merge origin

10 files changed, 744 insertions, 145 deletions

diff --git a/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch b/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch
new file mode 100644
index 000000000..b6fa0783c
--- /dev/null
+++ b/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch
@@ -0,0 +1,60 @@
+From e90ac616e4b1d49ec9092086b0e10108df12157d Mon Sep 17 00:00:00 2001
+From: Fedora Kernel Team <kernel-team@fedoraproject.org>
+Date: Tue, 5 Mar 2019 12:56:35 -0600
+Subject: [PATCH] Revert drm/i915/fbdev: Actually configure untiled displays
+
+---
+ drivers/gpu/drm/i915/intel_fbdev.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c
+index e0c02a9..9e2e998 100644
+--- a/drivers/gpu/drm/i915/intel_fbdev.c
++++ b/drivers/gpu/drm/i915/intel_fbdev.c
+@@ -336,8 +336,8 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
+ 				    bool *enabled, int width, int height)
+ {
+ 	struct drm_i915_private *dev_priv = to_i915(fb_helper->dev);
++	unsigned long conn_configured, conn_seq, mask;
+ 	unsigned int count = min(fb_helper->connector_count, BITS_PER_LONG);
+-	unsigned long conn_configured, conn_seq;
+ 	int i, j;
+ 	bool *save_enabled;
+ 	bool fallback = true, ret = true;
+@@ -355,9 +355,10 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
+ 		drm_modeset_backoff(&ctx);
+
+ 	memcpy(save_enabled, enabled, count);
+-	conn_seq = GENMASK(count - 1, 0);
++	mask = GENMASK(count - 1, 0);
+ 	conn_configured = 0;
+ retry:
++	conn_seq = conn_configured;
+ 	for (i = 0; i < count; i++) {
+ 		struct drm_fb_helper_connector *fb_conn;
+ 		struct drm_connector *connector;
+@@ -370,8 +371,7 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
+ 		if (conn_configured & BIT(i))
+ 			continue;
+
+-		/* First pass, only consider tiled connectors */
+-		if (conn_seq == GENMASK(count - 1, 0) && !connector->has_tile)
++		if (conn_seq == 0 && !connector->has_tile)
+ 			continue;
+
+ 		if (connector->status == connector_status_connected)
+@@ -475,10 +475,8 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
+ 		conn_configured |= BIT(i);
+ 	}
+
+-	if (conn_configured != conn_seq) { /* repeat until no more are found */
+-		conn_seq = conn_configured;
++	if ((conn_configured & mask) != mask && conn_configured != conn_seq)
+ 		goto retry;
+-	}
+
+ 	/*
+ 	 * If the BIOS didn't enable everything it could, fall back to have the
+-- 
+2.20.1
+
diff --git a/0001-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch b/0001-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch
new file mode 100644
index 000000000..0f2eacbc9
--- /dev/null
+++ b/0001-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch
@@ -0,0 +1,105 @@
+From a4176ec356c73a46c07c181c6d04039fafa34a9f Mon Sep 17 00:00:00 2001
+From: Arend van Spriel <arend.vanspriel@broadcom.com>
+Date: Thu, 14 Feb 2019 13:43:48 +0100
+Subject: [PATCH] brcmfmac: add subtype check for event handling in data path
+
+For USB there is no separate channel being used to pass events
+from firmware to the host driver and as such are passed over the
+data path. In order to detect mock event messages an additional
+check is needed on event subtype. This check is added conditionally
+using unlikely() keyword.
+
+Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Reviewed-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ .../wireless/broadcom/brcm80211/brcmfmac/core.c  |  5 +++--
+ .../wireless/broadcom/brcm80211/brcmfmac/fweh.h  | 16 ++++++++++++----
+ .../broadcom/brcm80211/brcmfmac/msgbuf.c         |  2 +-
+ 3 files changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+index e772c0845638..a368ba6e7344 100644
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+@@ -519,7 +519,8 @@ void brcmf_rx_frame(struct device *dev, struct sk_buff *skb, bool handle_event)
+ 	} else {
+ 		/* Process special event packets */
+ 		if (handle_event)
+-			brcmf_fweh_process_skb(ifp->drvr, skb);
++			brcmf_fweh_process_skb(ifp->drvr, skb,
++					       BCMILCP_SUBTYPE_VENDOR_LONG);
+
+ 		brcmf_netif_rx(ifp, skb);
+ 	}
+@@ -536,7 +537,7 @@ void brcmf_rx_event(struct device *dev, struct sk_buff *skb)
+ 	if (brcmf_rx_hdrpull(drvr, skb, &ifp))
+ 		return;
+
+-	brcmf_fweh_process_skb(ifp->drvr, skb);
++	brcmf_fweh_process_skb(ifp->drvr, skb, 0);
+ 	brcmu_pkt_buf_free_skb(skb);
+ }
+
+diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h
+index 31f3e8e83a21..7027243db17e 100644
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h
+@@ -211,7 +211,7 @@ enum brcmf_fweh_event_code {
+  */
+ #define BRCM_OUI				"\x00\x10\x18"
+ #define BCMILCP_BCM_SUBTYPE_EVENT		1
+-
++#define BCMILCP_SUBTYPE_VENDOR_LONG		32769
+
+ /**
+  * struct brcm_ethhdr - broadcom specific ether header.
+@@ -334,10 +334,10 @@ void brcmf_fweh_process_event(struct brcmf_pub *drvr,
+ void brcmf_fweh_p2pdev_setup(struct brcmf_if *ifp, bool ongoing);
+
+ static inline void brcmf_fweh_process_skb(struct brcmf_pub *drvr,
+-					  struct sk_buff *skb)
++					  struct sk_buff *skb, u16 stype)
+ {
+ 	struct brcmf_event *event_packet;
+-	u16 usr_stype;
++	u16 subtype, usr_stype;
+
+ 	/* only process events when protocol matches */
+ 	if (skb->protocol != cpu_to_be16(ETH_P_LINK_CTL))
+@@ -346,8 +346,16 @@ static inline void brcmf_fweh_process_skb(struct brcmf_pub *drvr,
+ 	if ((skb->len + ETH_HLEN) < sizeof(*event_packet))
+ 		return;
+
+-	/* check for BRCM oui match */
+ 	event_packet = (struct brcmf_event *)skb_mac_header(skb);
++
++	/* check subtype if needed */
++	if (unlikely(stype)) {
++		subtype = get_unaligned_be16(&event_packet->hdr.subtype);
++		if (subtype != stype)
++			return;
++	}
++
++	/* check for BRCM oui match */
+ 	if (memcmp(BRCM_OUI, &event_packet->hdr.oui[0],
+ 		   sizeof(event_packet->hdr.oui)))
+ 		return;
+diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c
+index 4e8397a0cbc8..ee922b052561 100644
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c
+@@ -1116,7 +1116,7 @@ static void brcmf_msgbuf_process_event(struct brcmf_msgbuf *msgbuf, void *buf)
+
+ 	skb->protocol = eth_type_trans(skb, ifp->ndev);
+
+-	brcmf_fweh_process_skb(ifp->drvr, skb);
++	brcmf_fweh_process_skb(ifp->drvr, skb, 0);
+
+ exit:
+ 	brcmu_pkt_buf_free_skb(skb);
+-- 
+2.20.1
+
diff --git a/0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch b/0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
deleted file mode 100644
index e0c6f73a3..000000000
--- a/0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 62c9d2674b31d4c8a674bee86b7edc6da2803aea Mon Sep 17 00:00:00 2001
-From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
-Date: Sat, 2 Mar 2019 09:17:32 +0800
-Subject: [PATCH] inotify: Fix fsnotify_mark refcount leak in
- inotify_update_existing_watch()
-
-Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for
-inotify_add_watch()") forgot to call fsnotify_put_mark() with
-IN_MASK_CREATE after fsnotify_find_mark()
-
-Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()")
-Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
-Signed-off-by: Jan Kara <jack@suse.cz>
----
- fs/notify/inotify/inotify_user.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
-index e2901fbb9f76..7b53598c8804 100644
---- a/fs/notify/inotify/inotify_user.c
-+++ b/fs/notify/inotify/inotify_user.c
-@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
- 	fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
- 	if (!fsn_mark)
- 		return -ENOENT;
--	else if (create)
--		return -EEXIST;
-+	else if (create) {
-+		ret = -EEXIST;
-+		goto out;
-+	}
-
- 	i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
-
-@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
- 	/* return the wd */
- 	ret = i_mark->wd;
-
-+out:
- 	/* match the get from fsnotify_find_mark() */
- 	fsnotify_put_mark(fsn_mark);
-
--- 
-2.20.1
-
diff --git a/0001-integrity-KEYS-add-a-reference-to-platform-keyring.patch b/0001-integrity-KEYS-add-a-reference-to-platform-keyring.patch
new file mode 100644
index 000000000..816c4f0ea
--- /dev/null
+++ b/0001-integrity-KEYS-add-a-reference-to-platform-keyring.patch
@@ -0,0 +1,85 @@
+From 219a3e8676f3132d27b530c7d2d6bcab89536b57 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Mon, 21 Jan 2019 17:59:28 +0800
+Subject: [PATCH] integrity, KEYS: add a reference to platform keyring
+
+commit 9dc92c45177a ("integrity: Define a trusted platform keyring")
+introduced a .platform keyring for storing preboot keys, used for
+verifying kernel image signatures. Currently only IMA-appraisal is able
+to use the keyring to verify kernel images that have their signature
+stored in xattr.
+
+This patch exposes the .platform keyring, making it accessible for
+verifying PE signed kernel images as well.
+
+Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
+Signed-off-by: Kairui Song <kasong@redhat.com>
+Cc: David Howells <dhowells@redhat.com>
+[zohar@linux.ibm.com: fixed checkpatch errors, squashed with patch fix]
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+---
+ certs/system_keyring.c        | 10 ++++++++++
+ include/keys/system_keyring.h |  8 ++++++++
+ security/integrity/digsig.c   |  3 +++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c
+index 81728717523d..da055e901df4 100644
+--- a/certs/system_keyring.c
++++ b/certs/system_keyring.c
+@@ -24,6 +24,9 @@ static struct key *builtin_trusted_keys;
+ #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
+ static struct key *secondary_trusted_keys;
+ #endif
++#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
++static struct key *platform_trusted_keys;
++#endif
+ 
+ extern __initconst const u8 system_certificate_list[];
+ extern __initconst const unsigned long system_certificate_list_size;
+@@ -266,3 +269,10 @@ int verify_pkcs7_signature(const void *data, size_t len,
+ EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
+ 
+ #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
++
++#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
++void __init set_platform_trusted_keys(struct key *keyring)
++{
++	platform_trusted_keys = keyring;
++}
++#endif
+diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
+index 359c2f936004..42a93eda331c 100644
+--- a/include/keys/system_keyring.h
++++ b/include/keys/system_keyring.h
+@@ -61,5 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
+ }
+ #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
+ 
++#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
++	defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
++extern void __init set_platform_trusted_keys(struct key *keyring);
++#else
++static inline void set_platform_trusted_keys(struct key *keyring)
++{
++}
++#endif
+ 
+ #endif /* _KEYS_SYSTEM_KEYRING_H */
+diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
+index f45d6edecf99..e19c2eb72c51 100644
+--- a/security/integrity/digsig.c
++++ b/security/integrity/digsig.c
+@@ -87,6 +87,9 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm,
+ 		pr_info("Can't allocate %s keyring (%d)\n",
+ 			keyring_name[id], err);
+ 		keyring[id] = NULL;
++	} else {
++		if (id == INTEGRITY_KEYRING_PLATFORM)
++			set_platform_trusted_keys(keyring[id]);
+ 	}
+ 
+ 	return err;
+-- 
+2.20.1
+
diff --git a/0001-kexec-KEYS-Make-use-of-platform-keyring-for-signatur.patch b/0001-kexec-KEYS-Make-use-of-platform-keyring-for-signatur.patch
new file mode 100644
index 000000000..af0d926e7
--- /dev/null
+++ b/0001-kexec-KEYS-Make-use-of-platform-keyring-for-signatur.patch
@@ -0,0 +1,98 @@
+From 278311e417be60f7caef6fcb12bda4da2711ceff Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Mon, 21 Jan 2019 17:59:29 +0800
+Subject: [PATCH] kexec, KEYS: Make use of platform keyring for signature
+ verify
+
+This patch allows the kexec_file_load syscall to verify the PE signed
+kernel image signature based on the preboot keys stored in the .platform
+keyring, as fall back, if the signature verification failed due to not
+finding the public key in the secondary or builtin keyrings.
+
+This commit adds a VERIFY_USE_PLATFORM_KEYRING similar to previous
+VERIFY_USE_SECONDARY_KEYRING indicating that verify_pkcs7_signature
+should verify the signature using platform keyring.  Also, decrease
+the error message log level when verification failed with -ENOKEY,
+so that if called tried multiple time with different keyring it
+won't generate extra noises.
+
+Signed-off-by: Kairui Song <kasong@redhat.com>
+Cc: David Howells <dhowells@redhat.com>
+Acked-by: Dave Young <dyoung@redhat.com> (for kexec_file_load part)
+[zohar@linux.ibm.com: tweaked the first paragraph of the patch description,
+ and fixed checkpatch warning.]
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+---
+ arch/x86/kernel/kexec-bzimage64.c | 14 +++++++++++---
+ certs/system_keyring.c            | 13 ++++++++++++-
+ include/linux/verification.h      |  1 +
+ 3 files changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
+index 278cd07228dd..e1215a600064 100644
+--- a/arch/x86/kernel/kexec-bzimage64.c
++++ b/arch/x86/kernel/kexec-bzimage64.c
+@@ -531,9 +531,17 @@ static int bzImage64_cleanup(void *loader_data)
+ #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
+ static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
+ {
+-	return verify_pefile_signature(kernel, kernel_len,
+-				       VERIFY_USE_SECONDARY_KEYRING,
+-				       VERIFYING_KEXEC_PE_SIGNATURE);
++	int ret;
++
++	ret = verify_pefile_signature(kernel, kernel_len,
++				      VERIFY_USE_SECONDARY_KEYRING,
++				      VERIFYING_KEXEC_PE_SIGNATURE);
++	if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
++		ret = verify_pefile_signature(kernel, kernel_len,
++					      VERIFY_USE_PLATFORM_KEYRING,
++					      VERIFYING_KEXEC_PE_SIGNATURE);
++	}
++	return ret;
+ }
+ #endif
+ 
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c
+index da055e901df4..c05c29ae4d5d 100644
+--- a/certs/system_keyring.c
++++ b/certs/system_keyring.c
+@@ -240,11 +240,22 @@ int verify_pkcs7_signature(const void *data, size_t len,
+ #else
+ 		trusted_keys = builtin_trusted_keys;
+ #endif
++	} else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) {
++#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
++		trusted_keys = platform_trusted_keys;
++#else
++		trusted_keys = NULL;
++#endif
++		if (!trusted_keys) {
++			ret = -ENOKEY;
++			pr_devel("PKCS#7 platform keyring is not available\n");
++			goto error;
++		}
+ 	}
+ 	ret = pkcs7_validate_trust(pkcs7, trusted_keys);
+ 	if (ret < 0) {
+ 		if (ret == -ENOKEY)
+-			pr_err("PKCS#7 signature not signed with a trusted key\n");
++			pr_devel("PKCS#7 signature not signed with a trusted key\n");
+ 		goto error;
+ 	}
+ 
+diff --git a/include/linux/verification.h b/include/linux/verification.h
+index cfa4730d607a..018fb5f13d44 100644
+--- a/include/linux/verification.h
++++ b/include/linux/verification.h
+@@ -17,6 +17,7 @@
+  * should be used.
+  */
+ #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
++#define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
+ 
+ /*
+  * The use to which an asymmetric key is being put.
+-- 
+2.20.1
+
diff --git a/KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch b/KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch
deleted file mode 100644
index 1cc1e5370..000000000
--- a/KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From fb2ac204a70da565de9ef9a9d6d69a40c2d59727 Mon Sep 17 00:00:00 2001
-From: David Howells <dhowells@redhat.com>
-Date: Fri, 5 May 2017 08:21:56 +0100
-Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
- secondary keyring
-
-Allow keys to be added to the system secondary certificates keyring during
-kernel initialisation in an unrestricted fashion.  Such keys are implicitly
-trusted and don't have their trust chains checked on link.
-
-This allows keys in the UEFI database to be added in secure boot mode for
-the purposes of module signing.
-
-Signed-off-by: David Howells <dhowells@redhat.com>
----
- certs/internal.h       | 18 ++++++++++++++++++
- certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
- 2 files changed, 51 insertions(+)
- create mode 100644 certs/internal.h
-
-diff --git a/certs/internal.h b/certs/internal.h
-new file mode 100644
-index 0000000..5dcbefb
---- /dev/null
-+++ b/certs/internal.h
-@@ -0,0 +1,18 @@
-+/* Internal definitions
-+ *
-+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
-+ * Written by David Howells (dhowells@redhat.com)
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public Licence
-+ * as published by the Free Software Foundation; either version
-+ * 2 of the Licence, or (at your option) any later version.
-+ */
-+
-+/*
-+ * system_keyring.c
-+ */
-+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
-+extern void __init add_trusted_secondary_key(const char *source,
-+					     const void *data, size_t len);
-+#endif
-diff --git a/certs/system_keyring.c b/certs/system_keyring.c
-index 6251d1b..5ac8ba6 100644
---- a/certs/system_keyring.c
-+++ b/certs/system_keyring.c
-@@ -18,6 +18,7 @@
- #include <keys/asymmetric-type.h>
- #include <keys/system_keyring.h>
- #include <crypto/pkcs7.h>
-+#include "internal.h"
-
- static struct key *builtin_trusted_keys;
- #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
-@@ -265,3 +266,35 @@ int verify_pkcs7_signature(const void *data, size_t len,
- EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
-
- #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
-+
-+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
-+/**
-+ * add_trusted_secondary_key - Add to secondary keyring with no validation
-+ * @source: Source of key
-+ * @data: The blob holding the key
-+ * @len: The length of the data blob
-+ *
-+ * Add a key to the secondary keyring without checking its trust chain.  This
-+ * is available only during kernel initialisation.
-+ */
-+void __init add_trusted_secondary_key(const char *source,
-+				      const void *data, size_t len)
-+{
-+	key_ref_t key;
-+
-+	key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
-+				   "asymmetric",
-+				   NULL, data, len,
-+				   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+				   KEY_USR_VIEW,
-+				   KEY_ALLOC_NOT_IN_QUOTA |
-+				   KEY_ALLOC_BYPASS_RESTRICTION);
-+
-+	if (IS_ERR(key))
-+		pr_err("Problem loading %s X.509 certificate (%ld)\n",
-+		       source, PTR_ERR(key));
-+	else
-+		pr_notice("Loaded %s cert '%s' linked to secondary sys keyring\n",
-+			  source, key_ref_to_ptr(key)->description);
-+}
-+#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
--- 
-2.9.3
-
diff --git a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
new file mode 100644
index 000000000..a13dcdba5
--- /dev/null
+++ b/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
@@ -0,0 +1,54 @@
+From 70cecc97a4fc1667472224558a50dd7b6c42c789 Mon Sep 17 00:00:00 2001
+From: Robert Holmes <robeholmes@gmail.com>
+Date: Tue, 23 Apr 2019 07:39:29 +0000
+Subject: [PATCH] KEYS: Make use of platform keyring for module signature
+ verify
+
+This patch completes commit 278311e417be ("kexec, KEYS: Make use of
+platform keyring for signature verify") which, while adding the
+platform keyring for bzImage verification, neglected to also add
+this keyring for module verification.
+
+As such, kernel modules signed with keys from the MokList variable
+were not successfully verified.
+
+Signed-off-by: Robert Holmes <robeholmes@gmail.com>
+---
+ kernel/module_signing.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/module_signing.c b/kernel/module_signing.c
+index 6b9a926fd86b..cf94220e9154 100644
+--- a/kernel/module_signing.c
++++ b/kernel/module_signing.c
+@@ -49,6 +49,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
+ {
+ 	struct module_signature ms;
+ 	size_t sig_len, modlen = info->len;
++	int ret;
+ 
+ 	pr_devel("==>%s(,%zu)\n", __func__, modlen);
+ 
+@@ -82,8 +83,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
+ 		return -EBADMSG;
+ 	}
+ 
+-	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+-				      VERIFY_USE_SECONDARY_KEYRING,
+-				      VERIFYING_MODULE_SIGNATURE,
+-				      NULL, NULL);
++	ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
++				     VERIFY_USE_SECONDARY_KEYRING,
++				     VERIFYING_MODULE_SIGNATURE,
++				     NULL, NULL);
++	if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
++		ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
++					     VERIFY_USE_PLATFORM_KEYRING,
++					     VERIFYING_MODULE_SIGNATURE,
++					     NULL, NULL);
++	}
++	return ret;
+ }
+-- 
+2.21.0
+
diff --git a/kernel.spec b/kernel.spec
index 6a7f6fb56..df73b8a89 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -557,8 +557,6 @@ Patch122: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
 
 Patch201: efi-lockdown.patch
 
-Patch202: KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch
-
 # bz 1497559 - Make kernel MODSIGN code not error on missing variables
 Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
 Patch208: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
@@ -643,8 +641,8 @@ Patch512: v3-tpm-fix-an-invalid-condition-in-tpm_common_poll.patch
 # rhbz 1683382
 Patch515: nfsv4.1-avoid-false-retries.patch
 
-# CVE-2019-9857 rhbz 1694758 1694759
-Patch516: 0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
+# https://bugs.freedesktop.org/show_bug.cgi?id=109806
+Patch516: 0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch
 
 # CVE-2019-3882 rhbz 1689426 1695571
 Patch517: vfio-type1-limit-dma-mappings-per-container.patch
@@ -652,6 +650,21 @@ Patch517: vfio-type1-limit-dma-mappings-per-container.patch
 # CVE-2019-9500 rhbz 1701224 1701226
 Patch518: 0001-brcmfmac-assure-SSID-length-from-firmware-is-limited.patch
 
+# rhbz 1701077
+Patch519: nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch
+
+# CVE-2019-9503 rhbz 1701842 1701843
+Patch520: 0001-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1701096
+Patch521: 0001-integrity-KEYS-add-a-reference-to-platform-keyring.patch
+Patch522: 0001-kexec-KEYS-Make-use-of-platform-keyring-for-signatur.patch
+# Submitted upstream at https://lkml.org/lkml/2019/4/23/89
+Patch523: KEYS-Make-use-of-platform-keyring-for-module-signature.patch
+
+# CVE-2019-3900 rhbz 1698757 1702940
+Patch524: net-vhost_net-fix-possible-infinite-loop.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1928,8 +1941,24 @@ fi
 #
 #
 %changelog
+* Thu Apr 25 2019 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix CVE-2019-3900 (rhbz 1698757 1702940)
+
+* Tue Apr 23 2019 Laura Abbott <labbott@redhat.com> - 5.0.9-301
+- Bring in DRM workaround
+
+* Tue Apr 23 2019 Jeremy Cline <jcline@redhat.com>
+- Allow modules signed by keys in the platform keyring (rbhz 1701096)
+
+* Tue Apr 23 2019 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix CVE-2019-9503 rhbz 1701842 1701843
+
+* Mon Apr 22 2019 Laura Abbott <labbott@redhat.com> - 5.0.9-300
+- Linux v5.0.9
+- Fix NFS server crash (rhbz 1701077)
+
 * Thu Apr 18 2019 Justin M. Forbes <jforbes@fedoraproject.org>
-- Fix CVE-2019-9500 (rhbz 1701224 1701226)
+- Fix CVE-2019-9500 (rhbz 1701224 1701225)
 
 * Wed Apr 17 2019 Laura Abbott <labbott@redhat.com> - 5.0.8-300
 - Linux v5.0.8
diff --git a/net-vhost_net-fix-possible-infinite-loop.patch b/net-vhost_net-fix-possible-infinite-loop.patch
new file mode 100644
index 000000000..f45d84bb2
--- /dev/null
+++ b/net-vhost_net-fix-possible-infinite-loop.patch
@@ -0,0 +1,200 @@
+From patchwork Thu Apr 25 07:33:19 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
+X-Patchwork-Id: 10916185
+Return-Path: <kvm-owner@kernel.org>
+Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
+ [172.30.200.125])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E4F501575
+	for <patchwork-kvm@patchwork.kernel.org>;
+ Thu, 25 Apr 2019 07:33:33 +0000 (UTC)
+Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D276828BD7
+	for <patchwork-kvm@patchwork.kernel.org>;
+ Thu, 25 Apr 2019 07:33:33 +0000 (UTC)
+Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
+	id C64AC28BE1; Thu, 25 Apr 2019 07:33:33 +0000 (UTC)
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+	pdx-wl-mail.web.codeaurora.org
+X-Spam-Level: 
+X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
+	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
+Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 590B228BD7
+	for <patchwork-kvm@patchwork.kernel.org>;
+ Thu, 25 Apr 2019 07:33:33 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S1726957AbfDYHd1 (ORCPT
+        <rfc822;patchwork-kvm@patchwork.kernel.org>);
+        Thu, 25 Apr 2019 03:33:27 -0400
+Received: from mx1.redhat.com ([209.132.183.28]:60130 "EHLO mx1.redhat.com"
+        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+        id S1726317AbfDYHd1 (ORCPT <rfc822;kvm@vger.kernel.org>);
+        Thu, 25 Apr 2019 03:33:27 -0400
+Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
+ [10.5.11.22])
+        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
+        (No client certificate requested)
+        by mx1.redhat.com (Postfix) with ESMTPS id C2BCE3002619;
+        Thu, 25 Apr 2019 07:33:26 +0000 (UTC)
+Received: from hp-dl380pg8-02.lab.eng.pek2.redhat.com
+ (hp-dl380pg8-02.lab.eng.pek2.redhat.com [10.73.8.12])
+        by smtp.corp.redhat.com (Postfix) with ESMTP id 5DA021001DDB;
+        Thu, 25 Apr 2019 07:33:21 +0000 (UTC)
+From: Jason Wang <jasowang@redhat.com>
+To: mst@redhat.com, jasowang@redhat.com, kvm@vger.kernel.org,
+        virtualization@lists.linux-foundation.org, netdev@vger.kernel.org,
+        linux-kernel@vger.kernel.org
+Cc: ppandit@redhat.com
+Subject: [PATCH net] vhost_net: fix possible infinite loop
+Date: Thu, 25 Apr 2019 03:33:19 -0400
+Message-Id: <1556177599-56248-1-git-send-email-jasowang@redhat.com>
+X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
+X-Greylist: Sender IP whitelisted,
+ not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]);
+ Thu, 25 Apr 2019 07:33:26 +0000 (UTC)
+Sender: kvm-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <kvm.vger.kernel.org>
+X-Mailing-List: kvm@vger.kernel.org
+X-Virus-Scanned: ClamAV using ClamSMTP
+
+When the rx buffer is too small for a packet, we will discard the vq
+descriptor and retry it for the next packet:
+
+while ((sock_len = vhost_net_rx_peek_head_len(net, sock->sk,
+					      &busyloop_intr))) {
+...
+	/* On overrun, truncate and discard */
+	if (unlikely(headcount > UIO_MAXIOV)) {
+		iov_iter_init(&msg.msg_iter, READ, vq->iov, 1, 1);
+		err = sock->ops->recvmsg(sock, &msg,
+					 1, MSG_DONTWAIT | MSG_TRUNC);
+		pr_debug("Discarded rx packet: len %zd\n", sock_len);
+		continue;
+	}
+...
+}
+
+This makes it possible to trigger a infinite while..continue loop
+through the co-opreation of two VMs like:
+
+1) Malicious VM1 allocate 1 byte rx buffer and try to slow down the
+   vhost process as much as possible e.g using indirect descriptors or
+   other.
+2) Malicious VM2 generate packets to VM1 as fast as possible
+
+Fixing this by checking against weight at the end of RX and TX
+loop. This also eliminate other similar cases when:
+
+- userspace is consuming the packets in the meanwhile
+- theoretical TOCTOU attack if guest moving avail index back and forth
+  to hit the continue after vhost find guest just add new buffers
+
+This addresses CVE-2019-3900.
+
+Fixes: d8316f3991d20 ("vhost: fix total length when packets are too short")
+Fixes: 3a4d5c94e9593 ("vhost_net: a kernel-level virtio server")
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ drivers/vhost/net.c | 41 +++++++++++++++++++++--------------------
+ 1 file changed, 21 insertions(+), 20 deletions(-)
+
+diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
+index df51a35..fb46e6b 100644
+--- a/drivers/vhost/net.c
++++ b/drivers/vhost/net.c
+@@ -778,8 +778,9 @@ static void handle_tx_copy(struct vhost_net *net, struct socket *sock)
+ 	int err;
+ 	int sent_pkts = 0;
+ 	bool sock_can_batch = (sock->sk->sk_sndbuf == INT_MAX);
++	bool next_round = false;
+ 
+-	for (;;) {
++	do {
+ 		bool busyloop_intr = false;
+ 
+ 		if (nvq->done_idx == VHOST_NET_BATCH)
+@@ -845,11 +846,10 @@ static void handle_tx_copy(struct vhost_net *net, struct socket *sock)
+ 		vq->heads[nvq->done_idx].id = cpu_to_vhost32(vq, head);
+ 		vq->heads[nvq->done_idx].len = 0;
+ 		++nvq->done_idx;
+-		if (vhost_exceeds_weight(++sent_pkts, total_len)) {
+-			vhost_poll_queue(&vq->poll);
+-			break;
+-		}
+-	}
++	} while (!(next_round = vhost_exceeds_weight(++sent_pkts, total_len)));
++
++	if (next_round)
++		vhost_poll_queue(&vq->poll);
+ 
+ 	vhost_tx_batch(net, nvq, sock, &msg);
+ }
+@@ -873,8 +873,9 @@ static void handle_tx_zerocopy(struct vhost_net *net, struct socket *sock)
+ 	struct vhost_net_ubuf_ref *uninitialized_var(ubufs);
+ 	bool zcopy_used;
+ 	int sent_pkts = 0;
++	bool next_round = false;
+ 
+-	for (;;) {
++	do {
+ 		bool busyloop_intr;
+ 
+ 		/* Release DMAs done buffers first */
+@@ -951,11 +952,10 @@ static void handle_tx_zerocopy(struct vhost_net *net, struct socket *sock)
+ 		else
+ 			vhost_zerocopy_signal_used(net, vq);
+ 		vhost_net_tx_packet(net);
+-		if (unlikely(vhost_exceeds_weight(++sent_pkts, total_len))) {
+-			vhost_poll_queue(&vq->poll);
+-			break;
+-		}
+-	}
++	} while (!(next_round = vhost_exceeds_weight(++sent_pkts, total_len)));
++
++	if (next_round)
++		vhost_poll_queue(&vq->poll);
+ }
+ 
+ /* Expects to be always run from workqueue - which acts as
+@@ -1134,6 +1134,7 @@ static void handle_rx(struct vhost_net *net)
+ 	struct iov_iter fixup;
+ 	__virtio16 num_buffers;
+ 	int recv_pkts = 0;
++	bool next_round = false;
+ 
+ 	mutex_lock_nested(&vq->mutex, VHOST_NET_VQ_RX);
+ 	sock = vq->private_data;
+@@ -1153,8 +1154,11 @@ static void handle_rx(struct vhost_net *net)
+ 		vq->log : NULL;
+ 	mergeable = vhost_has_feature(vq, VIRTIO_NET_F_MRG_RXBUF);
+ 
+-	while ((sock_len = vhost_net_rx_peek_head_len(net, sock->sk,
+-						      &busyloop_intr))) {
++	do {
++		sock_len = vhost_net_rx_peek_head_len(net, sock->sk,
++						      &busyloop_intr);
++		if (!sock_len)
++			break;
+ 		sock_len += sock_hlen;
+ 		vhost_len = sock_len + vhost_hlen;
+ 		headcount = get_rx_bufs(vq, vq->heads + nvq->done_idx,
+@@ -1239,12 +1243,9 @@ static void handle_rx(struct vhost_net *net)
+ 			vhost_log_write(vq, vq_log, log, vhost_len,
+ 					vq->iov, in);
+ 		total_len += vhost_len;
+-		if (unlikely(vhost_exceeds_weight(++recv_pkts, total_len))) {
+-			vhost_poll_queue(&vq->poll);
+-			goto out;
+-		}
+-	}
+-	if (unlikely(busyloop_intr))
++	} while (!(next_round = vhost_exceeds_weight(++recv_pkts, total_len)));
++
++	if (unlikely(busyloop_intr || next_round))
+ 		vhost_poll_queue(&vq->poll);
+ 	else
+ 		vhost_net_enable_vq(net, vq);
diff --git a/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch b/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch
new file mode 100644
index 000000000..0b4cfbe16
--- /dev/null
+++ b/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch
@@ -0,0 +1,108 @@
+From patchwork Sat Apr 20 10:15:48 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Jeff Layton <jlayton@kernel.org>
+X-Patchwork-Id: 10910147
+Return-Path: <linux-nfs-owner@kernel.org>
+Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
+ [172.30.200.125])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C1AE14DB
+	for <patchwork-linux-nfs@patchwork.kernel.org>;
+ Sat, 20 Apr 2019 10:15:53 +0000 (UTC)
+Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E858821FAC
+	for <patchwork-linux-nfs@patchwork.kernel.org>;
+ Sat, 20 Apr 2019 10:15:52 +0000 (UTC)
+Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
+	id D5EA228818; Sat, 20 Apr 2019 10:15:52 +0000 (UTC)
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+	pdx-wl-mail.web.codeaurora.org
+X-Spam-Level: 
+X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
+	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
+	version=3.3.1
+Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BF69021FAC
+	for <patchwork-linux-nfs@patchwork.kernel.org>;
+ Sat, 20 Apr 2019 10:15:51 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S1726082AbfDTKPu (ORCPT
+        <rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
+        Sat, 20 Apr 2019 06:15:50 -0400
+Received: from mail.kernel.org ([198.145.29.99]:36092 "EHLO mail.kernel.org"
+        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+        id S1725920AbfDTKPu (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
+        Sat, 20 Apr 2019 06:15:50 -0400
+Received: from tleilax.poochiereds.net (cpe-71-70-156-158.nc.res.rr.com
+ [71.70.156.158])
+        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
+        (No client certificate requested)
+        by mail.kernel.org (Postfix) with ESMTPSA id 649D32087B;
+        Sat, 20 Apr 2019 10:15:49 +0000 (UTC)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
+        s=default; t=1555755349;
+        bh=Sqynm2vSbQ1pAh/3FcXrwFTMrJUwFTkrxoodJHFBfA0=;
+        h=From:To:Cc:Subject:Date:From;
+        b=TFlYii+F3H67zOX8b/mENa/XRCx1SjMI2/gLtscPnA5l6T0dG8aC/E+FJLvMeNLHo
+         pu2zlPSdszk+MBMfWQrfUpKGCP7CPqfyk7F1rXRIr6kNYp2tE2gKYyIWvCkVPE45iX
+         LngnHXERmf/R52j7gg2ENj+yjuOh07AifhxH1J00=
+From: Jeff Layton <jlayton@kernel.org>
+To: bfields@fieldses.org
+Cc: slawek1211@gmail.com, neilb@suse.com, linux-nfs@vger.kernel.org
+Subject: [PATCH] nfsd: wake waiters blocked on file_lock before deleting it
+Date: Sat, 20 Apr 2019 06:15:48 -0400
+Message-Id: <20190420101548.8552-1-jlayton@kernel.org>
+X-Mailer: git-send-email 2.20.1
+MIME-Version: 1.0
+Sender: linux-nfs-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <linux-nfs.vger.kernel.org>
+X-Mailing-List: linux-nfs@vger.kernel.org
+X-Virus-Scanned: ClamAV using ClamSMTP
+
+After a blocked nfsd file_lock request is deleted, knfsd will send a
+callback to the client and then free the request. Commit 16306a61d3b7
+("fs/locks: always delete_block after waiting.") changed it such that
+locks_delete_block is always called on a request after it is awoken,
+but that patch missed fixing up blocked nfsd request handling.
+
+Call locks_delete_block on the block to wake up any locks still blocked
+on the nfsd lock request before sending the callback.
+
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363
+Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.")
+Reported-by: Slawomir Pryczek <slawek1211@gmail.com>
+Cc: Neil Brown <neilb@suse.com>
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+---
+ fs/nfsd/nfs4state.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
+index 6a45fb00c5fc..1960e8fd9ad1 100644
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -298,6 +298,14 @@ remove_blocked_locks(struct nfs4_lockowner *lo)
+ 	}
+ }
+ 
++static void
++nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb)
++{
++	struct nfsd4_blocked_lock	*nbl = container_of(cb,
++						struct nfsd4_blocked_lock, nbl_cb);
++	locks_delete_block(&nbl->nbl_lock);
++}
++
+ static int
+ nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task)
+ {
+@@ -325,6 +333,7 @@ nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb)
+ }
+ 
+ static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = {
++	.prepare	= nfsd4_cb_notify_lock_prepare,
+ 	.done		= nfsd4_cb_notify_lock_done,
+ 	.release	= nfsd4_cb_notify_lock_release,
+ };