 2018 17:49:25 +0000
+Subject: [PATCH] x86/retpoline: Fill RSB on context switch for affected CPUs
+Patch-mainline: 4.4.114
+References: CVE-2017-5715 bnc#1012382 bsc#1068032
+Git-commit: c995efd5a740d9cbafbf58bde4973e8b50b4d761
+
+commit c995efd5a740d9cbafbf58bde4973e8b50b4d761 upstream.
+
+On context switch from a shallow call stack to a deeper one, as the CPU
+does 'ret' up the deeper side it may encounter RSB entries (predictions for
+where the 'ret' goes to) which were populated in userspace.
+
+This is problematic if neither SMEP nor KPTI (the latter of which marks
+userspace pages as NX for the kernel) are active, as malicious code in
+userspace may then be executed speculatively.
+
+Overwrite the CPU's return prediction stack with calls which are predicted
+to return to an infinite loop, to "capture" speculation if this
+happens. This is required both for retpoline, and also in conjunction with
+IBRS for !SMEP && !KPTI.
+
+On Skylake+ the problem is slightly different, and an *underflow* of the
+RSB may cause errant branch predictions to occur. So there it's not so much
+overwrite, as *filling* the RSB to attempt to prevent it getting
+empty. This is only a partial solution for Skylake+ since there are many
+other conditions which may result in the RSB becoming empty. The full
+solution on Skylake+ is to use IBRS, which will prevent the problem even
+when the RSB becomes empty. With IBRS, the RSB-stuffing will not be
+required on context switch.
+
+[ tglx: Added missing vendor check and slighty massaged comments and
+ changelog ]
+
+[js] backport to 4.4 -- __switch_to_asm does not exist there, we
+ have to patch the switch_to macros for both x86_32 and x86_64.
+
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Arjan van de Ven <arjan@linux.intel.com>
+Cc: gnomes@lxorguk.ukuu.org.uk
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: thomas.lendacky@amd.com
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Jiri Kosina <jikos@kernel.org>
+Cc: Andy Lutomirski <luto@amacapital.net>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Kees Cook <keescook@google.com>
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
+Cc: Paul Turner <pjt@google.com>
+Link: https://lkml.kernel.org/r/1515779365-9032-1-git-send-email-dwmw@amazon.co.uk
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/cpufeature.h | 1 +
+ arch/x86/include/asm/switch_to.h | 38 ++++++++++++++++++++++++++++++++++++++
+ arch/x86/kernel/cpu/bugs.c | 36 ++++++++++++++++++++++++++++++++++++
+ 3 files changed, 75 insertions(+)
+
+diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
+index 0fbc98568018..641f0f2c2982 100644
+--- a/arch/x86/include/asm/cpufeature.h
++++ b/arch/x86/include/asm/cpufeature.h
+@@ -199,6 +199,7 @@
+ #define X86_FEATURE_HWP_EPP ( 7*32+13) /* Intel HWP_EPP */
+ #define X86_FEATURE_HWP_PKG_REQ ( 7*32+14) /* Intel HWP_PKG_REQ */
+ #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */
++#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */
+
+ #define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */
+ #define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */
+diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
+index 751bf4b7bf11..025ecfaba9c9 100644
+--- a/arch/x86/include/asm/switch_to.h
++++ b/arch/x86/include/asm/switch_to.h
+@@ -1,6 +1,8 @@
+ #ifndef _ASM_X86_SWITCH_TO_H
+ #define _ASM_X86_SWITCH_TO_H
+
++#include <asm/nospec-branch.h>
++
+ struct task_struct; /* one of the stranger aspects of C forward declarations */
+ __visible struct task_struct *__switch_to(struct task_struct *prev,
+ struct task_struct *next);
+@@ -24,6 +26,23 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
+ #define __switch_canary_iparam
+ #endif /* CC_STACKPROTECTOR */
+
++#ifdef CONFIG_RETPOLINE
++ /*
++ * When switching from a shallower to a deeper call stack
++ * the RSB may either underflow or use entries populated
++ * with userspace addresses. On CPUs where those concerns
++ * exist, overwrite the RSB with entries which capture
++ * speculative execution to prevent attack.
++ */
++#define __retpoline_fill_return_buffer \
++ ALTERNATIVE("jmp 910f", \
++ __stringify(__FILL_RETURN_BUFFER(%%ebx, RSB_CLEAR_LOOPS, %%esp)),\
++ X86_FEATURE_RSB_CTXSW) \
++ "910:\n\t"
++#else
++#define __retpoline_fill_return_buffer
++#endif
++
+ /*
+ * Saving eflags is important. It switches not only IOPL between tasks,
+ * it also protects other tasks from NT leaking through sysenter etc.
+@@ -46,6 +65,7 @@ do { \
+ "movl $1f,%[prev_ip]\n\t" /* save EIP */ \
+ "pushl %[next_ip]\n\t" /* restore EIP */ \
+ __switch_canary \
++ __retpoline_fill_return_buffer \
+ "jmp __switch_to\n" /* regparm call */ \
+ "1:\t" \
+ "popl %%ebp\n\t" /* restore EBP */ \
+@@ -100,6 +120,23 @@ do { \
+ #define __switch_canary_iparam
+ #endif /* CC_STACKPROTECTOR */
+
++#ifdef CONFIG_RETPOLINE
++ /*
++ * When switching from a shallower to a deeper call stack
++ * the RSB may either underflow or use entries populated
++ * with userspace addresses. On CPUs where those concerns
++ * exist, overwrite the RSB with entries which capture
++ * speculative execution to prevent attack.
++ */
++#define __retpoline_fill_return_buffer \
++ ALTERNATIVE("jmp 910f", \
++ __stringify(__FILL_RETURN_BUFFER(%%r12, RSB_CLEAR_LOOPS, %%rsp)),\
++ X86_FEATURE_RSB_CTXSW) \
++ "910:\n\t"
++#else
++#define __retpoline_fill_return_buffer
++#endif
++
+ /*
+ * There is no need to save or restore flags, because flags are always
+ * clean in kernel mode, with the possible exception of IOPL. Kernel IOPL
+@@ -112,6 +149,7 @@ do { \
+ "call __switch_to\n\t" \
+ "movq "__percpu_arg([current_task])",%%rsi\n\t" \
+ __switch_canary \
++ __retpoline_fill_return_buffer \
+ "movq %P[thread_info](%%rsi),%%r8\n\t" \
+ "movq %%rax,%%rdi\n\t" \
+ "testl %[_tif_fork],%P[ti_flags](%%r8)\n\t" \
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
+index 49d25ddf0e9f..8cacf62ec458 100644
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -22,6 +22,7 @@
+ #include <asm/alternative.h>
+ #include <asm/pgtable.h>
+ #include <asm/cacheflush.h>
++#include <asm/intel-family.h>
+
+ static void __init spectre_v2_select_mitigation(void);
+
+@@ -154,6 +155,23 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
+ return SPECTRE_V2_CMD_NONE;
+ }
+
++/* Check for Skylake-like CPUs (for RSB handling) */
++static bool __init is_skylake_era(void)
++{
++ if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
++ boot_cpu_data.x86 == 6) {
++ switch (boot_cpu_data.x86_model) {
++ case INTEL_FAM6_SKYLAKE_MOBILE:
++ case INTEL_FAM6_SKYLAKE_DESKTOP:
++ case INTEL_FAM6_SKYLAKE_X:
++ case INTEL_FAM6_KABYLAKE_MOBILE:
++ case INTEL_FAM6_KABYLAKE_DESKTOP:
++ return true;
++ }
++ }
++ return false;
++}
++
+ static void __init spectre_v2_select_mitigation(void)
+ {
+ enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
+@@ -212,6 +230,24 @@ static void __init spectre_v2_select_mitigation(void)
+
+ spectre_v2_enabled = mode;
+ pr_info("%s\n", spectre_v2_strings[mode]);
++
++ /*
++ * If neither SMEP or KPTI are available, there is a risk of
++ * hitting userspace addresses in the RSB after a context switch
++ * from a shallow call stack to a deeper one. To prevent this fill
++ * the entire RSB, even when using IBRS.
++ *
++ * Skylake era CPUs have a separate issue with *underflow* of the
++ * RSB, when they will predict 'ret' targets from the generic BTB.
++ * The proper mitigation for this is IBRS. If IBRS is not supported
++ * or deactivated in favour of retpolines the RSB fill on context
++ * switch is required.
++ */
++ if ((!boot_cpu_has(X86_FEATURE_KAISER) &&
++ !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) {
++ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
++ pr_info("Filling RSB on context switch\n");
++ }
+ }
+
+ #undef pr_fmt
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-008-sched-deadline-Use-the-revised-wakeup-rule-fo.patch b/patches.kernel.org/4.4.114-008-sched-deadline-Use-the-revised-wakeup-rule-fo.patch
new file mode 100644
index 0000000000..f8d010e934
--- /dev/null
+++ b/patches.kernel.org/4.4.114-008-sched-deadline-Use-the-revised-wakeup-rule-fo.patch
@@ -0,0 +1,284 @@
+From: Daniel Bristot de Oliveira <bristot@redhat.com>
+Date: Mon, 29 May 2017 16:24:03 +0200
+Subject: [PATCH] sched/deadline: Use the revised wakeup rule for suspending
+ constrained dl tasks
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: 3effcb4247e74a51f5d8b775a1ee4abf87cc089a
+
+commit 3effcb4247e74a51f5d8b775a1ee4abf87cc089a upstream.
+
+We have been facing some problems with self-suspending constrained
+deadline tasks. The main reason is that the original CBS was not
+designed for such sort of tasks.
+
+One problem reported by Xunlei Pang takes place when a task
+suspends, and then is awakened before the deadline, but so close
+to the deadline that its remaining runtime can cause the task
+to have an absolute density higher than allowed. In such situation,
+the original CBS assumes that the task is facing an early activation,
+and so it replenishes the task and set another deadline, one deadline
+in the future. This rule works fine for implicit deadline tasks.
+Moreover, it allows the system to adapt the period of a task in which
+the external event source suffered from a clock drift.
+
+However, this opens the window for bandwidth leakage for constrained
+deadline tasks. For instance, a task with the following parameters:
+
+ runtime = 5 ms
+ deadline = 7 ms
+ [density] = 5 / 7 = 0.71
+ period = 1000 ms
+
+If the task runs for 1 ms, and then suspends for another 1ms,
+it will be awakened with the following parameters:
+
+ remaining runtime = 4
+ laxity = 5
+
+presenting a absolute density of 4 / 5 = 0.80.
+
+In this case, the original CBS would assume the task had an early
+wakeup. Then, CBS will reset the runtime, and the absolute deadline will
+be postponed by one relative deadline, allowing the task to run.
+
+The problem is that, if the task runs this pattern forever, it will keep
+receiving bandwidth, being able to run 1ms every 2ms. Following this
+behavior, the task would be able to run 500 ms in 1 sec. Thus running
+more than the 5 ms / 1 sec the admission control allowed it to run.
+
+Trying to address the self-suspending case, Luca Abeni, Giuseppe
+Lipari, and Juri Lelli [1] revisited the CBS in order to deal with
+self-suspending tasks. In the new approach, rather than
+replenishing/postponing the absolute deadline, the revised wakeup rule
+adjusts the remaining runtime, reducing it to fit into the allowed
+density.
+
+A revised version of the idea is:
+
+At a given time t, the maximum absolute density of a task cannot be
+higher than its relative density, that is:
+
+ runtime / (deadline - t) <= dl_runtime / dl_deadline
+
+Knowing the laxity of a task (deadline - t), it is possible to move
+it to the other side of the equality, thus enabling to define max
+remaining runtime a task can use within the absolute deadline, without
+over-running the allowed density:
+
+ runtime = (dl_runtime / dl_deadline) * (deadline - t)
+
+For instance, in our previous example, the task could still run:
+
+ runtime = ( 5 / 7 ) * 5
+ runtime = 3.57 ms
+
+Without causing damage for other deadline tasks. It is note worthy
+that the laxity cannot be negative because that would cause a negative
+runtime. Thus, this patch depends on the patch:
+
+ df8eac8cafce ("sched/deadline: Throttle a constrained deadline task activated after the deadline")
+
+Which throttles a constrained deadline task activated after the
+deadline.
+
+Finally, it is also possible to use the revised wakeup rule for
+all other tasks, but that would require some more discussions
+about pros and cons.
+
+[The main difference from the original commit is that
+ the BW_SHIFT define was not present yet. As BW_SHIFT was
+ introduced in a new feature, I just used the value (20),
+ likewise we used to use before the #define.
+ Other changes were required because of comments. - bistrot]
+
+Reported-by: Xunlei Pang <xpang@redhat.com>
+Signed-off-by: Daniel Bristot de Oliveira <bristot@redhat.com>
+[peterz: replaced dl_is_constrained with dl_is_implicit]
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Juri Lelli <juri.lelli@arm.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Luca Abeni <luca.abeni@santannapisa.it>
+Cc: Mike Galbraith <efault@gmx.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Romulo Silva de Oliveira <romulo.deoliveira@ufsc.br>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Tommaso Cucinotta <tommaso.cucinotta@sssup.it>
+Link: http://lkml.kernel.org/r/5c800ab3a74a168a84ee5f3f84d12a02e11383be.1495803804.git.bristot@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Daniel Bristot de Oliveira <bristot@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ include/linux/sched.h | 1 +
+ kernel/sched/core.c | 2 +
+ kernel/sched/deadline.c | 98 +++++++++++++++++++++++++++++++++++++++++++------
+ 3 files changed, 89 insertions(+), 12 deletions(-)
+
+diff --git a/include/linux/sched.h b/include/linux/sched.h
+index e887c8d6f395..90bea398e5e0 100644
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1313,6 +1313,7 @@ struct sched_dl_entity {
+ u64 dl_deadline; /* relative deadline of each instance */
+ u64 dl_period; /* separation of two instances (period) */
+ u64 dl_bw; /* dl_runtime / dl_deadline */
++ u64 dl_density; /* dl_runtime / dl_deadline */
+
+ /*
+ * Actual scheduling parameters. Initialized with the values above,
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index 9d6b3d869592..e6d1173a2046 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -2109,6 +2109,7 @@ void __dl_clear_params(struct task_struct *p)
+ dl_se->dl_period = 0;
+ dl_se->flags = 0;
+ dl_se->dl_bw = 0;
++ dl_se->dl_density = 0;
+
+ dl_se->dl_throttled = 0;
+ dl_se->dl_new = 1;
+@@ -3647,6 +3648,7 @@ __setparam_dl(struct task_struct *p, const struct sched_attr *attr)
+ dl_se->dl_period = attr->sched_period ?: dl_se->dl_deadline;
+ dl_se->flags = attr->sched_flags;
+ dl_se->dl_bw = to_ratio(dl_se->dl_period, dl_se->dl_runtime);
++ dl_se->dl_density = to_ratio(dl_se->dl_deadline, dl_se->dl_runtime);
+
+ /*
+ * Changing the parameters of a task is 'tricky' and we're not doing
+diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
+index 6be2afd9bfd6..e12b0a4df891 100644
+--- a/kernel/sched/deadline.c
++++ b/kernel/sched/deadline.c
+@@ -480,13 +480,84 @@ static bool dl_entity_overflow(struct sched_dl_entity *dl_se,
+ }
+
+ /*
+- * When a -deadline entity is queued back on the runqueue, its runtime and
+- * deadline might need updating.
++ * Revised wakeup rule [1]: For self-suspending tasks, rather then
++ * re-initializing task's runtime and deadline, the revised wakeup
++ * rule adjusts the task's runtime to avoid the task to overrun its
++ * density.
+ *
+- * The policy here is that we update the deadline of the entity only if:
+- * - the current deadline is in the past,
+- * - using the remaining runtime with the current deadline would make
+- * the entity exceed its bandwidth.
++ * Reasoning: a task may overrun the density if:
++ * runtime / (deadline - t) > dl_runtime / dl_deadline
++ *
++ * Therefore, runtime can be adjusted to:
++ * runtime = (dl_runtime / dl_deadline) * (deadline - t)
++ *
++ * In such way that runtime will be equal to the maximum density
++ * the task can use without breaking any rule.
++ *
++ * [1] Luca Abeni, Giuseppe Lipari, and Juri Lelli. 2015. Constant
++ * bandwidth server revisited. SIGBED Rev. 11, 4 (January 2015), 19-24.
++ */
++static void
++update_dl_revised_wakeup(struct sched_dl_entity *dl_se, struct rq *rq)
++{
++ u64 laxity = dl_se->deadline - rq_clock(rq);
++
++ /*
++ * If the task has deadline < period, and the deadline is in the past,
++ * it should already be throttled before this check.
++ *
++ * See update_dl_entity() comments for further details.
++ */
++ WARN_ON(dl_time_before(dl_se->deadline, rq_clock(rq)));
++
++ dl_se->runtime = (dl_se->dl_density * laxity) >> 20;
++}
++
++/*
++ * Regarding the deadline, a task with implicit deadline has a relative
++ * deadline == relative period. A task with constrained deadline has a
++ * relative deadline <= relative period.
++ *
++ * We support constrained deadline tasks. However, there are some restrictions
++ * applied only for tasks which do not have an implicit deadline. See
++ * update_dl_entity() to know more about such restrictions.
++ *
++ * The dl_is_implicit() returns true if the task has an implicit deadline.
++ */
++static inline bool dl_is_implicit(struct sched_dl_entity *dl_se)
++{
++ return dl_se->dl_deadline == dl_se->dl_period;
++}
++
++/*
++ * When a deadline entity is placed in the runqueue, its runtime and deadline
++ * might need to be updated. This is done by a CBS wake up rule. There are two
++ * different rules: 1) the original CBS; and 2) the Revisited CBS.
++ *
++ * When the task is starting a new period, the Original CBS is used. In this
++ * case, the runtime is replenished and a new absolute deadline is set.
++ *
++ * When a task is queued before the begin of the next period, using the
++ * remaining runtime and deadline could make the entity to overflow, see
++ * dl_entity_overflow() to find more about runtime overflow. When such case
++ * is detected, the runtime and deadline need to be updated.
++ *
++ * If the task has an implicit deadline, i.e., deadline == period, the Original
++ * CBS is applied. the runtime is replenished and a new absolute deadline is
++ * set, as in the previous cases.
++ *
++ * However, the Original CBS does not work properly for tasks with
++ * deadline < period, which are said to have a constrained deadline. By
++ * applying the Original CBS, a constrained deadline task would be able to run
++ * runtime/deadline in a period. With deadline < period, the task would
++ * overrun the runtime/period allowed bandwidth, breaking the admission test.
++ *
++ * In order to prevent this misbehave, the Revisited CBS is used for
++ * constrained deadline tasks when a runtime overflow is detected. In the
++ * Revisited CBS, rather than replenishing & setting a new absolute deadline,
++ * the remaining runtime of the task is reduced to avoid runtime overflow.
++ * Please refer to the comments update_dl_revised_wakeup() function to find
++ * more about the Revised CBS rule.
+ */
+ static void update_dl_entity(struct sched_dl_entity *dl_se,
+ struct sched_dl_entity *pi_se)
+@@ -505,6 +576,14 @@ static void update_dl_entity(struct sched_dl_entity *dl_se,
+
+ if (dl_time_before(dl_se->deadline, rq_clock(rq)) ||
+ dl_entity_overflow(dl_se, pi_se, rq_clock(rq))) {
++
++ if (unlikely(!dl_is_implicit(dl_se) &&
++ !dl_time_before(dl_se->deadline, rq_clock(rq)) &&
++ !dl_se->dl_boosted)){
++ update_dl_revised_wakeup(dl_se, rq);
++ return;
++ }
++
+ dl_se->deadline = rq_clock(rq) + pi_se->dl_deadline;
+ dl_se->runtime = pi_se->dl_runtime;
+ }
+@@ -991,11 +1070,6 @@ static void dequeue_dl_entity(struct sched_dl_entity *dl_se)
+ __dequeue_dl_entity(dl_se);
+ }
+
+-static inline bool dl_is_constrained(struct sched_dl_entity *dl_se)
+-{
+- return dl_se->dl_deadline < dl_se->dl_period;
+-}
+-
+ static void enqueue_task_dl(struct rq *rq, struct task_struct *p, int flags)
+ {
+ struct task_struct *pi_task = rt_mutex_get_top_task(p);
+@@ -1027,7 +1101,7 @@ static void enqueue_task_dl(struct rq *rq, struct task_struct *p, int flags)
+ * If that is the case, the task will be throttled and
+ * the replenishment timer will be set to the next period.
+ */
+- if (!p->dl.dl_throttled && dl_is_constrained(&p->dl))
++ if (!p->dl.dl_throttled && !dl_is_implicit(&p->dl))
+ dl_check_constrained_dl(&p->dl);
+
+ /*
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-009-can-af_can-can_rcv-replace-WARN_ONCE-by-pr_wa.patch b/patches.kernel.org/4.4.114-009-can-af_can-can_rcv-replace-WARN_ONCE-by-pr_wa.patch
new file mode 100644
index 0000000000..91639b1e2c
--- /dev/null
+++ b/patches.kernel.org/4.4.114-009-can-af_can-can_rcv-replace-WARN_ONCE-by-pr_wa.patch
@@ -0,0 +1,53 @@
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Tue, 16 Jan 2018 19:30:14 +0100
+Subject: [PATCH] can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: 8cb68751c115d176ec851ca56ecfbb411568c9e8
+
+commit 8cb68751c115d176ec851ca56ecfbb411568c9e8 upstream.
+
+If an invalid CAN frame is received, from a driver or from a tun
+interface, a Kernel warning is generated.
+
+This patch replaces the WARN_ONCE by a simple pr_warn_once, so that a
+kernel, bootet with panic_on_warn, does not panic. A printk seems to be
+more appropriate here.
+
+Reported-by: syzbot+4386709c0c1284dca827@syzkaller.appspotmail.com
+Suggested-by: Dmitry Vyukov <dvyukov@google.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/can/af_can.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/net/can/af_can.c b/net/can/af_can.c
+index 928f58064098..924ad0513af9 100644
+--- a/net/can/af_can.c
++++ b/net/can/af_can.c
+@@ -722,13 +722,12 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev,
+ if (unlikely(!net_eq(dev_net(dev), &init_net)))
+ goto drop;
+
+- if (WARN_ONCE(dev->type != ARPHRD_CAN ||
+- skb->len != CAN_MTU ||
+- cfd->len > CAN_MAX_DLEN,
+- "PF_CAN: dropped non conform CAN skbuf: "
+- "dev type %d, len %d, datalen %d\n",
+- dev->type, skb->len, cfd->len))
++ if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU ||
++ cfd->len > CAN_MAX_DLEN)) {
++ pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n",
++ dev->type, skb->len, cfd->len);
+ goto drop;
++ }
+
+ can_receive(skb, dev);
+ return NET_RX_SUCCESS;
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-010-can-af_can-canfd_rcv-replace-WARN_ONCE-by-pr_.patch b/patches.kernel.org/4.4.114-010-can-af_can-canfd_rcv-replace-WARN_ONCE-by-pr_.patch
new file mode 100644
index 0000000000..57db6c8a0c
--- /dev/null
+++ b/patches.kernel.org/4.4.114-010-can-af_can-canfd_rcv-replace-WARN_ONCE-by-pr_.patch
@@ -0,0 +1,54 @@
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Tue, 16 Jan 2018 19:30:14 +0100
+Subject: [PATCH] can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: d4689846881d160a4d12a514e991a740bcb5d65a
+
+commit d4689846881d160a4d12a514e991a740bcb5d65a upstream.
+
+If an invalid CANFD frame is received, from a driver or from a tun
+interface, a Kernel warning is generated.
+
+This patch replaces the WARN_ONCE by a simple pr_warn_once, so that a
+kernel, bootet with panic_on_warn, does not panic. A printk seems to be
+more appropriate here.
+
+Reported-by: syzbot+e3b775f40babeff6e68b@syzkaller.appspotmail.com
+Suggested-by: Dmitry Vyukov <dvyukov@google.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Cc: linux-stable <stable@vger.kernel.org>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/can/af_can.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/net/can/af_can.c b/net/can/af_can.c
+index 924ad0513af9..c866e761651a 100644
+--- a/net/can/af_can.c
++++ b/net/can/af_can.c
+@@ -745,13 +745,12 @@ static int canfd_rcv(struct sk_buff *skb, struct net_device *dev,
+ if (unlikely(!net_eq(dev_net(dev), &init_net)))
+ goto drop;
+
+- if (WARN_ONCE(dev->type != ARPHRD_CAN ||
+- skb->len != CANFD_MTU ||
+- cfd->len > CANFD_MAX_DLEN,
+- "PF_CAN: dropped non conform CAN FD skbuf: "
+- "dev type %d, len %d, datalen %d\n",
+- dev->type, skb->len, cfd->len))
++ if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU ||
++ cfd->len > CANFD_MAX_DLEN)) {
++ pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n",
++ dev->type, skb->len, cfd->len);
+ goto drop;
++ }
+
+ can_receive(skb, dev);
+ return NET_RX_SUCCESS;
+--
+2.16.1
+
diff --git a/patches.fixes/PM-sleep-declare-__tracedata-symbols-as-char-rather-.patch b/patches.kernel.org/4.4.114-011-PM-sleep-declare-__tracedata-symbols-as-char-.patch
index b032550d3f..2308b09e5d 100644
--- a/patches.fixes/PM-sleep-declare-__tracedata-symbols-as-char-rather-.patch
+++ b/patches.kernel.org/4.4.114-011-PM-sleep-declare-__tracedata-symbols-as-char-.patch
@@ -1,9 +1,12 @@
From: Eric Biggers <ebiggers3@gmail.com>
Date: Sun, 24 Jan 2016 20:08:52 -0600
-Subject: PM / sleep: declare __tracedata symbols as char[] rather than char
+Subject: [PATCH] PM / sleep: declare __tracedata symbols as char[] rather than
+ char
+Patch-mainline: 4.4.114
+References: bnc#1005895 bnc#1012382
Git-commit: f97238373b8662a6d580e204df2e7bcbfa43e27a
-Patch-mainline: v4.6-rc1
-References: bnc#1005895
+
+commit f97238373b8662a6d580e204df2e7bcbfa43e27a upstream.
Accessing more than one byte from a symbol declared simply 'char' is undefined
behavior, as reported by UBSAN:
@@ -17,6 +20,7 @@ Avoid this by declaring the symbols as arrays.
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/power/trace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -43,5 +47,5 @@ index a311cfa4c5bd..a6975795e7f3 100644
unsigned short lineno = *(unsigned short *)tracedata;
const char *file = *(const char **)(tracedata + 2);
--
-2.10.1
+2.16.1
diff --git a/patches.fixes/time-Avoid-undefined-behaviour-in-ktime_add_safe.patch b/patches.kernel.org/4.4.114-012-time-Avoid-undefined-behaviour-in-ktime_add_s.patch
index 1bdb7b56e0..23961f0f0b 100644
--- a/patches.fixes/time-Avoid-undefined-behaviour-in-ktime_add_safe.patch
+++ b/patches.kernel.org/4.4.114-012-time-Avoid-undefined-behaviour-in-ktime_add_s.patch
@@ -1,9 +1,11 @@
From: Vegard Nossum <vegard.nossum@oracle.com>
Date: Sat, 13 Aug 2016 01:37:04 +0200
-Subject: time: Avoid undefined behaviour in ktime_add_safe()
+Subject: [PATCH] time: Avoid undefined behaviour in ktime_add_safe()
+Patch-mainline: 4.4.114
+References: bnc#1006103 bnc#1012382
Git-commit: 979515c5645830465739254abc1b1648ada41518
-Patch-mainline: v4.9-rc1
-References: bnc#1006103
+
+commit 979515c5645830465739254abc1b1648ada41518 upstream.
I ran into this:
@@ -49,6 +51,7 @@ Cc: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ktime.h | 7 +++++++
kernel/time/hrtimer.c | 2 +-
@@ -58,25 +61,25 @@ diff --git a/include/linux/ktime.h b/include/linux/ktime.h
index 2b6a204bd8d4..3ffc69ebe967 100644
--- a/include/linux/ktime.h
+++ b/include/linux/ktime.h
-@@ -64,6 +64,13 @@ static inline ktime_t ktime_set(const s64 secs, const unsigned long nsecs)
+@@ -63,6 +63,13 @@ static inline ktime_t ktime_set(const s64 secs, const unsigned long nsecs)
+ #define ktime_add(lhs, rhs) \
({ (ktime_t){ .tv64 = (lhs).tv64 + (rhs).tv64 }; })
- /*
++/*
+ * Same as ktime_add(), but avoids undefined behaviour on overflow; however,
+ * this means that you must check the result for overflow yourself.
+ */
+#define ktime_add_unsafe(lhs, rhs) \
+ ({ (ktime_t){ .tv64 = (u64) (lhs).tv64 + (rhs).tv64 }; })
+
-+/*
+ /*
* Add a ktime_t variable and a scalar nanosecond value.
* res = kt + nsval:
- */
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
-index 252ea4741592..bb5ec425dfe0 100644
+index 17f7bcff1e02..1dc94768b5a3 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
-@@ -307,7 +307,7 @@ EXPORT_SYMBOL_GPL(__ktime_divns);
+@@ -312,7 +312,7 @@ EXPORT_SYMBOL_GPL(__ktime_divns);
*/
ktime_t ktime_add_safe(const ktime_t lhs, const ktime_t rhs)
{
@@ -86,5 +89,5 @@ index 252ea4741592..bb5ec425dfe0 100644
/*
* We use KTIME_SEC_MAX here, the maximum timeout which we can
--
-2.10.1
+2.16.1
diff --git a/patches.fixes/timers-Plug-locking-race-vs.-timer-migration.patch b/patches.kernel.org/4.4.114-013-timers-Plug-locking-race-vs.-timer-migration.patch
index dc5c0b0e1a..e7507a5c94 100644
--- a/patches.fixes/timers-Plug-locking-race-vs.-timer-migration.patch
+++ b/patches.kernel.org/4.4.114-013-timers-Plug-locking-race-vs.-timer-migration.patch
@@ -1,9 +1,11 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Mon, 24 Oct 2016 11:41:56 +0200
-Subject: timers: Plug locking race vs. timer migration
+Subject: [PATCH] timers: Plug locking race vs. timer migration
+Patch-mainline: 4.4.114
+References: bnc#1012382 bnc#1022476
Git-commit: b831275a3553c32091222ac619cfddd73a5553fb
-Patch-mainline: v4.9-rc3
-References: bnc#1022476
+
+commit b831275a3553c32091222ac619cfddd73a5553fb upstream.
Linus noticed that lock_timer_base() lacks a READ_ONCE() for accessing the
timer flags. As a consequence the compiler is allowed to reload the flags
@@ -17,17 +19,20 @@ Fixes: 0eeda71bc30d ("timer: Replace timer base by a cpu index")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1610241711220.4983@nanos
-Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Mike Galbraith <mgalbraith@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- kernel/time/timer.c | 9 ++++++++-
+ kernel/time/timer.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
+diff --git a/kernel/time/timer.c b/kernel/time/timer.c
+index 125407144c01..3d7588a2e97c 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
-@@ -764,8 +764,15 @@ static struct tvec_base *lock_timer_base
+@@ -764,8 +764,15 @@ static struct tvec_base *lock_timer_base(struct timer_list *timer,
__acquires(timer->base->lock)
{
for (;;) {
@@ -44,3 +49,6 @@ Signed-off-by: Mike Galbraith <mgalbraith@suse.de>
if (!(tf & TIMER_MIGRATING)) {
base = per_cpu_ptr(&tvec_bases, tf & TIMER_CPUMASK);
+--
+2.16.1
+
diff --git a/patches.arch/0001-Prevent-timer-value-0-for-MWAITX.patch b/patches.kernel.org/4.4.114-014-Prevent-timer-value-0-for-MWAITX.patch
index 2725f16e0d..f22dbfa339 100644
--- a/patches.arch/0001-Prevent-timer-value-0-for-MWAITX.patch
+++ b/patches.kernel.org/4.4.114-014-Prevent-timer-value-0-for-MWAITX.patch
@@ -1,10 +1,11 @@
-From 88d879d29f9cc0de2d930b584285638cdada6625 Mon Sep 17 00:00:00 2001
From: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
Date: Tue, 25 Apr 2017 16:44:03 -0500
Subject: [PATCH] Prevent timer value 0 for MWAITX
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1065717
Git-commit: 88d879d29f9cc0de2d930b584285638cdada6625
-Patch-mainline: v4.11
-References: bsc#1065717
+
+commit 88d879d29f9cc0de2d930b584285638cdada6625 upstream.
Newer hardware has uncovered a bug in the software implementation of
using MWAITX for the delay function. A value of 0 for the timer is meant
@@ -26,13 +27,14 @@ Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
Link: http://lkml.kernel.org/r/1493156643-29366-1-git-send-email-Janakarajan.Natarajan@amd.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/lib/delay.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c
-index a8e91ae89fb3..29df077cb089 100644
+index e912b2f6d36e..45772560aceb 100644
--- a/arch/x86/lib/delay.c
+++ b/arch/x86/lib/delay.c
@@ -93,6 +93,13 @@ static void delay_mwaitx(unsigned long __loops)
@@ -50,5 +52,5 @@ index a8e91ae89fb3..29df077cb089 100644
for (;;) {
--
-2.13.6
+2.16.1
diff --git a/patches.drivers/0001-drivers-base-cacheinfo-fix-x86-with-CONFIG_OF-enable.patch b/patches.kernel.org/4.4.114-015-drivers-base-cacheinfo-fix-x86-with-CONFIG_OF.patch
index e6a7a2026c..cfe9f4bf6b 100644
--- a/patches.drivers/0001-drivers-base-cacheinfo-fix-x86-with-CONFIG_OF-enable.patch
+++ b/patches.kernel.org/4.4.114-015-drivers-base-cacheinfo-fix-x86-with-CONFIG_OF.patch
@@ -1,10 +1,11 @@
From: Sudeep Holla <sudeep.holla@arm.com>
Date: Fri, 28 Oct 2016 09:45:28 +0100
-Subject: drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
-
+Subject: [PATCH] drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1070001
Git-commit: fac51482577d5e05bbb0efa8d602a3c2111098bf
-Patch-mainline: v4.10-rc1
-References: bsc#1070001
+
+commit fac51482577d5e05bbb0efa8d602a3c2111098bf upstream.
With CONFIG_OF enabled on x86, we get the following error on boot:
"
@@ -24,8 +25,9 @@ This patch also sets that boolean for x86.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/kernel/cpu/intel_cacheinfo.c | 2 ++
drivers/base/cacheinfo.c | 3 +++
@@ -33,7 +35,7 @@ Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
3 files changed, 6 insertions(+)
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
-index de6626c18e42..be6337156502 100644
+index e38d338a6447..b4ca91cf55b0 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
@@ -934,6 +934,8 @@ static int __populate_cache_leaves(unsigned int cpu)
@@ -72,5 +74,5 @@ index 2189935075b4..a951fd10aaaa 100644
/*
--
-2.11.0
+2.16.1
diff --git a/patches.drivers/0001-drivers-base-cacheinfo-fix-boot-error-message-when-a.patch b/patches.kernel.org/4.4.114-016-drivers-base-cacheinfo-fix-boot-error-message.patch
index 1f137ddac5..a587bd3ad2 100644
--- a/patches.drivers/0001-drivers-base-cacheinfo-fix-boot-error-message-when-a.patch
+++ b/patches.kernel.org/4.4.114-016-drivers-base-cacheinfo-fix-boot-error-message.patch
@@ -1,10 +1,12 @@
From: Sudeep Holla <sudeep.holla@arm.com>
Date: Fri, 28 Oct 2016 09:45:29 +0100
-Subject: drivers: base: cacheinfo: fix boot error message when acpi is enabled
-
+Subject: [PATCH] drivers: base: cacheinfo: fix boot error message when acpi is
+ enabled
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1057849
Git-commit: 55877ef45fbd7f975d078426866b7d1a2435dcc3
-Patch-mainline: v4.10-rc1
-References: bsc#1057849
+
+commit 55877ef45fbd7f975d078426866b7d1a2435dcc3 upstream.
ARM64 enables both CONFIG_OF and CONFIG_ACPI and the firmware can pass
both ACPI tables and the device tree. Based on the kernel parameter, one
@@ -27,8 +29,9 @@ hierarchy can be detected from the firmware(OF/DT/ACPI)
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/base/cacheinfo.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
@@ -75,5 +78,5 @@ index ecde8957835a..70e13cf06ed0 100644
}
return 0;
--
-2.11.0
+2.16.1
diff --git a/patches.arch/arm64-0001-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch b/patches.kernel.org/4.4.114-017-PCI-layerscape-Add-fsl-ls2085a-pcie-compatibl.patch
index 10bf17d055..8a7e6ef2f0 100644
--- a/patches.arch/arm64-0001-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch
+++ b/patches.kernel.org/4.4.114-017-PCI-layerscape-Add-fsl-ls2085a-pcie-compatibl.patch
@@ -1,10 +1,11 @@
-From dbae40b76abef2f8a7e7bf1701f77df9e73def48 Mon Sep 17 00:00:00 2001
From: Yang Shi <yang.shi@linaro.org>
Date: Wed, 27 Jan 2016 09:32:05 -0800
Subject: [PATCH] PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
-Patch-mainline: v4.6-rc1
+Patch-mainline: 4.4.114
+References: FATE#319900 bnc#1012382
Git-commit: dbae40b76abef2f8a7e7bf1701f77df9e73def48
-References: fate#319900
+
+commit dbae40b76abef2f8a7e7bf1701f77df9e73def48 upstream.
The Layerscape PCI host driver must recognize ls2085a compatible when using
firmware with ls2085a compatible property, otherwise the PCI bus won't be
@@ -13,12 +14,14 @@ detected even though ls2085a compatible is included by the dts.
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/pci/host/pci-layerscape.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/host/pci-layerscape.c b/drivers/pci/host/pci-layerscape.c
-index 3923bed..c40d8b2 100644
+index 3923bed93c7e..c40d8b2ce330 100644
--- a/drivers/pci/host/pci-layerscape.c
+++ b/drivers/pci/host/pci-layerscape.c
@@ -203,6 +203,7 @@ static const struct of_device_id ls_pcie_of_match[] = {
@@ -30,5 +33,5 @@ index 3923bed..c40d8b2 100644
};
MODULE_DEVICE_TABLE(of, ls_pcie_of_match);
--
-2.6.2
+2.16.1
diff --git a/patches.arch/arm64-0002-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch b/patches.kernel.org/4.4.114-018-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch
index 91815b2182..2d978e0add 100644
--- a/patches.arch/arm64-0002-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch
+++ b/patches.kernel.org/4.4.114-018-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch
@@ -1,10 +1,11 @@
-From 1195c103f6c98d9ff381cac3a8760d4f8a133627 Mon Sep 17 00:00:00 2001
From: Minghuan Lian <Minghuan.Lian@nxp.com>
Date: Mon, 29 Feb 2016 17:24:15 -0600
Subject: [PATCH] PCI: layerscape: Fix MSG TLP drop setting
-Patch-mainline: v4.5
+Patch-mainline: 4.4.114
+References: FATE#319900 FATE#320030 bnc#1012382
Git-commit: 1195c103f6c98d9ff381cac3a8760d4f8a133627
-References: fate#319900 fate#320030
+
+commit 1195c103f6c98d9ff381cac3a8760d4f8a133627 upstream.
Some kinds of Layerscape PCIe controllers will forward the received message
TLPs to system application address space, which could corrupt system memory
@@ -13,12 +14,14 @@ or lead to a system hang. Enable MSG_DROP to fix this issue.
Signed-off-by: Minghuan Lian <Minghuan.Lian@nxp.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/pci/host/pci-layerscape.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/drivers/pci/host/pci-layerscape.c b/drivers/pci/host/pci-layerscape.c
-index 3923bed..f39961b 100644
+index c40d8b2ce330..a21e229d95e0 100644
--- a/drivers/pci/host/pci-layerscape.c
+++ b/drivers/pci/host/pci-layerscape.c
@@ -77,6 +77,16 @@ static void ls_pcie_fix_class(struct ls_pcie *pcie)
@@ -71,5 +74,5 @@ index 3923bed..f39961b 100644
}
--
-2.6.2
+2.16.1
diff --git a/patches.arch/arm64-mmc-sdhci-of-esdhc-add-remove-some-quirks-according-.patch b/patches.kernel.org/4.4.114-019-mmc-sdhci-of-esdhc-add-remove-some-quirks-acc.patch
index a8f7b1577e..d0d969bc8c 100644
--- a/patches.arch/arm64-mmc-sdhci-of-esdhc-add-remove-some-quirks-according-.patch
+++ b/patches.kernel.org/4.4.114-019-mmc-sdhci-of-esdhc-add-remove-some-quirks-acc.patch
@@ -1,11 +1,12 @@
-From 1ef5e49e46b919052474d9b54a15debc79ff0133 Mon Sep 17 00:00:00 2001
From: yangbo lu <yangbo.lu@freescale.com>
Date: Wed, 25 Nov 2015 10:05:37 +0800
Subject: [PATCH] mmc: sdhci-of-esdhc: add/remove some quirks according to
vendor version
-Patch-mainline: v4.5-rc1
+Patch-mainline: 4.4.114
+References: FATE#319900 FATE#320030 bnc#1012382
Git-commit: 1ef5e49e46b919052474d9b54a15debc79ff0133
-References: fate#320030 fate#319900
+
+commit 1ef5e49e46b919052474d9b54a15debc79ff0133 upstream.
A previous patch had removed esdhc_of_platform_init() by mistake.
static void esdhc_of_platform_init(struct sdhci_host *host)
@@ -28,12 +29,14 @@ Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Fixes: f4932cfd22f1 ("mmc: sdhci-of-esdhc: support both BE and LE host controller")
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/mmc/host/sdhci-of-esdhc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
-index 90e94a0..83b1226 100644
+index 90e94a028a49..83b1226471c1 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -584,6 +584,8 @@ static int sdhci_esdhc_probe(struct platform_device *pdev)
@@ -61,5 +64,5 @@ index 90e94a0..83b1226 100644
of_device_is_compatible(np, "fsl,p5020-esdhc") ||
of_device_is_compatible(np, "fsl,p4080-esdhc") ||
--
-2.6.2
+2.16.1
diff --git a/patches.fixes/fs-select-add-vmalloc-fallback-for-select2.patch b/patches.kernel.org/4.4.114-020-fs-select-add-vmalloc-fallback-for-select-2.patch
index 2d2fc31a27..31ed9f01de 100644
--- a/patches.fixes/fs-select-add-vmalloc-fallback-for-select2.patch
+++ b/patches.kernel.org/4.4.114-020-fs-select-add-vmalloc-fallback-for-select-2.patch
@@ -1,9 +1,11 @@
From: Vlastimil Babka <vbabka@suse.cz>
Date: Tue, 11 Oct 2016 13:51:14 -0700
-Subject: fs/select: add vmalloc fallback for select(2)
+Subject: [PATCH] fs/select: add vmalloc fallback for select(2)
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1000189
Git-commit: 2d19309cf86883f634a4f8ec55a54bda87db19bf
-Patch-mainline: v4.9-rc1
-References: bsc#1000189
+
+commit 2d19309cf86883f634a4f8ec55a54bda87db19bf upstream.
The select(2) syscall performs a kmalloc(size, GFP_KERNEL) where size grows
with the number of fds passed. We had a customer report page allocation
@@ -37,10 +39,14 @@ Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Jason Baron <jbaron@akamai.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- fs/select.c | 14 +++++++++++---
+ fs/select.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
+diff --git a/fs/select.c b/fs/select.c
+index 015547330e88..f4dd55fc638c 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -29,6 +29,7 @@
@@ -51,7 +57,7 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
#include <asm/uaccess.h>
-@@ -550,7 +551,7 @@ int core_sys_select(int n, fd_set __user
+@@ -550,7 +551,7 @@ int core_sys_select(int n, fd_set __user *inp, fd_set __user *outp,
fd_set_bits fds;
void *bits;
int ret, max_fds;
@@ -60,7 +66,7 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
struct fdtable *fdt;
/* Allocate small arguments on the stack to save memory and be faster */
long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];
-@@ -577,7 +578,14 @@ int core_sys_select(int n, fd_set __user
+@@ -577,7 +578,14 @@ int core_sys_select(int n, fd_set __user *inp, fd_set __user *outp,
if (size > sizeof(stack_fds) / 6) {
/* Not enough space in on-stack array; must use kmalloc */
ret = -ENOMEM;
@@ -76,7 +82,7 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
if (!bits)
goto out_nofds;
}
-@@ -614,7 +622,7 @@ int core_sys_select(int n, fd_set __user
+@@ -614,7 +622,7 @@ int core_sys_select(int n, fd_set __user *inp, fd_set __user *outp,
out:
if (bits != stack_fds)
@@ -85,3 +91,6 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
out_nofds:
return ret;
}
+--
+2.16.1
+
diff --git a/patches.fixes/mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-holes-i.patch b/patches.kernel.org/4.4.114-021-mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-.patch
index 78f7d6055f..c010d09317 100644
--- a/patches.fixes/mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-holes-i.patch
+++ b/patches.kernel.org/4.4.114-021-mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-.patch
@@ -1,11 +1,12 @@
-From 561b5e0709e4a248c67d024d4d94b6e31e3edf2f Mon Sep 17 00:00:00 2001
From: Michal Hocko <mhocko@suse.com>
Date: Mon, 10 Jul 2017 15:49:51 -0700
Subject: [PATCH] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the
stack
+Patch-mainline: 4.4.114
+References: bnc#1012382 bnc#1039348
Git-commit: 561b5e0709e4a248c67d024d4d94b6e31e3edf2f
-Patch-mainline: 4.13-rc1
-References: bnc#1039348
+
+commit 561b5e0709e4a248c67d024d4d94b6e31e3edf2f upstream.
Commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas") has
introduced a regression in some rust and Java environments which are
@@ -33,14 +34,17 @@ Cc: Rik van Riel <riel@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- mm/mmap.c | 6 ++++--
+ mm/mmap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
+diff --git a/mm/mmap.c b/mm/mmap.c
+index eaa460ddcaf9..cc84b97ca250 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
-@@ -2196,7 +2196,8 @@ int expand_upwards(struct vm_area_struct
+@@ -2188,7 +2188,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
gap_addr = TASK_SIZE;
next = vma->vm_next;
@@ -50,7 +54,7 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
if (!(next->vm_flags & VM_GROWSUP))
return -ENOMEM;
/* Check that both stack segments have the same anon_vma? */
-@@ -2281,7 +2282,8 @@ int expand_downwards(struct vm_area_stru
+@@ -2273,7 +2274,8 @@ int expand_downwards(struct vm_area_struct *vma,
if (gap_addr > address)
return -ENOMEM;
prev = vma->vm_prev;
@@ -60,3 +64,6 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
if (!(prev->vm_flags & VM_GROWSDOWN))
return -ENOMEM;
/* Check that both stack segments have the same anon_vma? */
+--
+2.16.1
+
diff --git a/patches.fixes/hwpoison-memcg-forcibly-uncharge-LRU-pages.patch b/patches.kernel.org/4.4.114-022-hwpoison-memcg-forcibly-uncharge-LRU-pages.patch
index d6210db1c9..5c94a5fd02 100644
--- a/patches.fixes/hwpoison-memcg-forcibly-uncharge-LRU-pages.patch
+++ b/patches.kernel.org/4.4.114-022-hwpoison-memcg-forcibly-uncharge-LRU-pages.patch
@@ -1,10 +1,11 @@
-From 18365225f0440d09708ad9daade2ec11275c3df9 Mon Sep 17 00:00:00 2001
From: Michal Hocko <mhocko@suse.com>
Date: Fri, 12 May 2017 15:46:26 -0700
Subject: [PATCH] hwpoison, memcg: forcibly uncharge LRU pages
+Patch-mainline: 4.4.114
+References: bnc#1012382 bnc#1046105
Git-commit: 18365225f0440d09708ad9daade2ec11275c3df9
-Patch-mainline: 4.12-rc1
-References: bnc#1046105
+
+commit 18365225f0440d09708ad9daade2ec11275c3df9 upstream.
Laurent Dufour has noticed that hwpoinsoned pages are kept charged. In
his particular case he has hit a bad_page("page still charged to
@@ -32,17 +33,18 @@ Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
mm/memcontrol.c | 2 +-
mm/memory-failure.c | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index ff73899af61a..94172089f52f 100644
+index e25b93a4267d..55a9facb8e8d 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
-@@ -5528,7 +5528,7 @@ static void uncharge_list(struct list_head *page_list)
+@@ -5576,7 +5576,7 @@ static void uncharge_list(struct list_head *page_list)
next = page->lru.next;
VM_BUG_ON_PAGE(PageLRU(page), page);
@@ -52,7 +54,7 @@ index ff73899af61a..94172089f52f 100644
if (!page->mem_cgroup)
continue;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 73066b80d14a..2527dfeddb00 100644
+index 091fe9b06663..92a647957f91 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -539,6 +539,13 @@ static int delete_from_lru_cache(struct page *p)
@@ -70,5 +72,5 @@ index 73066b80d14a..2527dfeddb00 100644
* drop the page count elevated by isolate_lru_page()
*/
--
-1.8.5.6
+2.16.1
diff --git a/patches.fixes/cma-fix-calculation-of-aligned-offset.patch b/patches.kernel.org/4.4.114-023-cma-fix-calculation-of-aligned-offset.patch
index b2dcf7288c..d2cf0fd8fe 100644
--- a/patches.fixes/cma-fix-calculation-of-aligned-offset.patch
+++ b/patches.kernel.org/4.4.114-023-cma-fix-calculation-of-aligned-offset.patch
@@ -1,9 +1,11 @@
From: Doug Berger <opendmb@gmail.com>
Date: Mon, 10 Jul 2017 15:49:44 -0700
-Subject: cma: fix calculation of aligned offset
+Subject: [PATCH] cma: fix calculation of aligned offset
+Patch-mainline: 4.4.114
+References: Functionality VM bnc#1012382 bsc#1050060
Git-commit: e048cb32f69038aa1c8f11e5c1b331be4181659d
-Patch-mainline: v4.13-rc1
-References: VM Functionality, bsc#1050060
+
+commit e048cb32f69038aa1c8f11e5c1b331be4181659d upstream.
The align_offset parameter is used by bitmap_find_next_zero_area_off()
to represent the offset of map's base from the previous alignment
@@ -42,13 +44,17 @@ Cc: Jaewon Kim <jaewon31.kim@samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- mm/cma.c | 15 ++++++---------
+ mm/cma.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
+diff --git a/mm/cma.c b/mm/cma.c
+index bd0e1412475e..43f4a122e969 100644
--- a/mm/cma.c
+++ b/mm/cma.c
-@@ -54,7 +54,7 @@ unsigned long cma_get_size(const struct
+@@ -54,7 +54,7 @@ unsigned long cma_get_size(const struct cma *cma)
}
static unsigned long cma_bitmap_aligned_mask(const struct cma *cma,
@@ -57,7 +63,7 @@ Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
{
if (align_order <= cma->order_per_bit)
return 0;
-@@ -62,17 +62,14 @@ static unsigned long cma_bitmap_aligned_
+@@ -62,17 +62,14 @@ static unsigned long cma_bitmap_aligned_mask(const struct cma *cma,
}
/*
@@ -80,3 +86,6 @@ Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
}
static unsigned long cma_bitmap_pages_to_bits(const struct cma *cma,
+--
+2.16.1
+
diff --git a/patches.fixes/mm-page_alloc-fix-potential-false-positive-in-_zone_watermark_ok.patch b/patches.kernel.org/4.4.114-024-mm-page_alloc-fix-potential-false-positive-in.patch
index 9bb77a96f3..d107b7ab4b 100644
--- a/patches.fixes/mm-page_alloc-fix-potential-false-positive-in-_zone_watermark_ok.patch
+++ b/patches.kernel.org/4.4.114-024-mm-page_alloc-fix-potential-false-positive-in.patch
@@ -1,9 +1,12 @@
From: Vlastimil Babka <vbabka@suse.cz>
Date: Wed, 15 Nov 2017 17:38:30 -0800
-Subject: mm, page_alloc: fix potential false positive in __zone_watermark_ok
+Subject: [PATCH] mm, page_alloc: fix potential false positive in
+ __zone_watermark_ok
+Patch-mainline: 4.4.114
+References: Git-fixes bnc#1012382 bsc#1068978
Git-commit: b050e3769c6b4013bb937e879fc43bf1847ee819
-Patch-mainline: v4.15-rc1
-References: Git-fixes, bsc#1068978
+
+commit b050e3769c6b4013bb937e879fc43bf1847ee819 upstream.
Since commit 97a16fc82a7c ("mm, page_alloc: only enforce watermarks for
order-0 allocations"), __zone_watermark_ok() check for high-order
@@ -32,13 +35,17 @@ Cc: David Rientjes <rientjes@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- mm/page_alloc.c | 6 +++---
+ mm/page_alloc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c
+index 3c70f03d91ec..a4c9cd80c7b6 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -2787,9 +2787,6 @@ static bool __zone_watermark_ok(struct z
+@@ -2468,9 +2468,6 @@ static bool __zone_watermark_ok(struct zone *z, unsigned int order,
if (!area->nr_free)
continue;
@@ -48,7 +55,7 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
for (mt = 0; mt < MIGRATE_PCPTYPES; mt++) {
if (!list_empty(&area->free_list[mt]))
return true;
-@@ -2801,6 +2798,9 @@ static bool __zone_watermark_ok(struct z
+@@ -2482,6 +2479,9 @@ static bool __zone_watermark_ok(struct zone *z, unsigned int order,
return true;
}
#endif
@@ -58,3 +65,6 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
}
return false;
}
+--
+2.16.1
+
diff --git a/patches.fixes/ipc-msg-make-msgrcv-work-with-LONG_MIN.patch b/patches.kernel.org/4.4.114-025-ipc-msg-make-msgrcv-work-with-LONG_MIN.patch
index 510e4bee45..a7e141a7cc 100644
--- a/patches.fixes/ipc-msg-make-msgrcv-work-with-LONG_MIN.patch
+++ b/patches.kernel.org/4.4.114-025-ipc-msg-make-msgrcv-work-with-LONG_MIN.patch
@@ -1,9 +1,11 @@
From: Jiri Slaby <jslaby@suse.cz>
Date: Wed, 14 Dec 2016 15:06:07 -0800
-Subject: ipc: msg, make msgrcv work with LONG_MIN
+Subject: [PATCH] ipc: msg, make msgrcv work with LONG_MIN
+Patch-mainline: 4.4.114
+References: bnc#1005918 bnc#1012382
Git-commit: 999898355e08ae3b92dfd0a08db706e0c6703d30
-Patch-mainline: v4.10-rc1
-References: bnc#1005918
+
+commit 999898355e08ae3b92dfd0a08db706e0c6703d30 upstream.
When LONG_MIN is passed to msgrcv, one would expect to recieve any
message. But convert_mode does *msgtyp = -*msgtyp and -LONG_MIN is
@@ -42,13 +44,16 @@ Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
- ipc/msg.c | 5 ++++-
+ ipc/msg.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/ipc/msg.c b/ipc/msg.c
+index c6521c205cb4..f993f441f852 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
-@@ -742,7 +742,10 @@ static inline int convert_mode(long *msg
+@@ -742,7 +742,10 @@ static inline int convert_mode(long *msgtyp, int msgflg)
if (*msgtyp == 0)
return SEARCH_ANY;
if (*msgtyp < 0) {
@@ -60,3 +65,6 @@ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
return SEARCH_LESSEQUAL;
}
if (msgflg & MSG_EXCEPT)
+--
+2.16.1
+
diff --git a/patches.fixes/0001-x86-ioapic-Fix-incorrect-pointers-in-ioapic_setup_re.patch b/patches.kernel.org/4.4.114-026-x86-ioapic-Fix-incorrect-pointers-in-ioapic_s.patch
index 77ca9d20b3..c90c0ffdd9 100644
--- a/patches.fixes/0001-x86-ioapic-Fix-incorrect-pointers-in-ioapic_setup_re.patch
+++ b/patches.kernel.org/4.4.114-026-x86-ioapic-Fix-incorrect-pointers-in-ioapic_s.patch
@@ -1,11 +1,12 @@
-From 47f3d745362bcecfa7900f27e3effd2c57f24850 Mon Sep 17 00:00:00 2001
From: Rui Wang <rui.y.wang@intel.com>
Date: Wed, 8 Jun 2016 14:59:52 +0800
-Git-commit: 9d98bcec731756b8688b59ec998707924d716d7b
-Patch-mainline: v4.7
-References: bsc#1027153, bsc#1027616
-Subject: [PATCH 1/9] x86/ioapic: Fix incorrect pointers in
+Subject: [PATCH] x86/ioapic: Fix incorrect pointers in
ioapic_setup_resources()
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1027153 bsc#1027616
+Git-commit: 9d98bcec731756b8688b59ec998707924d716d7b
+
+commit 9d98bcec731756b8688b59ec998707924d716d7b upstream.
On a 4-socket Brickland system, hot-removing one ioapic is fine.
Hot-removing the 2nd one causes panic in mp_unregister_ioapic()
@@ -41,15 +42,17 @@ Cc: bhelgaas@google.com
Link: http://lkml.kernel.org/r/1465369193-4816-3-git-send-email-rui.y.wang@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/kernel/apic/io_apic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index 8ca533b8c606..96e52172e341 100644
+index fc91c98bee01..fd945099fc95 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
-@@ -2590,8 +2590,8 @@ static struct resource * __init ioapic_setup_resources(void)
+@@ -2592,8 +2592,8 @@ static struct resource * __init ioapic_setup_resources(void)
res[num].flags = IORESOURCE_MEM | IORESOURCE_BUSY;
snprintf(mem, IOAPIC_RESOURCE_NAME_SIZE, "IOAPIC %u", i);
mem += IOAPIC_RESOURCE_NAME_SIZE;
@@ -60,5 +63,5 @@ index 8ca533b8c606..96e52172e341 100644
ioapic_resources = res;
--
-2.11.0.258.ge05806d
+2.16.1
diff --git a/patches.fixes/acpi-processor-avoid-reserving-io-regions-too-early b/patches.kernel.org/4.4.114-027-ACPI-processor-Avoid-reserving-IO-regions-too.patch
index 5e2114ff5b..d4f7d5c7b9 100644
--- a/patches.fixes/acpi-processor-avoid-reserving-io-regions-too-early
+++ b/patches.kernel.org/4.4.114-027-ACPI-processor-Avoid-reserving-IO-regions-too.patch
@@ -1,9 +1,11 @@
From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Date: Thu, 2 Jun 2016 01:57:50 +0200
-Subject: ACPI / processor: Avoid reserving IO regions too early
+Subject: [PATCH] ACPI / processor: Avoid reserving IO regions too early
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1051478
Git-commit: 86314751c7945fa0c67f459beeda2e7c610ca429
-Patch-mainline: v4.7-rc2
-References: bsc#1051478
+
+commit 86314751c7945fa0c67f459beeda2e7c610ca429 upstream.
Roland Dreier reports that one of his systems cannot boot because of
the changes made by commit ac212b6980d8 (ACPI / processor: Use common
@@ -36,14 +38,18 @@ Reported-by: Roland Dreier <roland@purestorage.com>
Tested-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/acpi/acpi_processor.c | 9 ---------
drivers/acpi/processor_throttling.c | 9 +++++++++
2 files changed, 9 insertions(+), 9 deletions(-)
+diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c
+index 9f77943653fb..b63a173786d5 100644
--- a/drivers/acpi/acpi_processor.c
+++ b/drivers/acpi/acpi_processor.c
-@@ -331,15 +331,6 @@ static int acpi_processor_get_info(struc
+@@ -331,15 +331,6 @@ static int acpi_processor_get_info(struct acpi_device *device)
pr->throttling.duty_width = acpi_gbl_FADT.duty_width;
pr->pblk = object.processor.pblk_address;
@@ -59,9 +65,11 @@ Acked-by: Joerg Roedel <jroedel@suse.de>
}
/*
+diff --git a/drivers/acpi/processor_throttling.c b/drivers/acpi/processor_throttling.c
+index f170d746336d..c72e64893d03 100644
--- a/drivers/acpi/processor_throttling.c
+++ b/drivers/acpi/processor_throttling.c
-@@ -676,6 +676,15 @@ static int acpi_processor_get_throttling
+@@ -676,6 +676,15 @@ static int acpi_processor_get_throttling_fadt(struct acpi_processor *pr)
if (!pr->flags.throttling)
return -ENODEV;
@@ -77,3 +85,6 @@ Acked-by: Joerg Roedel <jroedel@suse.de>
pr->throttling.state = 0;
duty_mask = pr->throttling.state_count - 1;
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-028-ACPI-scan-Prefer-devices-without-_HID-_CID-fo.patch b/patches.kernel.org/4.4.114-028-ACPI-scan-Prefer-devices-without-_HID-_CID-fo.patch
new file mode 100644
index 0000000000..9316668bd4
--- /dev/null
+++ b/patches.kernel.org/4.4.114-028-ACPI-scan-Prefer-devices-without-_HID-_CID-fo.patch
@@ -0,0 +1,63 @@
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Fri, 30 Dec 2016 02:27:31 +0100
+Subject: [PATCH] ACPI / scan: Prefer devices without _HID/_CID for _ADR
+ matching
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: fdad4e7a876a2cb3d2c1f04e5418c324e79fffef
+
+commit c2a6bbaf0c5f90463a7011a295bbdb7e33c80b51 upstream.
+
+The way acpi_find_child_device() works currently is that, if there
+are two (or more) devices with the same _ADR value in the same
+namespace scope (which is not specifically allowed by the spec and
+the OS behavior in that case is not defined), the first one of them
+found to be present (with the help of _STA) will be returned.
+
+This covers the majority of cases, but is not sufficient if some of
+the devices in question have a _HID (or _CID) returning some valid
+ACPI/PNP device IDs (which is disallowed by the spec) and the
+ASL writers' expectation appears to be that the OS will match
+devices without a valid ACPI/PNP device ID against a given bus
+address first.
+
+To cover this special case as well, modify find_child_checks()
+to prefer devices without ACPI/PNP device IDs over devices that
+have them.
+
+Suggested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/glue.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c
+index 73c9c7fa9001..f06317d6fc38 100644
+--- a/drivers/acpi/glue.c
++++ b/drivers/acpi/glue.c
+@@ -99,13 +99,13 @@ static int find_child_checks(struct acpi_device *adev, bool check_children)
+ return -ENODEV;
+
+ /*
+- * If the device has a _HID (or _CID) returning a valid ACPI/PNP
+- * device ID, it is better to make it look less attractive here, so that
+- * the other device with the same _ADR value (that may not have a valid
+- * device ID) can be matched going forward. [This means a second spec
+- * violation in a row, so whatever we do here is best effort anyway.]
++ * If the device has a _HID returning a valid ACPI/PNP device ID, it is
++ * better to make it look less attractive here, so that the other device
++ * with the same _ADR value (that may not have a valid device ID) can be
++ * matched going forward. [This means a second spec violation in a row,
++ * so whatever we do here is best effort anyway.]
+ */
+- return sta_present && list_empty(&adev->pnp.ids) ?
++ return sta_present && !adev->pnp.type.platform_id ?
+ FIND_CHILD_MAX_SCORE : FIND_CHILD_MIN_SCORE;
+ }
+
+--
+2.16.1
+
diff --git a/patches.fixes/0001-ACPICA-Namespace-fix-operand-cache-leak.patch b/patches.kernel.org/4.4.114-029-ACPICA-Namespace-fix-operand-cache-leak.patch
index 6bb77f8d3b..fb659db3c0 100644
--- a/patches.fixes/0001-ACPICA-Namespace-fix-operand-cache-leak.patch
+++ b/patches.kernel.org/4.4.114-029-ACPICA-Namespace-fix-operand-cache-leak.patch
@@ -1,11 +1,11 @@
-From 3b2d69114fefa474fca542e51119036dceb4aa6f Mon Sep 17 00:00:00 2001
From: Seunghun Han <kkamagui@gmail.com>
Date: Wed, 26 Apr 2017 16:18:08 +0800
Subject: [PATCH] ACPICA: Namespace: fix operand cache leak
-
+Patch-mainline: 4.4.114
+References: CVE-2017-11472 bnc#1012382 bsc#1049580
Git-commit: 3b2d69114fefa474fca542e51119036dceb4aa6f
-Patch-mainline: v4.12-rc1
-References: bsc#1049580, CVE-2017-11472
+
+commit 3b2d69114fefa474fca542e51119036dceb4aa6f upstream.
ACPICA commit a23325b2e583556eae88ed3f764e457786bf4df6
@@ -67,13 +67,17 @@ Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- drivers/acpi/acpica/nsutils.c | 23 +++++++++--------------
+ drivers/acpi/acpica/nsutils.c | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
+diff --git a/drivers/acpi/acpica/nsutils.c b/drivers/acpi/acpica/nsutils.c
+index de325ae04ce1..3b3c5b90bd20 100644
--- a/drivers/acpi/acpica/nsutils.c
+++ b/drivers/acpi/acpica/nsutils.c
-@@ -593,25 +593,20 @@ struct acpi_namespace_node *acpi_ns_vali
+@@ -593,25 +593,20 @@ struct acpi_namespace_node *acpi_ns_validate_handle(acpi_handle handle)
void acpi_ns_terminate(void)
{
acpi_status status;
@@ -108,3 +112,6 @@ Acked-by: Lee, Chun-Yi <jlee@suse.com>
/*
* Free the entire namespace -- all nodes and all objects
+--
+2.16.1
+
diff --git a/patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch b/patches.kernel.org/4.4.114-030-netfilter-x_tables-speed-up-jump-target-valid.patch
index 825cb62ae2..147cd115a3 100644
--- a/patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch
+++ b/patches.kernel.org/4.4.114-030-netfilter-x_tables-speed-up-jump-target-valid.patch
@@ -1,9 +1,11 @@
From: Florian Westphal <fw@strlen.de>
Date: Thu, 14 Jul 2016 17:51:26 +0200
-Subject: netfilter: x_tables: speed up jump target validation
-Patch-mainline: v4.8-rc1
+Subject: [PATCH] netfilter: x_tables: speed up jump target validation
+Patch-mainline: 4.4.114
+References: CVE-2016-4997 CVE-2016-4998 bnc#1012382 bsc#986362 bsc#986365
Git-commit: f4dc77713f8016d2e8a3295e1c9c53a21f296def
-References: CVE-2016-4997 CVE-2016-4998 bsc#986362 bsc#986365
+
+commit f4dc77713f8016d2e8a3295e1c9c53a21f296def upstream.
The dummy ruleset I used to test the original validation change was broken,
most rules were unreachable and were not tested by mark_source_chains().
@@ -46,7 +48,8 @@ Tested-by: Jeff Wu <wujiafu@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
include/linux/netfilter/x_tables.h | 4 +++
net/ipv4/netfilter/arp_tables.c | 47 ++++++++++++++++++-----------------
@@ -184,16 +187,16 @@ index 6e3e0e8b1ce3..d6531c544a82 100644
/* Finally, each sanity check must pass */
i = 0;
-@@ -720,6 +720,9 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0,
+@@ -719,6 +719,9 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0,
+ return ret;
}
- return ret;
++ return ret;
+ out_free:
+ kvfree(offsets);
-+ return ret;
+ return ret;
}
- static void get_counters(const struct xt_table_info *t,
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index a399c5419622..2ba158f2cb72 100644
--- a/net/ipv4/netfilter/ip_tables.c
@@ -304,16 +307,16 @@ index a399c5419622..2ba158f2cb72 100644
/* Finally, each sanity check must pass */
i = 0;
-@@ -885,6 +885,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
+@@ -884,6 +884,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
+ return ret;
}
- return ret;
++ return ret;
+ out_free:
+ kvfree(offsets);
-+ return ret;
+ return ret;
}
- static void
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 22f39e00bef3..c26bed92f523 100644
--- a/net/ipv6/netfilter/ip6_tables.c
@@ -424,18 +427,18 @@ index 22f39e00bef3..c26bed92f523 100644
/* Finally, each sanity check must pass */
i = 0;
-@@ -897,6 +897,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
+@@ -896,6 +896,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
+ return ret;
}
- return ret;
++ return ret;
+ out_free:
+ kvfree(offsets);
-+ return ret;
+ return ret;
}
- static void
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
-index c7b7cecb5bd1..6794cf8210ed 100644
+index 2fc6ca9d1286..7b42b0ad3f9b 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -701,6 +701,56 @@ int xt_check_entry_offsets(const void *base,
@@ -496,5 +499,5 @@ index c7b7cecb5bd1..6794cf8210ed 100644
unsigned int size, u_int8_t proto, bool inv_proto)
{
--
-2.9.2
+2.16.1
diff --git a/patches.fixes/netfilter-arp_tables-fix-invoking-32bit-iptable-P-IN.patch b/patches.kernel.org/4.4.114-031-netfilter-arp_tables-fix-invoking-32bit-iptab.patch
index c55c89beb9..e8b418674b 100644
--- a/patches.fixes/netfilter-arp_tables-fix-invoking-32bit-iptable-P-IN.patch
+++ b/patches.kernel.org/4.4.114-031-netfilter-arp_tables-fix-invoking-32bit-iptab.patch
@@ -1,9 +1,12 @@
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 29 Nov 2016 21:56:26 -0500
-Subject: netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
-Patch-mainline: v4.9-rc8
+Subject: [PATCH] netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT
+ ACCEPT" failed in 64bit kernel
+Patch-mainline: 4.4.114
+References: CVE-2016-4997 CVE-2016-4998 bnc#1012382 bsc#986362 bsc#986365
Git-commit: 17a49cd549d9dc8707dc9262210166455c612dde
-References: CVE-2016-4997 CVE-2016-4998 bsc#986362 bsc#986365
+
+commit 17a49cd549d9dc8707dc9262210166455c612dde upstream.
Since 09d9686047db ("netfilter: x_tables: do compat validation via
translate_table"), it used compatr structure to assign newinfo
@@ -26,7 +29,9 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/ipv4/netfilter/arp_tables.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -47,5 +52,5 @@ index d6531c544a82..c75211528991 100644
entry1 = newinfo->entries;
pos = entry1;
--
-2.12.2
+2.16.1
diff --git a/patches.fixes/netfilter-nf_dup_ipv6-set-again-FLOWI_FLAG_KNOWN_NH-.patch b/patches.kernel.org/4.4.114-032-netfilter-nf_dup_ipv6-set-again-FLOWI_FLAG_KN.patch
index b35908e514..9728fac471 100644
--- a/patches.fixes/netfilter-nf_dup_ipv6-set-again-FLOWI_FLAG_KNOWN_NH-.patch
+++ b/patches.kernel.org/4.4.114-032-netfilter-nf_dup_ipv6-set-again-FLOWI_FLAG_KN.patch
@@ -1,9 +1,12 @@
From: Paolo Abeni <pabeni@redhat.com>
Date: Thu, 26 May 2016 19:08:10 +0200
-Subject: netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
-Patch-mainline: v4.7-rc3
+Subject: [PATCH] netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at
+ flowi6_flags
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1042286
Git-commit: 83170f3beccccd7ceb4f9a0ac0c4dc736afde90c
-References: bsc#1042286
+
+commit 83170f3beccccd7ceb4f9a0ac0c4dc736afde90c upstream.
With the commit 48e8aa6e3137 ("ipv6: Set FLOWI_FLAG_KNOWN_NH at
flowi6_flags") ip6_pol_route() callers were asked to to set the
@@ -17,7 +20,8 @@ Fixes: bbde9fc1824a ("netfilter: factor out packet duplication for IPv4/IPv6")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/ipv6/netfilter/nf_dup_ipv6.c | 1 +
1 file changed, 1 insertion(+)
@@ -35,5 +39,5 @@ index 6989c70ae29f..4a84b5ad9ecb 100644
if (dst->error) {
dst_release(dst);
--
-2.13.0
+2.16.1
diff --git a/patches.fixes/netfilter-nf_ct_expect-remove-the-redundant-slash-wh.patch b/patches.kernel.org/4.4.114-033-netfilter-nf_ct_expect-remove-the-redundant-s.patch
index 62c9151d47..450ee506b5 100644
--- a/patches.fixes/netfilter-nf_ct_expect-remove-the-redundant-slash-wh.patch
+++ b/patches.kernel.org/4.4.114-033-netfilter-nf_ct_expect-remove-the-redundant-s.patch
@@ -1,9 +1,12 @@
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Mon, 8 Aug 2016 21:57:58 +0800
-Subject: netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
-Patch-mainline: v4.8-rc3
+Subject: [PATCH] netfilter: nf_ct_expect: remove the redundant slash when
+ policy name is empty
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1042286
Git-commit: b173a28f62cf929324a8a6adcc45adadce311d16
-References: bsc#1042286
+
+commit b173a28f62cf929324a8a6adcc45adadce311d16 upstream.
The 'name' filed in struct nf_conntrack_expect_policy{} is not a
pointer, so check it is NULL or not will always return true. Even if the
@@ -16,13 +19,14 @@ Fixes: 3a8fc53a45c4 ("netfilter: nf_ct_helper: allocate 16 bytes for the helper
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/netfilter/nf_conntrack_expect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
-index acf5c7b3f378..fbbb16b58696 100644
+index 7f16d19d6198..a91f8bd51d05 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -560,7 +560,7 @@ static int exp_seq_show(struct seq_file *s, void *v)
@@ -35,5 +39,5 @@ index acf5c7b3f378..fbbb16b58696 100644
helper->expect_policy[expect->class].name);
}
--
-2.13.0
+2.16.1
diff --git a/patches.fixes/netfilter-nfnetlink_queue-reject-verdict-request-fro.patch b/patches.kernel.org/4.4.114-034-netfilter-nfnetlink_queue-reject-verdict-requ.patch
index f3d8e25311..612cb20d2f 100644
--- a/patches.fixes/netfilter-nfnetlink_queue-reject-verdict-request-fro.patch
+++ b/patches.kernel.org/4.4.114-034-netfilter-nfnetlink_queue-reject-verdict-requ.patch
@@ -1,9 +1,12 @@
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Mon, 8 Aug 2016 22:07:27 +0800
-Subject: netfilter: nfnetlink_queue: reject verdict request from different portid
-Patch-mainline: v4.8-rc3
+Subject: [PATCH] netfilter: nfnetlink_queue: reject verdict request from
+ different portid
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1042286
Git-commit: 00a3101f561816e58de054a470484996f78eb5eb
-References: bsc#1042286
+
+commit 00a3101f561816e58de054a470484996f78eb5eb upstream.
Like NFQNL_MSG_VERDICT_BATCH do, we should also reject the verdict
request when the portid is not same with the initial portid(maybe
@@ -14,16 +17,17 @@ Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/netfilter/nfnetlink_queue.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
-index 861c6615253b..e4a680dba6f1 100644
+index f6837f9b6d6c..c14d2e8eaec3 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
-@@ -1048,10 +1048,8 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
+@@ -1053,10 +1053,8 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
struct net *net = sock_net(ctnl);
struct nfnl_queue_net *q = nfnl_queue_pernet(net);
@@ -37,5 +41,5 @@ index 861c6615253b..e4a680dba6f1 100644
return PTR_ERR(queue);
--
-2.13.0
+2.16.1
diff --git a/patches.fixes/netfilter-restart-search-if-moved-to-other-chain.patch b/patches.kernel.org/4.4.114-035-netfilter-restart-search-if-moved-to-other-ch.patch
index 93f62c05ac..c75f98c3c1 100644
--- a/patches.fixes/netfilter-restart-search-if-moved-to-other-chain.patch
+++ b/patches.kernel.org/4.4.114-035-netfilter-restart-search-if-moved-to-other-ch.patch
@@ -1,9 +1,11 @@
From: Florian Westphal <fw@strlen.de>
Date: Thu, 25 Aug 2016 15:33:29 +0200
-Subject: netfilter: restart search if moved to other chain
-Patch-mainline: v4.9-rc1
+Subject: [PATCH] netfilter: restart search if moved to other chain
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1042286
Git-commit: 95a8d19f28e6b29377a880c6264391a62e07fccc
-References: bsc#1042286
+
+commit 95a8d19f28e6b29377a880c6264391a62e07fccc upstream.
In case nf_conntrack_tuple_taken did not find a conflicting entry
check that all entries in this hash slot were tested and restart
@@ -15,7 +17,8 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/netfilter/nf_conntrack_core.c | 7 +++++++
1 file changed, 7 insertions(+)
@@ -46,5 +49,5 @@ index 86a3c6f0c871..5f747089024f 100644
return 0;
--
-2.13.0
+2.16.1
diff --git a/patches.fixes/netfilter-nf_conntrack_sip-extend-request-line-valid.patch b/patches.kernel.org/4.4.114-036-netfilter-nf_conntrack_sip-extend-request-lin.patch
index c73eab1c01..8e3f6fd896 100644
--- a/patches.fixes/netfilter-nf_conntrack_sip-extend-request-line-valid.patch
+++ b/patches.kernel.org/4.4.114-036-netfilter-nf_conntrack_sip-extend-request-lin.patch
@@ -1,9 +1,11 @@
From: Ulrich Weber <ulrich.weber@riverbed.com>
Date: Mon, 24 Oct 2016 18:07:23 +0200
-Subject: netfilter: nf_conntrack_sip: extend request line validation
-Patch-mainline: v4.9-rc6
+Subject: [PATCH] netfilter: nf_conntrack_sip: extend request line validation
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1042286
Git-commit: 444f901742d054a4cd5ff045871eac5131646cfb
-References: bsc#1042286
+
+commit 444f901742d054a4cd5ff045871eac5131646cfb upstream.
on SIP requests, so a fragmented TCP SIP packet from an allow header starting with
INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE,SUBSCRIBE
@@ -19,7 +21,8 @@ Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
Acked-by: Marco Angaroni <marcoangaroni@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/netfilter/nf_conntrack_sip.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
@@ -43,5 +46,5 @@ index 885b4aba3695..1665c2159e4b 100644
if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
&matchoff, &matchlen) <= 0) {
--
-2.13.0
+2.16.1
diff --git a/patches.fixes/netfilter-use-fwmark_reflect-in-nf_send_reset.patch b/patches.kernel.org/4.4.114-037-netfilter-use-fwmark_reflect-in-nf_send_reset.patch
index b37b2b3a1b..6b9548ae45 100644
--- a/patches.fixes/netfilter-use-fwmark_reflect-in-nf_send_reset.patch
+++ b/patches.kernel.org/4.4.114-037-netfilter-use-fwmark_reflect-in-nf_send_reset.patch
@@ -1,9 +1,11 @@
From: Pau Espin Pedrol <pau.espin@tessares.net>
Date: Fri, 6 Jan 2017 20:33:27 +0100
-Subject: netfilter: use fwmark_reflect in nf_send_reset
-Patch-mainline: v4.10-rc6
+Subject: [PATCH] netfilter: use fwmark_reflect in nf_send_reset
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1042286
Git-commit: cc31d43b4154ad5a7d8aa5543255a93b7e89edc2
-References: bsc#1042286
+
+commit cc31d43b4154ad5a7d8aa5543255a93b7e89edc2 upstream.
Otherwise, RST packets generated by ipt_REJECT always have mark 0 when
the routing is checked later in the same code path.
@@ -13,7 +15,8 @@ Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pau Espin Pedrol <pau.espin@tessares.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/ipv4/netfilter/nf_reject_ipv4.c | 2 ++
net/ipv6/netfilter/nf_reject_ipv6.c | 3 +++
@@ -54,5 +57,5 @@ index e0f922b777e3..7117e5bef412 100644
ip6h = nf_reject_ip6hdr_put(nskb, oldskb, IPPROTO_TCP,
ip6_dst_hoplimit(dst));
--
-2.13.0
+2.16.1
diff --git a/patches.fixes/netfilter-fix-IS_ERR_VALUE-usage.patch b/patches.kernel.org/4.4.114-038-netfilter-fix-IS_ERR_VALUE-usage.patch
index b4d359fc7e..78241f922b 100644
--- a/patches.fixes/netfilter-fix-IS_ERR_VALUE-usage.patch
+++ b/patches.kernel.org/4.4.114-038-netfilter-fix-IS_ERR_VALUE-usage.patch
@@ -1,9 +1,11 @@
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 29 Apr 2016 10:39:34 +0200
-Subject: netfilter: fix IS_ERR_VALUE usage
-Patch-mainline: v4.7-rc1
+Subject: [PATCH] netfilter: fix IS_ERR_VALUE usage
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1052888
Git-commit: 92b4423e3a0bc5d43ecde4bcad871f8b5ba04efd
-References: bsc#1052888
+
+commit 92b4423e3a0bc5d43ecde4bcad871f8b5ba04efd upstream.
This is a forward-port of the original patch from Andrzej Hajda,
he said:
@@ -26,8 +28,9 @@ http://patchwork.ozlabs.org/patch/582970/
This patch has clashed with input validation fixes for x_tables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
include/linux/netfilter/x_tables.h | 6 +++---
net/ipv4/netfilter/arp_tables.c | 6 ++++--
@@ -118,5 +121,5 @@ index c26bed92f523..bb1b5453a7a1 100644
j = 0;
mtpar.net = net;
--
-2.14.1
+2.16.1
diff --git a/patches.fixes/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch b/patches.kernel.org/4.4.114-039-netfilter-nfnetlink_cthelper-Add-missing-perm.patch
index 10bd013cc6..05abe538fa 100644
--- a/patches.fixes/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch
+++ b/patches.kernel.org/4.4.114-039-netfilter-nfnetlink_cthelper-Add-missing-perm.patch
@@ -1,9 +1,11 @@
From: Kevin Cernekee <cernekee@chromium.org>
Date: Sun, 3 Dec 2017 12:12:45 -0800
-Subject: netfilter: nfnetlink_cthelper: Add missing permission checks
-Patch-mainline: v4.15-rc4
+Subject: [PATCH] netfilter: nfnetlink_cthelper: Add missing permission checks
+Patch-mainline: 4.4.114
+References: CVE-2017-17448 bnc#1012382 bsc#1071693
Git-commit: 4b380c42f7d00a395feede754f0bc2292eebe6e5
-References: CVE-2017-17448 bsc#1071693
+
+commit 4b380c42f7d00a395feede754f0bc2292eebe6e5 upstream.
The capability check in nfnetlink_rcv() verifies that the caller
has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
@@ -30,11 +32,14 @@ trying to generalize the solution.
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
+ net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
1 file changed, 10 insertions(+)
+diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
+index 8d34a488efc0..ac143ae4f7b6 100644
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -17,6 +17,7 @@
@@ -45,7 +50,7 @@ Acked-by: Michal Kubecek <mkubecek@suse.cz>
#include <net/netlink.h>
#include <net/sock.h>
-@@ -392,6 +393,9 @@ nfnl_cthelper_new(struct sock *nfnl, str
+@@ -392,6 +393,9 @@ nfnl_cthelper_new(struct sock *nfnl, struct sk_buff *skb,
struct nfnl_cthelper *nlcth;
int ret = 0;
@@ -55,7 +60,7 @@ Acked-by: Michal Kubecek <mkubecek@suse.cz>
if (!tb[NFCTH_NAME] || !tb[NFCTH_TUPLE])
return -EINVAL;
-@@ -595,6 +599,9 @@ nfnl_cthelper_get(struct sock *nfnl, str
+@@ -595,6 +599,9 @@ nfnl_cthelper_get(struct sock *nfnl, struct sk_buff *skb,
struct nfnl_cthelper *nlcth;
bool tuple_set = false;
@@ -65,7 +70,7 @@ Acked-by: Michal Kubecek <mkubecek@suse.cz>
if (nlh->nlmsg_flags & NLM_F_DUMP) {
struct netlink_dump_control c = {
.dump = nfnl_cthelper_dump_table,
-@@ -661,6 +668,9 @@ nfnl_cthelper_del(struct sock *nfnl, str
+@@ -661,6 +668,9 @@ nfnl_cthelper_del(struct sock *nfnl, struct sk_buff *skb,
struct nfnl_cthelper *nlcth, *n;
int j = 0, ret;
@@ -75,3 +80,6 @@ Acked-by: Michal Kubecek <mkubecek@suse.cz>
if (tb[NFCTH_NAME])
helper_name = nla_data(tb[NFCTH_NAME]);
+--
+2.16.1
+
diff --git a/patches.fixes/netfilter-xt_osf-Add-missing-permission-checks.patch b/patches.kernel.org/4.4.114-040-netfilter-xt_osf-Add-missing-permission-check.patch
index b8c0b9c056..eec5f9340c 100644
--- a/patches.fixes/netfilter-xt_osf-Add-missing-permission-checks.patch
+++ b/patches.kernel.org/4.4.114-040-netfilter-xt_osf-Add-missing-permission-check.patch
@@ -1,9 +1,11 @@
From: Kevin Cernekee <cernekee@chromium.org>
Date: Tue, 5 Dec 2017 15:42:41 -0800
-Subject: netfilter: xt_osf: Add missing permission checks
-Patch-mainline: v4.15-rc4
+Subject: [PATCH] netfilter: xt_osf: Add missing permission checks
+Patch-mainline: 4.4.114
+References: CVE-2017-17450 bnc#1012382 bsc#1071695
Git-commit: 916a27901de01446bcf57ecca4783f6cff493309
-References: CVE-2017-17450 bsc#1071695
+
+commit 916a27901de01446bcf57ecca4783f6cff493309 upstream.
The capability check in nfnetlink_rcv() verifies that the caller
has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
@@ -22,7 +24,8 @@ fingerprint list. Add new capable() checks so that they can't.
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
net/netfilter/xt_osf.c | 7 +++++++
1 file changed, 7 insertions(+)
@@ -60,5 +63,5 @@ index df8801e02a32..7eae0d0af89a 100644
return -EINVAL;
--
-2.15.1
+2.16.1
diff --git a/patches.fixes/ext2-Don-t-clear-SGID-when-inheriting-ACLs.patch b/patches.kernel.org/4.4.114-041-ext2-Don-t-clear-SGID-when-inheriting-ACLs.patch
index d6181bdb1a..9dfcecbe7e 100644
--- a/patches.fixes/ext2-Don-t-clear-SGID-when-inheriting-ACLs.patch
+++ b/patches.kernel.org/4.4.114-041-ext2-Don-t-clear-SGID-when-inheriting-ACLs.patch
@@ -1,10 +1,11 @@
-From 9b4217faac1a7e1fa06f0076e1fe88179daaa250 Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@suse.cz>
Date: Wed, 21 Jun 2017 14:34:15 +0200
-Subject: [PATCH 02/11] ext2: Don't clear SGID when inheriting ACLs
+Subject: [PATCH] ext2: Don't clear SGID when inheriting ACLs
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1030552
Git-commit: a992f2d38e4ce17b8c7d1f7f67b2de0eebdea069
-Patch-mainline: v4.13-rc2
-References: bsc#1030552
+
+commit a992f2d38e4ce17b8c7d1f7f67b2de0eebdea069 upstream.
When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
set, DIR1 is expected to have SGID bit set (and owning group equal to
@@ -18,17 +19,20 @@ SGID bit clearing and the mode has been properly set by
posix_acl_create() anyway.
Fixes: 073931017b49d9458aa351605b43a7e34598caef
-Cc: stable@vger.kernel.org
-Cc: linux-ext4@vger.kernel.org
+CC: stable@vger.kernel.org
+CC: linux-ext4@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- fs/ext2/acl.c | 36 ++++++++++++++++++++++--------------
+ fs/ext2/acl.c | 36 ++++++++++++++++++++++--------------
1 file changed, 22 insertions(+), 14 deletions(-)
+diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
+index d6aeb84e90b6..d882d873c5a3 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
-@@ -178,11 +178,8 @@ ext2_get_acl(struct inode *inode, int ty
+@@ -178,11 +178,8 @@ ext2_get_acl(struct inode *inode, int type)
return acl;
}
@@ -42,7 +46,7 @@ Signed-off-by: Jan Kara <jack@suse.cz>
{
int name_index;
void *value = NULL;
-@@ -192,13 +189,6 @@ ext2_set_acl(struct inode *inode, struct
+@@ -192,13 +189,6 @@ ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
switch(type) {
case ACL_TYPE_ACCESS:
name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
@@ -56,10 +60,11 @@ Signed-off-by: Jan Kara <jack@suse.cz>
break;
case ACL_TYPE_DEFAULT:
-@@ -225,6 +215,24 @@ ext2_set_acl(struct inode *inode, struct
+@@ -224,6 +214,24 @@ ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+ return error;
}
- /*
++/*
+ * inode->i_mutex: down
+ */
+int
@@ -77,11 +82,10 @@ Signed-off-by: Jan Kara <jack@suse.cz>
+ return __ext2_set_acl(inode, acl, type);
+}
+
-+/*
+ /*
* Initialize the ACLs of a new inode. Called from ext2_new_inode.
*
- * dir->i_mutex: down
-@@ -241,12 +249,12 @@ ext2_init_acl(struct inode *inode, struc
+@@ -241,12 +249,12 @@ ext2_init_acl(struct inode *inode, struct inode *dir)
return error;
if (default_acl) {
@@ -96,3 +100,6 @@ Signed-off-by: Jan Kara <jack@suse.cz>
posix_acl_release(acl);
}
return error;
+--
+2.16.1
+
diff --git a/patches.fixes/reiserfs-fix-race-in-prealloc-discard.patch b/patches.kernel.org/4.4.114-042-reiserfs-fix-race-in-prealloc-discard.patch
index 27f1a60be8..0ffc9e720e 100644
--- a/patches.fixes/reiserfs-fix-race-in-prealloc-discard.patch
+++ b/patches.kernel.org/4.4.114-042-reiserfs-fix-race-in-prealloc-discard.patch
@@ -1,7 +1,11 @@
From: Jeff Mahoney <jeffm@suse.com>
-Subject: reiserfs: fix race in prealloc discard
-References: bsc#987576
-Patch-mainline: Submitted, reiserfs-devel 13 Jan 2017
+Date: Thu, 22 Jun 2017 16:47:34 -0400
+Subject: [PATCH] reiserfs: fix race in prealloc discard
+References: bnc#1012382 bsc#987576
+Patch-mainline: 4.4.114
+Git-commit: 08db141b5313ac2f64b844fb5725b8d81744b417
+
+commit 08db141b5313ac2f64b844fb5725b8d81744b417 upstream.
The main loop in __discard_prealloc is protected by the reiserfs write lock
which is dropped across schedules like the BKL it replaced. The problem is
@@ -13,14 +17,18 @@ reiserfs_free_prealloc_block with the same block number. In the right
circumstances, it can cause the prealloc count to go negative.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
-
- bitmap.c | 12 ++++++++++--
+ fs/reiserfs/bitmap.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
+diff --git a/fs/reiserfs/bitmap.c b/fs/reiserfs/bitmap.c
+index dc198bc64c61..73705d4bb069 100644
--- a/fs/reiserfs/bitmap.c
+++ b/fs/reiserfs/bitmap.c
-@@ -479,9 +479,17 @@ static void __discard_prealloc(struct re
+@@ -513,9 +513,17 @@ static void __discard_prealloc(struct reiserfs_transaction_handle *th,
"inode has negative prealloc blocks count.");
#endif
while (ei->i_prealloc_count > 0) {
@@ -40,4 +48,6 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
dirty = 1;
}
if (dirty)
+--
+2.16.1
diff --git a/patches.fixes/reiserfs-don-t-preallocate-blocks-for-extended-attributes.patch b/patches.kernel.org/4.4.114-043-reiserfs-don-t-preallocate-blocks-for-extende.patch
index 0b2eafe690..b780649bf3 100644
--- a/patches.fixes/reiserfs-don-t-preallocate-blocks-for-extended-attributes.patch
+++ b/patches.kernel.org/4.4.114-043-reiserfs-don-t-preallocate-blocks-for-extende.patch
@@ -1,7 +1,11 @@
From: Jeff Mahoney <jeffm@suse.com>
-Subject: reiserfs: don't preallocate blocks for extended attributes
-References: bsc#990682
-Patch-mainline: Submitted, 22 Jun 2017
+Date: Thu, 22 Jun 2017 16:35:04 -0400
+Subject: [PATCH] reiserfs: don't preallocate blocks for extended attributes
+References: bnc#1012382 bsc#990682
+Patch-mainline: 4.4.114
+Git-commit: 54930dfeb46e978b447af0fb8ab4e181c1bf9d7a
+
+commit 54930dfeb46e978b447af0fb8ab4e181c1bf9d7a upstream.
Most extended attributes will fit in a single block. More importantly,
we drop the reference to the inode while holding the transaction open
@@ -10,13 +14,18 @@ may be evicted before it's removed from the transaction's prealloc list
which can cause memory corruption.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- fs/reiserfs/bitmap.c | 2 +-
+ fs/reiserfs/bitmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/fs/reiserfs/bitmap.c b/fs/reiserfs/bitmap.c
+index 73705d4bb069..edc8ef78b63f 100644
--- a/fs/reiserfs/bitmap.c
+++ b/fs/reiserfs/bitmap.c
-@@ -980,7 +980,7 @@ static int determine_prealloc_size(reise
+@@ -1136,7 +1136,7 @@ static int determine_prealloc_size(reiserfs_blocknr_hint_t * hint)
hint->prealloc_size = 0;
if (!hint->formatted_node && hint->preallocate) {
@@ -25,4 +34,6 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
&& hint->inode->i_size >=
REISERFS_SB(hint->th->t_super)->s_alloc_options.
preallocmin * hint->inode->i_sb->s_blocksize)
+--
+2.16.1
diff --git a/patches.fixes/reiserfs-Don-t-clear-SGID-when-inheriting-ACLs.patch b/patches.kernel.org/4.4.114-044-reiserfs-Don-t-clear-SGID-when-inheriting-ACL.patch
index 02654d371d..f5401673e2 100644
--- a/patches.fixes/reiserfs-Don-t-clear-SGID-when-inheriting-ACLs.patch
+++ b/patches.kernel.org/4.4.114-044-reiserfs-Don-t-clear-SGID-when-inheriting-ACL.patch
@@ -1,10 +1,11 @@
-From 04616cf1b4081e6ff39fac20be1515b3e2e1622a Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@suse.cz>
Date: Thu, 22 Jun 2017 09:32:49 +0200
-Subject: [PATCH 10/11] reiserfs: Don't clear SGID when inheriting ACLs
+Subject: [PATCH] reiserfs: Don't clear SGID when inheriting ACLs
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1030552
Git-commit: 6883cd7f68245e43e91e5ee583b7550abf14523f
-Patch-mainline: v4.13-rc2
-References: bsc#1030552
+
+commit 6883cd7f68245e43e91e5ee583b7550abf14523f upstream.
When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
set, DIR1 is expected to have SGID bit set (and owning group equal to
@@ -19,17 +20,19 @@ SGID bit clearing and the mode has been properly set by
posix_acl_create() anyway.
Fixes: 073931017b49d9458aa351605b43a7e34598caef
-Cc: stable@vger.kernel.org
-Cc: reiserfs-devel@vger.kernel.org
+CC: reiserfs-devel@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
-
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- fs/reiserfs/xattr_acl.c | 12 +++++++-----
+ fs/reiserfs/xattr_acl.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
+diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
+index 9b1824f35501..91b036902a17 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
-@@ -37,7 +37,14 @@ reiserfs_set_acl(struct inode *inode, st
+@@ -37,7 +37,14 @@ reiserfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
error = journal_begin(&th, inode->i_sb, jcreate_blocks);
reiserfs_write_unlock(inode->i_sb);
if (error == 0) {
@@ -44,7 +47,7 @@ Signed-off-by: Jan Kara <jack@suse.cz>
reiserfs_write_lock(inode->i_sb);
error2 = journal_end(&th);
reiserfs_write_unlock(inode->i_sb);
-@@ -245,11 +252,6 @@ __reiserfs_set_acl(struct reiserfs_trans
+@@ -245,11 +252,6 @@ __reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode,
switch (type) {
case ACL_TYPE_ACCESS:
name = POSIX_ACL_XATTR_ACCESS;
@@ -56,3 +59,6 @@ Signed-off-by: Jan Kara <jack@suse.cz>
break;
case ACL_TYPE_DEFAULT:
name = POSIX_ACL_XATTR_DEFAULT;
+--
+2.16.1
+
diff --git a/patches.fixes/0002-fs-fcntl-f_setown-avoid-undefined-behaviour.patch b/patches.kernel.org/4.4.114-045-fs-fcntl-f_setown-avoid-undefined-behaviour.patch
index 1f553bbc2c..48e97337f0 100644
--- a/patches.fixes/0002-fs-fcntl-f_setown-avoid-undefined-behaviour.patch
+++ b/patches.kernel.org/4.4.114-045-fs-fcntl-f_setown-avoid-undefined-behaviour.patch
@@ -1,9 +1,11 @@
From: Jiri Slaby <jslaby@suse.cz>
Date: Tue, 13 Jun 2017 13:35:51 +0200
-Subject: fs/fcntl: f_setown, avoid undefined behaviour
-Patch-mainline: 4.13-rc1
+Subject: [PATCH] fs/fcntl: f_setown, avoid undefined behaviour
+Patch-mainline: 4.4.114
+References: bnc#1006180 bnc#1012382
Git-commit: fc3dc67471461c0efcb1ed22fb7595121d65fad9
-References: bnc#1006180
+
+commit fc3dc67471461c0efcb1ed22fb7595121d65fad9 upstream.
fcntl(0, F_SETOWN, 0x80000000) triggers:
UBSAN: Undefined behaviour in fs/fcntl.c:118:7
@@ -28,21 +30,22 @@ Note that according to POSIX we can return EINVAL:
[v2] returns an error, v1 used to fail silently
[v3] implement proper check for the bad value INT_MIN
-[js] f_setown returns void in SP2 (kABI), so remove -EINVAL from return.
-
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Jeff Layton <jlayton@poochiereds.net>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
- fs/fcntl.c | 4 ++++
+ fs/fcntl.c | 4 ++++
1 file changed, 4 insertions(+)
+diff --git a/fs/fcntl.c b/fs/fcntl.c
+index 62376451bbce..5df914943d96 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
-@@ -113,6 +113,10 @@ void f_setown(struct file *filp, unsigne
+@@ -113,6 +113,10 @@ void f_setown(struct file *filp, unsigned long arg, int force)
int who = arg;
type = PIDTYPE_PID;
if (who < 0) {
@@ -53,3 +56,6 @@ Signed-off-by: Jeff Layton <jlayton@redhat.com>
type = PIDTYPE_PGID;
who = -who;
}
+--
+2.16.1
+
diff --git a/patches.drivers/scsi-libiscsi-fix-shifting-of-DID_REQUEUE-host-byte.patch b/patches.kernel.org/4.4.114-046-scsi-libiscsi-fix-shifting-of-DID_REQUEUE-hos.patch
index 812e3e98a8..296bb63e50 100644
--- a/patches.drivers/scsi-libiscsi-fix-shifting-of-DID_REQUEUE-host-byte.patch
+++ b/patches.kernel.org/4.4.114-046-scsi-libiscsi-fix-shifting-of-DID_REQUEUE-hos.patch
@@ -1,9 +1,11 @@
From: Johannes Thumshirn <jthumshirn@suse.de>
Date: Mon, 9 Oct 2017 13:33:19 +0200
-Subject: scsi: libiscsi: fix shifting of DID_REQUEUE host byte
-Patch-mainline: v4.14-rc6
+Subject: [PATCH] scsi: libiscsi: fix shifting of DID_REQUEUE host byte
+Patch-mainline: 4.4.114
+References: bnc#1012382 bsc#1056003
Git-commit: eef9ffdf9cd39b2986367bc8395e2772bc1284ba
-References: bsc#1056003
+
+commit eef9ffdf9cd39b2986367bc8395e2772bc1284ba upstream.
The SCSI host byte should be shifted left by 16 in order to have
scsi_decide_disposition() do the right thing (.i.e. requeue the
@@ -17,15 +19,17 @@ Cc: Bart Van Assche <Bart.VanAssche@sandisk.com>
Cc: Chris Leech <cleech@redhat.com>
Acked-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/scsi/libiscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
-index c62e8d111fd9..f8dc1601efd5 100644
+index c1ccf1ee99ea..efce04df2109 100644
--- a/drivers/scsi/libiscsi.c
+++ b/drivers/scsi/libiscsi.c
-@@ -1728,7 +1728,7 @@ int iscsi_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *sc)
+@@ -1727,7 +1727,7 @@ int iscsi_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *sc)
if (test_bit(ISCSI_SUSPEND_BIT, &conn->suspend_tx)) {
reason = FAILURE_SESSION_IN_RECOVERY;
@@ -35,5 +39,5 @@ index c62e8d111fd9..f8dc1601efd5 100644
}
--
-2.12.3
+2.16.1
diff --git a/patches.kernel.org/4.4.114-047-Revert-module-Add-retpoline-tag-to-VERMAGIC.patch b/patches.kernel.org/4.4.114-047-Revert-module-Add-retpoline-tag-to-VERMAGIC.patch
new file mode 100644
index 0000000000..8fdf58e387
--- /dev/null
+++ b/patches.kernel.org/4.4.114-047-Revert-module-Add-retpoline-tag-to-VERMAGIC.patch
@@ -0,0 +1,56 @@
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 24 Jan 2018 15:28:17 +0100
+Subject: [PATCH] Revert "module: Add retpoline tag to VERMAGIC"
+Patch-mainline: 4.4.114
+References: bnc#1012382 kabi
+Git-commit: 5132ede0fe8092b043dae09a7cc32b8ae7272baa
+
+commit 5132ede0fe8092b043dae09a7cc32b8ae7272baa upstream.
+
+This reverts commit 6cfb521ac0d5b97470883ff9b7facae264b7ab12.
+
+Turns out distros do not want to make retpoline as part of their "ABI",
+so this patch should not have been merged. Sorry Andi, this was my
+fault, I suggested it when your original patch was the "correct" way of
+doing this instead.
+
+Reported-by: Jiri Kosina <jikos@kernel.org>
+Fixes: 6cfb521ac0d5 ("module: Add retpoline tag to VERMAGIC")
+Acked-by: Andi Kleen <ak@linux.intel.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: rusty@rustcorp.com.au
+Cc: arjan.van.de.ven@intel.com
+Cc: jeyu@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ include/linux/vermagic.h | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
+index a3d04934aa96..6f8fbcf10dfb 100644
+--- a/include/linux/vermagic.h
++++ b/include/linux/vermagic.h
+@@ -24,16 +24,10 @@
+ #ifndef MODULE_ARCH_VERMAGIC
+ #define MODULE_ARCH_VERMAGIC ""
+ #endif
+-#ifdef RETPOLINE
+-#define MODULE_VERMAGIC_RETPOLINE "retpoline "
+-#else
+-#define MODULE_VERMAGIC_RETPOLINE ""
+-#endif
+
+ #define VERMAGIC_STRING \
+ UTS_RELEASE " " \
+ MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
+ MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
+- MODULE_ARCH_VERMAGIC \
+- MODULE_VERMAGIC_RETPOLINE
++ MODULE_ARCH_VERMAGIC
+
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-048-Input-trackpoint-force-3-buttons-if-0-button-.patch b/patches.kernel.org/4.4.114-048-Input-trackpoint-force-3-buttons-if-0-button-.patch
new file mode 100644
index 0000000000..4165d6b736
--- /dev/null
+++ b/patches.kernel.org/4.4.114-048-Input-trackpoint-force-3-buttons-if-0-button-.patch
@@ -0,0 +1,50 @@
+From: Aaron Ma <aaron.ma@canonical.com>
+Date: Fri, 19 Jan 2018 09:43:39 -0800
+Subject: [PATCH] Input: trackpoint - force 3 buttons if 0 button is reported
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: f5d07b9e98022d50720e38aa936fc11c67868ece
+
+commit f5d07b9e98022d50720e38aa936fc11c67868ece upstream.
+
+Lenovo introduced trackpoint compatible sticks with minimum PS/2 commands.
+They supposed to reply with 0x02, 0x03, or 0x04 in response to the
+"Read Extended ID" command, so we would know not to try certain extended
+commands. Unfortunately even some trackpoints reporting the original IBM
+version (0x01 firmware 0x0e) now respond with incorrect data to the "Get
+Extended Buttons" command:
+
+ thinkpad_acpi: ThinkPad BIOS R0DET87W (1.87 ), EC unknown
+ thinkpad_acpi: Lenovo ThinkPad E470, model 20H1004SGE
+
+ psmouse serio2: trackpoint: IBM TrackPoint firmware: 0x0e, buttons: 0/0
+
+Since there are no trackpoints without buttons, let's assume the trackpoint
+has 3 buttons when we get 0 response to the extended buttons query.
+
+Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
+Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=196253
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/input/mouse/trackpoint.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/input/mouse/trackpoint.c b/drivers/input/mouse/trackpoint.c
+index 7e2dc5e56632..0b49f29bf0da 100644
+--- a/drivers/input/mouse/trackpoint.c
++++ b/drivers/input/mouse/trackpoint.c
+@@ -383,6 +383,9 @@ int trackpoint_detect(struct psmouse *psmouse, bool set_properties)
+ if (trackpoint_read(&psmouse->ps2dev, TP_EXT_BTN, &button_info)) {
+ psmouse_warn(psmouse, "failed to get extended button data, assuming 3 buttons\n");
+ button_info = 0x33;
++ } else if (!button_info) {
++ psmouse_warn(psmouse, "got 0 in extended button data, assuming 3 buttons\n");
++ button_info = 0x33;
+ }
+
+ psmouse->private = kzalloc(sizeof(struct trackpoint_data), GFP_KERNEL);
+--
+2.16.1
+
diff --git a/patches.kernel.org/4.4.114-049-usb-usbip-Fix-possible-deadlocks-reported-by-.patch b/patches.kernel.org/4.4.114-049-usb-usbip-Fix-possible-deadlocks-reported-by-.patch
new file mode 100644
index 0000000000..daf429187c
--- /dev/null
+++ b/patches.kernel.org/4.4.114-049-usb-usbip-Fix-possible-deadlocks-reported-by-.patch
@@ -0,0 +1,634 @@
+From: Andrew Goodbody <andrew.goodbody@cambrionix.com>
+Date: Tue, 2 Feb 2016 17:36:39 +0000
+Subject: [PATCH] usb: usbip: Fix possible deadlocks reported by lockdep
+References: bnc#1012382
+Patch-mainline: 4.4.114
+Git-commit: 21619792d1eca7e772ca190ba68588e57f29595b
+
+commit 21619792d1eca7e772ca190ba68588e57f29595b upstream.
+
+Change spin_lock calls to spin_lock_irqsave to prevent
+attmpted recursive lock taking in interrupt context.
+
+This patch fixes Bug 109351
+ https://bugzilla.kernel.org/show_bug.cgi?id=109351
+
+Signed-off-by: Andrew Goodbody <andrew.goodbody@cambrionix.com>
+Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/usb/usbip/usbip_event.c | 5 ++-
+ drivers/usb/usbip/vhci_hcd.c | 88 ++++++++++++++++++++++++-----------------
+ drivers/usb/usbip/vhci_rx.c | 30 ++++++++------
+ drivers/usb/usbip/vhci_sysfs.c | 19 +++++----
+ drivers/usb/usbip/vhci_tx.c | 14 ++++---
+ 5 files changed, 91 insertions(+), 65 deletions(-)
+
+diff --git a/drivers/usb/usbip/usbip_event.c b/drivers/usb/usbip/usbip_event.c
+index 64933b993d7a..2580a32bcdff 100644
+--- a/drivers/usb/usbip/usbip_event.c
++++ b/drivers/usb/usbip/usbip_event.c
+@@ -117,11 +117,12 @@ EXPORT_SYMBOL_GPL(usbip_event_add);
+ int usbip_event_happened(struct usbip_device *ud)
+ {
+ int happened = 0;
++ unsigned long flags;
+
+- spin_lock(&ud->lock);
++ spin_lock_irqsave(&ud->lock, flags);
+ if (ud->event != 0)
+ happened = 1;
+- spin_unlock(&ud->lock);
++ spin_unlock_irqrestore(&ud->lock, flags);
+
+ return happened;
+ }
+diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
+index f9af04d7f02f..0aaa8e524afd 100644
+--- a/drivers/usb/usbip/vhci_hcd.c
++++ b/drivers/usb/usbip/vhci_hcd.c
+@@ -121,9 +121,11 @@ static void dump_port_status_diff(u32 prev_status, u32 new_status)
+
+ void rh_port_connect(int rhport, enum usb_device_speed speed)
+ {
++ unsigned long flags;
++
+ usbip_dbg_vhci_rh("rh_port_connect %d\n", rhport);
+
+- spin_lock(&the_controller->lock);
++ spin_lock_irqsave(&the_controller->lock, flags);
+
+ the_controller->port_status[rhport] |= USB_PORT_STAT_CONNECTION
+ | (1 << USB_PORT_FEAT_C_CONNECTION);
+@@ -139,22 +141,24 @@ void rh_port_connect(int rhport, enum usb_device_speed speed)
+ break;
+ }
+
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+
+ usb_hcd_poll_rh_status(vhci_to_hcd(the_controller));
+ }
+
+ static void rh_port_disconnect(int rhport)
+ {
++ unsigned long flags;
++
+ usbip_dbg_vhci_rh("rh_port_disconnect %d\n", rhport);
+
+- spin_lock(&the_controller->lock);
++ spin_lock_irqsave(&the_controller->lock, flags);
+
+ the_controller->port_status[rhport] &= ~USB_PORT_STAT_CONNECTION;
+ the_controller->port_status[rhport] |=
+ (1 << USB_PORT_FEAT_C_CONNECTION);
+
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+ usb_hcd_poll_rh_status(vhci_to_hcd(the_controller));
+ }
+
+@@ -182,13 +186,14 @@ static int vhci_hub_status(struct usb_hcd *hcd, char *buf)
+ int retval;
+ int rhport;
+ int changed = 0;
++ unsigned long flags;
+
+ retval = DIV_ROUND_UP(VHCI_NPORTS + 1, 8);
+ memset(buf, 0, retval);
+
+ vhci = hcd_to_vhci(hcd);
+
+- spin_lock(&vhci->lock);
++ spin_lock_irqsave(&vhci->lock, flags);
+ if (!HCD_HW_ACCESSIBLE(hcd)) {
+ usbip_dbg_vhci_rh("hw accessible flag not on?\n");
+ goto done;
+@@ -209,7 +214,7 @@ static int vhci_hub_status(struct usb_hcd *hcd, char *buf)
+ usb_hcd_resume_root_hub(hcd);
+
+ done:
+- spin_unlock(&vhci->lock);
++ spin_unlock_irqrestore(&vhci->lock, flags);
+ return changed ? retval : 0;
+ }
+
+@@ -236,6 +241,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
+ struct vhci_hcd *dum;
+ int retval = 0;
+ int rhport;
++ unsigned long flags;
+
+ u32 prev_port_status[VHCI_NPORTS];
+
+@@ -254,7 +260,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
+
+ dum = hcd_to_vhci(hcd);
+
+- spin_lock(&dum->lock);
++ spin_lock_irqsave(&dum->lock, flags);
+
+ /* store old status and compare now and old later */
+ if (usbip_dbg_flag_vhci_rh) {
+@@ -408,7 +414,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
+ }
+ usbip_dbg_vhci_rh(" bye\n");
+
+- spin_unlock(&dum->lock);
++ spin_unlock_irqrestore(&dum->lock, flags);
+
+ return retval;
+ }
+@@ -431,6 +437,7 @@ static void vhci_tx_urb(struct urb *urb)
+ {
+ struct vhci_device *vdev = get_vdev(urb->dev);
+ struct vhci_priv *priv;
++ unsigned long flags;
+
+ if (!vdev) {
+ pr_err("could not get virtual device");
+@@ -443,7 +450,7 @@ static void vhci_tx_urb(struct urb *urb)
+ return;
+ }
+
+- spin_lock(&vdev->priv_lock);
++ spin_lock_irqsave(&vdev->priv_lock, flags);
+
+ priv->seqnum = atomic_inc_return(&the_controller->seqnum);
+ if (priv->seqnum == 0xffff)
+@@ -457,7 +464,7 @@ static void vhci_tx_urb(struct urb *urb)
+ list_add_tail(&priv->list, &vdev->priv_tx);
+
+ wake_up(&vdev->waitq_tx);
+- spin_unlock(&vdev->priv_lock);
++ spin_unlock_irqrestore(&vdev->priv_lock, flags);
+ }
+
+ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb,
+@@ -466,15 +473,16 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb,
+ struct device *dev = &urb->dev->dev;
+ int ret = 0;
+ struct vhci_device *vdev;
++ unsigned long flags;
+
+ /* patch to usb_sg_init() is in 2.5.60 */
+ BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length);
+
+- spin_lock(&the_controller->lock);
++ spin_lock_irqsave(&the_controller->lock, flags);
+
+ if (urb->status != -EINPROGRESS) {
+ dev_err(dev, "URB already unlinked!, status %d\n", urb->status);
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+ return urb->status;
+ }
+
+@@ -486,7 +494,7 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb,
+ vdev->ud.status == VDEV_ST_ERROR) {
+ dev_err(dev, "enqueue for inactive port %d\n", vdev->rhport);
+ spin_unlock(&vdev->ud.lock);
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+ return -ENODEV;
+ }
+ spin_unlock(&vdev->ud.lock);
+@@ -559,14 +567,14 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb,
+
+ out:
+ vhci_tx_urb(urb);
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+
+ return 0;
+
+ no_need_xmit:
+ usb_hcd_unlink_urb_from_ep(hcd, urb);
+ no_need_unlink:
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+ if (!ret)
+ usb_hcd_giveback_urb(vhci_to_hcd(the_controller),
+ urb, urb->status);
+@@ -623,14 +631,15 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
+ {
+ struct vhci_priv *priv;
+ struct vhci_device *vdev;
++ unsigned long flags;
+
+- spin_lock(&the_controller->lock);
++ spin_lock_irqsave(&the_controller->lock, flags);
+
+ priv = urb->hcpriv;
+ if (!priv) {
+ /* URB was never linked! or will be soon given back by
+ * vhci_rx. */
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+ return -EIDRM;
+ }
+
+@@ -639,7 +648,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
+
+ ret = usb_hcd_check_unlink_urb(hcd, urb, status);
+ if (ret) {
+- spin_unlock(&the_controller->lock);
++ spin_unlock_irqrestore(&the_controller->lock, flags);
+ return ret;
<