Fixes for 4.4

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.4/asoc-intel-fix-memleak-in-sst_media_open.patch b/queue-4.4/asoc-intel-fix-memleak-in-sst_media_open.patch
new file mode 100644 (file)
index 0000000..bd912cb
--- /dev/null
+++ b/queue-4.4/asoc-intel-fix-memleak-in-sst_media_open.patch
@@ -0,0 +1,50 @@
+From 2e13d922207517bf398da271615986add637e04e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 13 Aug 2020 16:41:10 +0800
+Subject: ASoC: intel: Fix memleak in sst_media_open
+
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+
+[ Upstream commit 062fa09f44f4fb3776a23184d5d296b0c8872eb9 ]
+
+When power_up_sst() fails, stream needs to be freed
+just like when try_module_get() fails. However, current
+code is returning directly and ends up leaking memory.
+
+Fixes: 0121327c1a68b ("ASoC: Intel: mfld-pcm: add control for powering up/down dsp")
+Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Link: https://lore.kernel.org/r/20200813084112.26205-1-dinghao.liu@zju.edu.cn
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/intel/atom/sst-mfld-platform-pcm.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/sound/soc/intel/atom/sst-mfld-platform-pcm.c b/sound/soc/intel/atom/sst-mfld-platform-pcm.c
+index 1d9dfb92b3b48..edb244331e6e9 100644
+--- a/sound/soc/intel/atom/sst-mfld-platform-pcm.c
++++ b/sound/soc/intel/atom/sst-mfld-platform-pcm.c
+@@ -338,7 +338,7 @@ static int sst_media_open(struct snd_pcm_substream *substream,
+ 
+       ret_val = power_up_sst(stream);
+       if (ret_val < 0)
+-              return ret_val;
++              goto out_power_up;
+ 
+       /* Make sure, that the period size is always even */
+       snd_pcm_hw_constraint_step(substream->runtime, 0,
+@@ -347,8 +347,9 @@ static int sst_media_open(struct snd_pcm_substream *substream,
+       return snd_pcm_hw_constraint_integer(runtime,
+                        SNDRV_PCM_HW_PARAM_PERIODS);
+ out_ops:
+-      kfree(stream);
+       mutex_unlock(&sst_lock);
++out_power_up:
++      kfree(stream);
+       return ret_val;
+ }
+ 
+-- 
+2.25.1
+

diff --git a/queue-4.4/ext4-fix-potential-negative-array-index-in-do_split.patch b/queue-4.4/ext4-fix-potential-negative-array-index-in-do_split.patch
new file mode 100644 (file)
index 0000000..20be473
--- /dev/null
+++ b/queue-4.4/ext4-fix-potential-negative-array-index-in-do_split.patch
@@ -0,0 +1,68 @@
+From a3abb645e2f116b18a5659b1ea972b563a243220 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 17 Jun 2020 14:19:04 -0500
+Subject: ext4: fix potential negative array index in do_split()
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+[ Upstream commit 5872331b3d91820e14716632ebb56b1399b34fe1 ]
+
+If for any reason a directory passed to do_split() does not have enough
+active entries to exceed half the size of the block, we can end up
+iterating over all "count" entries without finding a split point.
+
+In this case, count == move, and split will be zero, and we will
+attempt a negative index into map[].
+
+Guard against this by detecting this case, and falling back to
+split-to-half-of-count instead; in this case we will still have
+plenty of space (> half blocksize) in each split block.
+
+Fixes: ef2b02d3e617 ("ext34: ensure do_split leaves enough free space in both blocks")
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/namei.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
+index faf142a6fa8bb..061b026e464c5 100644
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -1730,7 +1730,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
+                            blocksize, hinfo, map);
+       map -= count;
+       dx_sort_map(map, count);
+-      /* Split the existing block in the middle, size-wise */
++      /* Ensure that neither split block is over half full */
+       size = 0;
+       move = 0;
+       for (i = count-1; i >= 0; i--) {
+@@ -1740,8 +1740,18 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
+               size += map[i].size;
+               move++;
+       }
+-      /* map index at which we will split */
+-      split = count - move;
++      /*
++       * map index at which we will split
++       *
++       * If the sum of active entries didn't exceed half the block size, just
++       * split it in half by count; each resulting block will have at least
++       * half the space free.
++       */
++      if (i > 0)
++              split = count - move;
++      else
++              split = count/2;
++
+       hash2 = map[split].hash;
+       continued = hash2 == map[split - 1].hash;
+       dxtrace(printk(KERN_INFO "Split block %lu at %x, %i/%i\n",
+-- 
+2.25.1
+

diff --git a/queue-4.4/series b/queue-4.4/series
index 70d2aa84cf34335dca4e612923a7f57dc8bb9a43..2f49b6af51dc9b2f54ecee97a1599daf8dc3b398 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -23,3 +23,5 @@ scsi-libfc-free-skb-in-fc_disc_gpn_id_resp-for-valid.patch
 virtio_ring-avoid-loop-when-vq-is-broken-in-virtqueu.patch
 xfs-fix-ubsan-null-ptr-deref-in-xfs_sysfs_init.patch
 alpha-fix-annotation-of-io-read-write-16-32-be.patch
+ext4-fix-potential-negative-array-index-in-do_split.patch
+asoc-intel-fix-memleak-in-sst_media_open.patch