--- /dev/null
+From 3d44a6fd0775e6215e836423e27f8eedf8c871ea Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneukum@suse.com>
+Date: Thu, 14 Nov 2019 16:01:18 +0100
+Subject: Bluetooth: btusb: fix PM leak in error case of setup
+
+From: Oliver Neukum <oneukum@suse.com>
+
+commit 3d44a6fd0775e6215e836423e27f8eedf8c871ea upstream.
+
+If setup() fails a reference for runtime PM has already
+been taken. Proper use of the error handling in btusb_open()is needed.
+You cannot just return.
+
+Fixes: ace31982585a3 ("Bluetooth: btusb: Add setup callback for chip init on USB")
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/bluetooth/btusb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -1056,7 +1056,7 @@ static int btusb_open(struct hci_dev *hd
+ if (data->setup_on_usb) {
+ err = data->setup_on_usb(hdev);
+ if (err < 0)
+- return err;
++ goto setup_fail;
+ }
+
+ err = usb_autopm_get_interface(data->intf);
+@@ -1092,6 +1092,7 @@ done:
+
+ failed:
+ clear_bit(BTUSB_INTR_RUNNING, &data->flags);
++setup_fail:
+ usb_autopm_put_interface(data->intf);
+ return err;
+ }
--- /dev/null
+From df66499a1fab340c167250a5743931dc50d5f0fa Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 19 Nov 2019 09:17:05 +0300
+Subject: Bluetooth: delete a stray unlock
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit df66499a1fab340c167250a5743931dc50d5f0fa upstream.
+
+We used to take a lock in amp_physical_cfm() but then we moved it to
+the caller function. Unfortunately the unlock on this error path was
+overlooked so it leads to a double unlock.
+
+Fixes: a514b17fab51 ("Bluetooth: Refactor locking in amp_physical_cfm")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/l2cap_core.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/net/bluetooth/l2cap_core.c
++++ b/net/bluetooth/l2cap_core.c
+@@ -4897,10 +4897,8 @@ void __l2cap_physical_cfm(struct l2cap_c
+ BT_DBG("chan %p, result %d, local_amp_id %d, remote_amp_id %d",
+ chan, result, local_amp_id, remote_amp_id);
+
+- if (chan->state == BT_DISCONN || chan->state == BT_CLOSED) {
+- l2cap_chan_unlock(chan);
++ if (chan->state == BT_DISCONN || chan->state == BT_CLOSED)
+ return;
+- }
+
+ if (chan->state != BT_CONNECTED) {
+ l2cap_do_create(chan, result, local_amp_id, remote_amp_id);
--- /dev/null
+From 99c4f70df3a6446c56ca817c2d0f9c12d85d4e7c Mon Sep 17 00:00:00 2001
+From: Stephan Gerhold <stephan@gerhold.net>
+Date: Wed, 6 Nov 2019 18:31:24 +0100
+Subject: regulator: ab8500: Remove AB8505 USB regulator
+
+From: Stephan Gerhold <stephan@gerhold.net>
+
+commit 99c4f70df3a6446c56ca817c2d0f9c12d85d4e7c upstream.
+
+The USB regulator was removed for AB8500 in
+commit 41a06aa738ad ("regulator: ab8500: Remove USB regulator").
+It was then added for AB8505 in
+commit 547f384f33db ("regulator: ab8500: add support for ab8505").
+
+However, there was never an entry added for it in
+ab8505_regulator_match. This causes all regulators after it
+to be initialized with the wrong device tree data, eventually
+leading to an out-of-bounds array read.
+
+Given that it is not used anywhere in the kernel, it seems
+likely that similar arguments against supporting it exist for
+AB8505 (it is controlled by hardware).
+
+Therefore, simply remove it like for AB8500 instead of adding
+an entry in ab8505_regulator_match.
+
+Fixes: 547f384f33db ("regulator: ab8500: add support for ab8505")
+Cc: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
+Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
+Link: https://lore.kernel.org/r/20191106173125.14496-1-stephan@gerhold.net
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/regulator/ab8500.c | 17 -----------------
+ include/linux/regulator/ab8500.h | 1 -
+ 2 files changed, 18 deletions(-)
+
+--- a/drivers/regulator/ab8500.c
++++ b/drivers/regulator/ab8500.c
+@@ -1099,23 +1099,6 @@ static struct ab8500_regulator_info
+ .update_val_idle = 0x82,
+ .update_val_normal = 0x02,
+ },
+- [AB8505_LDO_USB] = {
+- .desc = {
+- .name = "LDO-USB",
+- .ops = &ab8500_regulator_mode_ops,
+- .type = REGULATOR_VOLTAGE,
+- .id = AB8505_LDO_USB,
+- .owner = THIS_MODULE,
+- .n_voltages = 1,
+- .volt_table = fixed_3300000_voltage,
+- },
+- .update_bank = 0x03,
+- .update_reg = 0x82,
+- .update_mask = 0x03,
+- .update_val = 0x01,
+- .update_val_idle = 0x03,
+- .update_val_normal = 0x01,
+- },
+ [AB8505_LDO_AUDIO] = {
+ .desc = {
+ .name = "LDO-AUDIO",
+--- a/include/linux/regulator/ab8500.h
++++ b/include/linux/regulator/ab8500.h
+@@ -38,7 +38,6 @@ enum ab8505_regulator_id {
+ AB8505_LDO_AUX6,
+ AB8505_LDO_INTCORE,
+ AB8505_LDO_ADC,
+- AB8505_LDO_USB,
+ AB8505_LDO_AUDIO,
+ AB8505_LDO_ANAMIC1,
+ AB8505_LDO_ANAMIC2,
gpiolib-fix-up-emulated-open-drain-outputs.patch
alsa-cs4236-fix-error-return-comparison-of-an-unsigned-integer.patch
ftrace-avoid-potential-division-by-zero-in-function-profiler.patch
+bluetooth-btusb-fix-pm-leak-in-error-case-of-setup.patch
+bluetooth-delete-a-stray-unlock.patch
+regulator-ab8500-remove-ab8505-usb-regulator.patch
+tty-serial-msm_serial-fix-lockup-for-sysrq-and-oops.patch
--- /dev/null
+From 0e4f7f920a5c6bfe5e851e989f27b35a0cc7fb7e Mon Sep 17 00:00:00 2001
+From: Leo Yan <leo.yan@linaro.org>
+Date: Wed, 27 Nov 2019 22:15:43 +0800
+Subject: tty: serial: msm_serial: Fix lockup for sysrq and oops
+
+From: Leo Yan <leo.yan@linaro.org>
+
+commit 0e4f7f920a5c6bfe5e851e989f27b35a0cc7fb7e upstream.
+
+As the commit 677fe555cbfb ("serial: imx: Fix recursive locking bug")
+has mentioned the uart driver might cause recursive locking between
+normal printing and the kernel debugging facilities (e.g. sysrq and
+oops). In the commit it gave out suggestion for fixing recursive
+locking issue: "The solution is to avoid locking in the sysrq case
+and trylock in the oops_in_progress case."
+
+This patch follows the suggestion (also used the exactly same code with
+other serial drivers, e.g. amba-pl011.c) to fix the recursive locking
+issue, this can avoid stuck caused by deadlock and print out log for
+sysrq and oops.
+
+Fixes: 04896a77a97b ("msm_serial: serial driver for MSM7K onboard serial peripheral.")
+Signed-off-by: Leo Yan <leo.yan@linaro.org>
+Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
+Link: https://lore.kernel.org/r/20191127141544.4277-2-leo.yan@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/msm_serial.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/serial/msm_serial.c
++++ b/drivers/tty/serial/msm_serial.c
+@@ -1381,6 +1381,7 @@ static void __msm_console_write(struct u
+ int num_newlines = 0;
+ bool replaced = false;
+ void __iomem *tf;
++ int locked = 1;
+
+ if (is_uartdm)
+ tf = port->membase + UARTDM_TF;
+@@ -1393,7 +1394,13 @@ static void __msm_console_write(struct u
+ num_newlines++;
+ count += num_newlines;
+
+- spin_lock(&port->lock);
++ if (port->sysrq)
++ locked = 0;
++ else if (oops_in_progress)
++ locked = spin_trylock(&port->lock);
++ else
++ spin_lock(&port->lock);
++
+ if (is_uartdm)
+ msm_reset_dm_count(port, count);
+
+@@ -1429,7 +1436,9 @@ static void __msm_console_write(struct u
+ iowrite32_rep(tf, buf, 1);
+ i += num_chars;
+ }
+- spin_unlock(&port->lock);
++
++ if (locked)
++ spin_unlock(&port->lock);
+ }
+
+ static void msm_console_write(struct console *co, const char *s,
projects / thirdparty / kernel / stable-queue.git / commitdiff
