--- /dev/null
+From 656d1d58d8e0958d372db86c24f0b2ea36f50888 Mon Sep 17 00:00:00 2001
+From: qiuguorui1 <qiuguorui1@huawei.com>
+Date: Thu, 18 Feb 2021 20:59:00 +0800
+Subject: arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails
+
+From: qiuguorui1 <qiuguorui1@huawei.com>
+
+commit 656d1d58d8e0958d372db86c24f0b2ea36f50888 upstream.
+
+in function create_dtb(), if fdt_open_into() fails, we need to vfree
+buf before return.
+
+Fixes: 52b2a8af7436 ("arm64: kexec_file: load initrd and device-tree")
+Cc: stable@vger.kernel.org # v5.0
+Signed-off-by: qiuguorui1 <qiuguorui1@huawei.com>
+Link: https://lore.kernel.org/r/20210218125900.6810-1-qiuguorui1@huawei.com
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kernel/machine_kexec_file.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/arm64/kernel/machine_kexec_file.c
++++ b/arch/arm64/kernel/machine_kexec_file.c
+@@ -150,8 +150,10 @@ static int create_dtb(struct kimage *ima
+
+ /* duplicate a device tree blob */
+ ret = fdt_open_into(initial_boot_params, buf, buf_size);
+- if (ret)
++ if (ret) {
++ vfree(buf);
+ return -EINVAL;
++ }
+
+ ret = setup_dtb(image, initrd_load_addr, initrd_len,
+ cmdline, buf);
--- /dev/null
+From d47422d953e258ad587b5edf2274eb95d08bdc7d Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Tue, 23 Feb 2021 16:25:34 +0800
+Subject: arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
+
+From: He Zhe <zhe.he@windriver.com>
+
+commit d47422d953e258ad587b5edf2274eb95d08bdc7d upstream.
+
+As stated in linux/errno.h, ENOTSUPP should never be seen by user programs.
+When we set up uprobe with 32-bit perf and arm64 kernel, we would see the
+following vague error without useful hint.
+
+The sys_perf_event_open() syscall returned with 524 (INTERNAL ERROR:
+strerror_r(524, [buf], 128)=22)
+
+Use EOPNOTSUPP instead to indicate such cases.
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Link: https://lore.kernel.org/r/20210223082535.48730-1-zhe.he@windriver.com
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kernel/probes/uprobes.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/kernel/probes/uprobes.c
++++ b/arch/arm64/kernel/probes/uprobes.c
+@@ -38,7 +38,7 @@ int arch_uprobe_analyze_insn(struct arch
+
+ /* TODO: Currently we do not support AARCH32 instruction probing */
+ if (mm->context.flags & MMCF_AARCH32)
+- return -ENOTSUPP;
++ return -EOPNOTSUPP;
+ else if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE))
+ return -EINVAL;
+
--- /dev/null
+From 8a0c014cd20516ade9654fc13b51345ec58e7be8 Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Fri, 22 Jan 2021 12:13:20 +0100
+Subject: floppy: reintroduce O_NDELAY fix
+
+From: Jiri Kosina <jkosina@suse.cz>
+
+commit 8a0c014cd20516ade9654fc13b51345ec58e7be8 upstream.
+
+This issue was originally fixed in 09954bad4 ("floppy: refactor open()
+flags handling").
+
+The fix as a side-effect, however, introduce issue for open(O_ACCMODE)
+that is being used for ioctl-only open. I wrote a fix for that, but
+instead of it being merged, full revert of 09954bad4 was performed,
+re-introducing the O_NDELAY / O_NONBLOCK issue, and it strikes again.
+
+This is a forward-port of the original fix to current codebase; the
+original submission had the changelog below:
+
+====
+Commit 09954bad4 ("floppy: refactor open() flags handling"), as a
+side-effect, causes open(/dev/fdX, O_ACCMODE) to fail. It turns out that
+this is being used setfdprm userspace for ioctl-only open().
+
+Reintroduce back the original behavior wrt !(FMODE_READ|FMODE_WRITE)
+modes, while still keeping the original O_NDELAY bug fixed.
+
+Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2101221209060.5622@cbobk.fhfr.pm
+Cc: stable@vger.kernel.org
+Reported-by: Wim Osterholt <wim@djo.tudelft.nl>
+Tested-by: Wim Osterholt <wim@djo.tudelft.nl>
+Reported-and-tested-by: Kurt Garloff <kurt@garloff.de>
+Fixes: 09954bad4 ("floppy: refactor open() flags handling")
+Fixes: f2791e7ead ("Revert "floppy: refactor open() flags handling"")
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Denis Efremov <efremov@linux.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/floppy.c | 27 ++++++++++++++-------------
+ 1 file changed, 14 insertions(+), 13 deletions(-)
+
+--- a/drivers/block/floppy.c
++++ b/drivers/block/floppy.c
+@@ -4063,21 +4063,22 @@ static int floppy_open(struct block_devi
+ if (UFDCS->rawcmd == 1)
+ UFDCS->rawcmd = 2;
+
+- if (!(mode & FMODE_NDELAY)) {
+- if (mode & (FMODE_READ|FMODE_WRITE)) {
+- UDRS->last_checked = 0;
+- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
+- check_disk_change(bdev);
+- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
+- goto out;
+- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
+- goto out;
+- }
+- res = -EROFS;
+- if ((mode & FMODE_WRITE) &&
+- !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags))
++ if (mode & (FMODE_READ|FMODE_WRITE)) {
++ UDRS->last_checked = 0;
++ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
++ check_disk_change(bdev);
++ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
++ goto out;
++ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
+ goto out;
+ }
++
++ res = -EROFS;
++
++ if ((mode & FMODE_WRITE) &&
++ !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags))
++ goto out;
++
+ mutex_unlock(&open_lock);
+ mutex_unlock(&floppy_mutex);
+ return 0;
--- /dev/null
+From 70779b897395b330ba5a47bed84f94178da599f9 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Wed, 20 Jan 2021 00:51:13 -0800
+Subject: fs/affs: release old buffer head on error path
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit 70779b897395b330ba5a47bed84f94178da599f9 upstream.
+
+The reference count of the old buffer head should be decremented on path
+that fails to get the new buffer head.
+
+Fixes: 6b4657667ba0 ("fs/affs: add rename exchange")
+CC: stable@vger.kernel.org # 4.14+
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/affs/namei.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/affs/namei.c
++++ b/fs/affs/namei.c
+@@ -460,8 +460,10 @@ affs_xrename(struct inode *old_dir, stru
+ return -EIO;
+
+ bh_new = affs_bread(sb, d_inode(new_dentry)->i_ino);
+- if (!bh_new)
++ if (!bh_new) {
++ affs_brelse(bh_old);
+ return -EIO;
++ }
+
+ /* Remove old header from its parent directory. */
+ affs_lock_dir(old_dir);
--- /dev/null
+From 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef Mon Sep 17 00:00:00 2001
+From: Mike Kravetz <mike.kravetz@oracle.com>
+Date: Wed, 24 Feb 2021 12:07:54 -0800
+Subject: hugetlb: fix copy_huge_page_from_user contig page struct assumption
+
+From: Mike Kravetz <mike.kravetz@oracle.com>
+
+commit 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef upstream.
+
+page structs are not guaranteed to be contiguous for gigantic pages. The
+routine copy_huge_page_from_user can encounter gigantic pages, yet it
+assumes page structs are contiguous when copying pages from user space.
+
+Since page structs for the target gigantic page are not contiguous, the
+data copied from user space could overwrite other pages not associated
+with the gigantic page and cause data corruption.
+
+Non-contiguous page structs are generally not an issue. However, they can
+exist with a specific kernel configuration and hotplug operations. For
+example: Configure the kernel with CONFIG_SPARSEMEM and
+!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where
+the gigantic page will be allocated.
+
+Link: https://lkml.kernel.org/r/20210217184926.33567-2-mike.kravetz@oracle.com
+Fixes: 8fb5debc5fcd ("userfaultfd: hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support")
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Zi Yan <ziy@nvidia.com>
+Cc: Davidlohr Bueso <dbueso@suse.de>
+Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: Joao Martins <joao.m.martins@oracle.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/memory.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -4718,17 +4718,19 @@ long copy_huge_page_from_user(struct pag
+ void *page_kaddr;
+ unsigned long i, rc = 0;
+ unsigned long ret_val = pages_per_huge_page * PAGE_SIZE;
++ struct page *subpage = dst_page;
+
+- for (i = 0; i < pages_per_huge_page; i++) {
++ for (i = 0; i < pages_per_huge_page;
++ i++, subpage = mem_map_next(subpage, dst_page, i)) {
+ if (allow_pagefault)
+- page_kaddr = kmap(dst_page + i);
++ page_kaddr = kmap(subpage);
+ else
+- page_kaddr = kmap_atomic(dst_page + i);
++ page_kaddr = kmap_atomic(subpage);
+ rc = copy_from_user(page_kaddr,
+ (const void __user *)(src + i * PAGE_SIZE),
+ PAGE_SIZE);
+ if (allow_pagefault)
+- kunmap(dst_page + i);
++ kunmap(subpage);
+ else
+ kunmap_atomic(page_kaddr);
+
--- /dev/null
+From dbfee5aee7e54f83d96ceb8e3e80717fac62ad63 Mon Sep 17 00:00:00 2001
+From: Mike Kravetz <mike.kravetz@oracle.com>
+Date: Wed, 24 Feb 2021 12:07:50 -0800
+Subject: hugetlb: fix update_and_free_page contig page struct assumption
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mike Kravetz <mike.kravetz@oracle.com>
+
+commit dbfee5aee7e54f83d96ceb8e3e80717fac62ad63 upstream.
+
+page structs are not guaranteed to be contiguous for gigantic pages. The
+routine update_and_free_page can encounter a gigantic page, yet it assumes
+page structs are contiguous when setting page flags in subpages.
+
+If update_and_free_page encounters non-contiguous page structs, we can see
+“BUG: Bad page state in process …” errors.
+
+Non-contiguous page structs are generally not an issue. However, they can
+exist with a specific kernel configuration and hotplug operations. For
+example: Configure the kernel with CONFIG_SPARSEMEM and
+!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where
+the gigantic page will be allocated. Zi Yan outlined steps to reproduce
+here [1].
+
+[1] https://lore.kernel.org/linux-mm/16F7C58B-4D79-41C5-9B64-A1A1628F4AF2@nvidia.com/
+
+Link: https://lkml.kernel.org/r/20210217184926.33567-1-mike.kravetz@oracle.com
+Fixes: 944d9fec8d7a ("hugetlb: add support for gigantic page allocation at runtime")
+Signed-off-by: Zi Yan <ziy@nvidia.com>
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Zi Yan <ziy@nvidia.com>
+Cc: Davidlohr Bueso <dbueso@suse.de>
+Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: Joao Martins <joao.m.martins@oracle.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -1192,14 +1192,16 @@ static inline void destroy_compound_giga
+ static void update_and_free_page(struct hstate *h, struct page *page)
+ {
+ int i;
++ struct page *subpage = page;
+
+ if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported())
+ return;
+
+ h->nr_huge_pages--;
+ h->nr_huge_pages_node[page_to_nid(page)]--;
+- for (i = 0; i < pages_per_huge_page(h); i++) {
+- page[i].flags &= ~(1 << PG_locked | 1 << PG_error |
++ for (i = 0; i < pages_per_huge_page(h);
++ i++, subpage = mem_map_next(subpage, page, i)) {
++ subpage->flags &= ~(1 << PG_locked | 1 << PG_error |
+ 1 << PG_referenced | 1 << PG_dirty |
+ 1 << PG_active | 1 << PG_private |
+ 1 << PG_writeback);
--- /dev/null
+From 58fa22f68fcaff20ce4d08a6adffa64f65ccd37d Mon Sep 17 00:00:00 2001
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+Date: Fri, 2 Oct 2020 14:18:02 +0900
+Subject: mtd: spi-nor: core: Add erase size check for erase command initialization
+
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+
+commit 58fa22f68fcaff20ce4d08a6adffa64f65ccd37d upstream.
+
+Even if erase type is same as previous region, erase size can be different
+if the previous region is overlaid region. Since 'region->size' is assigned
+to 'cmd->size' for overlaid region, comparing 'erase->size' and 'cmd->size'
+can detect previous overlaid region.
+
+Fixes: 5390a8df769e ("mtd: spi-nor: add support to non-uniform SFDP SPI NOR flash memories")
+Cc: stable@vger.kernel.org
+Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+[ta: Add Fixes tag and Cc to stable]
+Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
+Link: https://lore.kernel.org/r/13d47e8d8991b8a7fd8cc7b9e2a5319c56df35cc.1601612872.git.Takahiro.Kuwano@infineon.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/mtd/spi-nor/spi-nor.c
++++ b/drivers/mtd/spi-nor/spi-nor.c
+@@ -1153,6 +1153,7 @@ static int spi_nor_init_erase_cmd_list(s
+ goto destroy_erase_cmd_list;
+
+ if (prev_erase != erase ||
++ erase->size != cmd->size ||
+ region->offset & SNOR_OVERLAID_REGION) {
+ cmd = spi_nor_init_erase_cmd(region, erase);
+ if (IS_ERR(cmd)) {
--- /dev/null
+From 969b276718de37dfe66fce3a5633f611e8cd58fd Mon Sep 17 00:00:00 2001
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+Date: Fri, 2 Oct 2020 14:18:01 +0900
+Subject: mtd: spi-nor: core: Fix erase type discovery for overlaid region
+
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+
+commit 969b276718de37dfe66fce3a5633f611e8cd58fd upstream.
+
+In case of overlaid regions in which their biggest erase size command
+overpasses in size the region's size, only the non-overlaid portion of
+the sector gets erased. For example, if a Sector Erase command is applied
+to a 256-kB range that is overlaid by 4-kB sectors, the overlaid 4-kB
+sectors are not affected by the erase.
+For overlaid regions, 'region->size' is assigned to 'cmd->size' later in
+spi_nor_init_erase_cmd(), so 'erase->size' can be greater than 'len'.
+
+Fixes: 5390a8df769e ("mtd: spi-nor: add support to non-uniform SFDP SPI NOR flash memories")
+Cc: stable@vger.kernel.org
+Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+[ta: Update commit description, add Fixes tag and Cc to stable]
+Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
+Link: https://lore.kernel.org/r/fa5d8b944a5cca488ac54ba37c95e775ac2deb34.1601612872.git.Takahiro.Kuwano@infineon.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/mtd/spi-nor/spi-nor.c
++++ b/drivers/mtd/spi-nor/spi-nor.c
+@@ -1011,14 +1011,15 @@ spi_nor_find_best_erase_type(const struc
+
+ erase = &map->erase_type[i];
+
++ /* Alignment is not mandatory for overlaid regions */
++ if (region->offset & SNOR_OVERLAID_REGION &&
++ region->size <= len)
++ return erase;
++
+ /* Don't erase more than what the user has asked for. */
+ if (erase->size > len)
+ continue;
+
+- /* Alignment is not mandatory for overlaid regions */
+- if (region->offset & SNOR_OVERLAID_REGION)
+- return erase;
+-
+ spi_nor_div_by_erase_size(erase, addr, &rem);
+ if (rem)
+ continue;
--- /dev/null
+From fe6653460ee7a7dbe0cd5fd322992af862ce5ab0 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Thu, 21 Jan 2021 01:18:47 -0800
+Subject: mtd: spi-nor: hisi-sfc: Put child node np on error path
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit fe6653460ee7a7dbe0cd5fd322992af862ce5ab0 upstream.
+
+Put the child node np when it fails to get or register device.
+
+Fixes: e523f11141bd ("mtd: spi-nor: add hisilicon spi-nor flash controller driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+[ta: Add Fixes tag and Cc stable]
+Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
+Link: https://lore.kernel.org/r/20210121091847.85362-1-bianpan2016@163.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/spi-nor/hisi-sfc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/mtd/spi-nor/hisi-sfc.c
++++ b/drivers/mtd/spi-nor/hisi-sfc.c
+@@ -396,8 +396,10 @@ static int hisi_spi_nor_register_all(str
+
+ for_each_available_child_of_node(dev->of_node, np) {
+ ret = hisi_spi_nor_register(np, host);
+- if (ret)
++ if (ret) {
++ of_node_put(np);
+ goto fail;
++ }
+
+ if (host->num_chip == HIFMC_MAX_CHIP_NUM) {
+ dev_warn(dev, "Flash device number exceeds the maximum chipselect number\n");
--- /dev/null
+From 9166f4af32db74e1544a2149aef231ff24515ea3 Mon Sep 17 00:00:00 2001
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+Date: Fri, 2 Oct 2020 14:18:00 +0900
+Subject: mtd: spi-nor: sfdp: Fix last erase region marking
+
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+
+commit 9166f4af32db74e1544a2149aef231ff24515ea3 upstream.
+
+The place of spi_nor_region_mark_end() must be moved, because 'i' is
+re-used for the index of erase[].
+
+Fixes: b038e8e3be72 ("mtd: spi-nor: parse SFDP Sector Map Parameter Table")
+Cc: stable@vger.kernel.org
+Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+[ta: Add Fixes tag and Cc to stable]
+Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
+Link: https://lore.kernel.org/r/02ce8d84b7989ebee33382f6494df53778dd508e.1601612872.git.Takahiro.Kuwano@infineon.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/mtd/spi-nor/spi-nor.c
++++ b/drivers/mtd/spi-nor/spi-nor.c
+@@ -3770,6 +3770,7 @@ spi_nor_init_non_uniform_erase_map(struc
+ offset = (region[i].offset & ~SNOR_ERASE_FLAGS_MASK) +
+ region[i].size;
+ }
++ spi_nor_region_mark_end(®ion[i - 1]);
+
+ save_uniform_erase_type = map->uniform_erase_type;
+ map->uniform_erase_type = spi_nor_sort_erase_mask(map,
+@@ -3793,8 +3794,6 @@ spi_nor_init_non_uniform_erase_map(struc
+ if (!(regions_erase_type & BIT(erase[i].idx)))
+ spi_nor_set_erase_type(&erase[i], 0, 0xFF);
+
+- spi_nor_region_mark_end(®ion[i - 1]);
+-
+ return 0;
+ }
+
--- /dev/null
+From abdf5a5ef9652bad4d58058bc22ddf23543ba3e1 Mon Sep 17 00:00:00 2001
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+Date: Fri, 2 Oct 2020 14:17:59 +0900
+Subject: mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid region
+
+From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+
+commit abdf5a5ef9652bad4d58058bc22ddf23543ba3e1 upstream.
+
+At the time spi_nor_region_check_overlay() is called, the erase types are
+sorted in ascending order of erase size. The 'erase_type' should be masked
+with 'BIT(erase[i].idx)' instead of 'BIT(i)'.
+
+Fixes: b038e8e3be72 ("mtd: spi-nor: parse SFDP Sector Map Parameter Table")
+Cc: stable@vger.kernel.org
+Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
+[ta: Add Fixes tag and Cc to stable]
+Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
+Link: https://lore.kernel.org/r/fd90c40d5b626a1319a78fc2bcee79a8871d4d57.1601612872.git.Takahiro.Kuwano@infineon.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/spi-nor/spi-nor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mtd/spi-nor/spi-nor.c
++++ b/drivers/mtd/spi-nor/spi-nor.c
+@@ -3700,7 +3700,7 @@ spi_nor_region_check_overlay(struct spi_
+ int i;
+
+ for (i = 0; i < SNOR_ERASE_TYPE_MAX; i++) {
+- if (!(erase_type & BIT(i)))
++ if (!(erase[i].size && erase_type & BIT(erase[i].idx)))
+ continue;
+ if (region->size & erase[i].size_mask) {
+ spi_nor_region_mark_overlay(region);
--- /dev/null
+From b3656d8227f4c45812c6b40815d8f4e446ed372a Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Thu, 25 Feb 2021 17:22:25 -0800
+Subject: seq_file: document how per-entry resources are managed.
+
+From: NeilBrown <neilb@suse.de>
+
+commit b3656d8227f4c45812c6b40815d8f4e446ed372a upstream.
+
+Patch series "Fix some seq_file users that were recently broken".
+
+A recent change to seq_file broke some users which were using seq_file
+in a non-"standard" way ... though the "standard" isn't documented, so
+they can be excused. The result is a possible leak - of memory in one
+case, of references to a 'transport' in the other.
+
+These three patches:
+ 1/ document and explain the problem
+ 2/ fix the problem user in x86
+ 3/ fix the problem user in net/sctp
+
+This patch (of 3):
+
+Users of seq_file will sometimes find it convenient to take a resource,
+such as a lock or memory allocation, in the ->start or ->next operations.
+These are per-entry resources, distinct from per-session resources which
+are taken in ->start and released in ->stop.
+
+The preferred management of these is release the resource on the
+subsequent call to ->next or ->stop.
+
+However prior to Commit 1f4aace60b0e ("fs/seq_file.c: simplify seq_file
+iteration code and interface") it happened that ->show would always be
+called after ->start or ->next, and a few users chose to release the
+resource in ->show.
+
+This is no longer reliable. Since the mentioned commit, ->next will
+always come after a successful ->show (to ensure m->index is updated
+correctly), so the original ordering cannot be maintained.
+
+This patch updates the documentation to clearly state the required
+behaviour. Other patches will fix the few problematic users.
+
+[akpm@linux-foundation.org: fix typo, per Willy]
+
+Link: https://lkml.kernel.org/r/161248518659.21478.2484341937387294998.stgit@noble1
+Link: https://lkml.kernel.org/r/161248539020.21478.3147971477400875336.stgit@noble1
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Cc: Xin Long <lucien.xin@gmail.com>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Cc: Neil Horman <nhorman@tuxdriver.com>
+Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/filesystems/seq_file.txt | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/Documentation/filesystems/seq_file.txt
++++ b/Documentation/filesystems/seq_file.txt
+@@ -192,6 +192,12 @@ between the calls to start() and stop(),
+ is a reasonable thing to do. The seq_file code will also avoid taking any
+ other locks while the iterator is active.
+
++The iterater value returned by start() or next() is guaranteed to be
++passed to a subsequent next() or stop() call. This allows resources
++such as locks that were taken to be reliably released. There is *no*
++guarantee that the iterator will be passed to show(), though in practice
++it often will be.
++
+
+ Formatted output
+
rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch
rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch
rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch
+floppy-reintroduce-o_ndelay-fix.patch
+arm64-kexec_file-fix-memory-leakage-in-create_dtb-when-fdt_open_into-fails.patch
+arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch
+watchdog-qcom-remove-incorrect-usage-of-qcom_wdt_enable_irq.patch
+watchdog-mei_wdt-request-stop-on-unregister.patch
+mtd-spi-nor-sfdp-fix-last-erase-region-marking.patch
+mtd-spi-nor-sfdp-fix-wrong-erase-type-bitmask-for-overlaid-region.patch
+mtd-spi-nor-core-fix-erase-type-discovery-for-overlaid-region.patch
+mtd-spi-nor-core-add-erase-size-check-for-erase-command-initialization.patch
+mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch
+fs-affs-release-old-buffer-head-on-error-path.patch
+seq_file-document-how-per-entry-resources-are-managed.patch
+x86-fix-seq_file-iteration-for-pat-memtype.c.patch
+hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch
+hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch
--- /dev/null
+From 740c0a57b8f1e36301218bf549f3c9cc833a60be Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Sun, 24 Jan 2021 13:49:38 +0200
+Subject: watchdog: mei_wdt: request stop on unregister
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 740c0a57b8f1e36301218bf549f3c9cc833a60be upstream.
+
+The MEI bus has a special behavior on suspend it destroys
+all the attached devices, this is due to the fact that also
+firmware context is not persistent across power flows.
+
+If watchdog on MEI bus is ticking before suspending the firmware
+times out and reports that the OS is missing watchdog tick.
+Send the stop command to the firmware on watchdog unregistered
+to eliminate the false event on suspend.
+This does not make the things worse from the user-space perspective
+as a user-space should re-open watchdog device after
+suspending before this patch.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Link: https://lore.kernel.org/r/20210124114938.373885-1-tomas.winkler@intel.com
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/watchdog/mei_wdt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/watchdog/mei_wdt.c
++++ b/drivers/watchdog/mei_wdt.c
+@@ -382,6 +382,7 @@ static int mei_wdt_register(struct mei_w
+
+ watchdog_set_drvdata(&wdt->wdd, wdt);
+ watchdog_stop_on_reboot(&wdt->wdd);
++ watchdog_stop_on_unregister(&wdt->wdd);
+
+ ret = watchdog_register_device(&wdt->wdd);
+ if (ret)
--- /dev/null
+From a4f3407c41605d14f09e490045d0609990cd5d94 Mon Sep 17 00:00:00 2001
+From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
+Date: Tue, 26 Jan 2021 20:32:41 +0530
+Subject: watchdog: qcom: Remove incorrect usage of QCOM_WDT_ENABLE_IRQ
+
+From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
+
+commit a4f3407c41605d14f09e490045d0609990cd5d94 upstream.
+
+As per register documentation, QCOM_WDT_ENABLE_IRQ which is BIT(1)
+of watchdog control register is wakeup interrupt enable bit and
+not related to bark interrupt at all, BIT(0) is used for that.
+So remove incorrect usage of this bit when supporting bark irq for
+pre-timeout notification. Currently with this bit set and bark
+interrupt specified, pre-timeout notification and/or watchdog
+reset/bite does not occur.
+
+Fixes: 36375491a439 ("watchdog: qcom: support pre-timeout when the bark irq is available")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Reviewed-by: Stephen Boyd <swboyd@chromium.org>
+Link: https://lore.kernel.org/r/20210126150241.10009-1-saiprakash.ranjan@codeaurora.org
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/watchdog/qcom-wdt.c | 13 +------------
+ 1 file changed, 1 insertion(+), 12 deletions(-)
+
+--- a/drivers/watchdog/qcom-wdt.c
++++ b/drivers/watchdog/qcom-wdt.c
+@@ -22,7 +22,6 @@ enum wdt_reg {
+ };
+
+ #define QCOM_WDT_ENABLE BIT(0)
+-#define QCOM_WDT_ENABLE_IRQ BIT(1)
+
+ static const u32 reg_offset_data_apcs_tmr[] = {
+ [WDT_RST] = 0x38,
+@@ -58,16 +57,6 @@ struct qcom_wdt *to_qcom_wdt(struct watc
+ return container_of(wdd, struct qcom_wdt, wdd);
+ }
+
+-static inline int qcom_get_enable(struct watchdog_device *wdd)
+-{
+- int enable = QCOM_WDT_ENABLE;
+-
+- if (wdd->pretimeout)
+- enable |= QCOM_WDT_ENABLE_IRQ;
+-
+- return enable;
+-}
+-
+ static irqreturn_t qcom_wdt_isr(int irq, void *arg)
+ {
+ struct watchdog_device *wdd = arg;
+@@ -86,7 +75,7 @@ static int qcom_wdt_start(struct watchdo
+ writel(1, wdt_addr(wdt, WDT_RST));
+ writel(bark * wdt->rate, wdt_addr(wdt, WDT_BARK_TIME));
+ writel(wdd->timeout * wdt->rate, wdt_addr(wdt, WDT_BITE_TIME));
+- writel(qcom_get_enable(wdd), wdt_addr(wdt, WDT_EN));
++ writel(QCOM_WDT_ENABLE, wdt_addr(wdt, WDT_EN));
+ return 0;
+ }
+
--- /dev/null
+From 3d2fc4c082448e9c05792f9b2a11c1d5db408b85 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Thu, 25 Feb 2021 17:22:29 -0800
+Subject: x86: fix seq_file iteration for pat/memtype.c
+
+From: NeilBrown <neilb@suse.de>
+
+commit 3d2fc4c082448e9c05792f9b2a11c1d5db408b85 upstream.
+
+The memtype seq_file iterator allocates a buffer in the ->start and ->next
+functions and frees it in the ->show function. The preferred handling for
+such resources is to free them in the subsequent ->next or ->stop function
+call.
+
+Since Commit 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration
+code and interface") there is no guarantee that ->show will be called
+after ->next, so this function can now leak memory.
+
+So move the freeing of the buffer to ->next and ->stop.
+
+Link: https://lkml.kernel.org/r/161248539022.21478.13874455485854739066.stgit@noble1
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Cc: Xin Long <lucien.xin@gmail.com>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Cc: Neil Horman <nhorman@tuxdriver.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/mm/pat.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/mm/pat.c
++++ b/arch/x86/mm/pat.c
+@@ -1132,12 +1132,14 @@ static void *memtype_seq_start(struct se
+
+ static void *memtype_seq_next(struct seq_file *seq, void *v, loff_t *pos)
+ {
++ kfree(v);
+ ++*pos;
+ return memtype_get_idx(*pos);
+ }
+
+ static void memtype_seq_stop(struct seq_file *seq, void *v)
+ {
++ kfree(v);
+ }
+
+ static int memtype_seq_show(struct seq_file *seq, void *v)
+@@ -1146,7 +1148,6 @@ static int memtype_seq_show(struct seq_f
+
+ seq_printf(seq, "%s @ 0x%Lx-0x%Lx\n", cattr_name(print_entry->type),
+ print_entry->start, print_entry->end);
+- kfree(print_entry);
+
+ return 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
