--- /dev/null
+From 60c5fd2e8f3c42a5abc565ba9876ead1da5ad2b7 Mon Sep 17 00:00:00 2001
+From: Zhu Wang <wangzhu9@huawei.com>
+Date: Tue, 22 Aug 2023 01:52:54 +0000
+Subject: scsi: core: raid_class: Remove raid_component_add()
+
+From: Zhu Wang <wangzhu9@huawei.com>
+
+commit 60c5fd2e8f3c42a5abc565ba9876ead1da5ad2b7 upstream.
+
+The raid_component_add() function was added to the kernel tree via patch
+"[SCSI] embryonic RAID class" (2005). Remove this function since it never
+has had any callers in the Linux kernel. And also raid_component_release()
+is only used in raid_component_add(), so it is also removed.
+
+Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
+Link: https://lore.kernel.org/r/20230822015254.184270-1-wangzhu9@huawei.com
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Fixes: 04b5b5cb0136 ("scsi: core: Fix possible memory leak if device_add() fails")
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/raid_class.c | 48 ---------------------------------------------
+ include/linux/raid_class.h | 4 ---
+ 2 files changed, 52 deletions(-)
+
+--- a/drivers/scsi/raid_class.c
++++ b/drivers/scsi/raid_class.c
+@@ -209,54 +209,6 @@ raid_attr_ro_state(level);
+ raid_attr_ro_fn(resync);
+ raid_attr_ro_state_fn(state);
+
+-static void raid_component_release(struct device *dev)
+-{
+- struct raid_component *rc =
+- container_of(dev, struct raid_component, dev);
+- dev_printk(KERN_ERR, rc->dev.parent, "COMPONENT RELEASE\n");
+- put_device(rc->dev.parent);
+- kfree(rc);
+-}
+-
+-int raid_component_add(struct raid_template *r,struct device *raid_dev,
+- struct device *component_dev)
+-{
+- struct device *cdev =
+- attribute_container_find_class_device(&r->raid_attrs.ac,
+- raid_dev);
+- struct raid_component *rc;
+- struct raid_data *rd = dev_get_drvdata(cdev);
+- int err;
+-
+- rc = kzalloc(sizeof(*rc), GFP_KERNEL);
+- if (!rc)
+- return -ENOMEM;
+-
+- INIT_LIST_HEAD(&rc->node);
+- device_initialize(&rc->dev);
+- rc->dev.release = raid_component_release;
+- rc->dev.parent = get_device(component_dev);
+- rc->num = rd->component_count++;
+-
+- dev_set_name(&rc->dev, "component-%d", rc->num);
+- list_add_tail(&rc->node, &rd->component_list);
+- rc->dev.class = &raid_class.class;
+- err = device_add(&rc->dev);
+- if (err)
+- goto err_out;
+-
+- return 0;
+-
+-err_out:
+- put_device(&rc->dev);
+- list_del(&rc->node);
+- rd->component_count--;
+- put_device(component_dev);
+- kfree(rc);
+- return err;
+-}
+-EXPORT_SYMBOL(raid_component_add);
+-
+ struct raid_template *
+ raid_class_attach(struct raid_function_template *ft)
+ {
+--- a/include/linux/raid_class.h
++++ b/include/linux/raid_class.h
+@@ -77,7 +77,3 @@ DEFINE_RAID_ATTRIBUTE(enum raid_state, s
+
+ struct raid_template *raid_class_attach(struct raid_function_template *);
+ void raid_class_release(struct raid_template *);
+-
+-int __must_check raid_component_add(struct raid_template *, struct device *,
+- struct device *);
+-
--- /dev/null
+From 1bd3a76880b2bce017987cf53780b372cf59528e Mon Sep 17 00:00:00 2001
+From: Zhu Wang <wangzhu9@huawei.com>
+Date: Sat, 19 Aug 2023 08:39:41 +0000
+Subject: scsi: snic: Fix double free in snic_tgt_create()
+
+From: Zhu Wang <wangzhu9@huawei.com>
+
+commit 1bd3a76880b2bce017987cf53780b372cf59528e upstream.
+
+Commit 41320b18a0e0 ("scsi: snic: Fix possible memory leak if device_add()
+fails") fixed the memory leak caused by dev_set_name() when device_add()
+failed. However, it did not consider that 'tgt' has already been released
+when put_device(&tgt->dev) is called. Remove kfree(tgt) in the error path
+to avoid double free of 'tgt' and move put_device(&tgt->dev) after the
+removed kfree(tgt) to avoid a use-after-free.
+
+Fixes: 41320b18a0e0 ("scsi: snic: Fix possible memory leak if device_add() fails")
+Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
+Link: https://lore.kernel.org/r/20230819083941.164365-1-wangzhu9@huawei.com
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/snic/snic_disc.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/scsi/snic/snic_disc.c
++++ b/drivers/scsi/snic/snic_disc.c
+@@ -303,12 +303,11 @@ snic_tgt_create(struct snic *snic, struc
+ "Snic Tgt: device_add, with err = %d\n",
+ ret);
+
+- put_device(&tgt->dev);
+ put_device(&snic->shost->shost_gendev);
+ spin_lock_irqsave(snic->shost->host_lock, flags);
+ list_del(&tgt->list);
+ spin_unlock_irqrestore(snic->shost->host_lock, flags);
+- kfree(tgt);
++ put_device(&tgt->dev);
+ tgt = NULL;
+
+ return tgt;
--- /dev/null
+From c422fbd5cb58c9a078172ae1e9750971b738a197 Mon Sep 17 00:00:00 2001
+From: Neil Armstrong <neil.armstrong@linaro.org>
+Date: Mon, 21 Aug 2023 14:11:21 +0200
+Subject: scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
+
+From: Neil Armstrong <neil.armstrong@linaro.org>
+
+commit c422fbd5cb58c9a078172ae1e9750971b738a197 upstream.
+
+The qunipro_g4_sel clear is also needed for new platforms with major
+version > 5. Fix the version check to take this into account.
+
+Fixes: 9c02aa24bf40 ("scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5")
+Acked-by: Manivannan Sadhasivam <mani@kernel.org>
+Reviewed-by: Nitin Rawat <quic_nitirawa@quicinc.com>
+Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://lore.kernel.org/r/20230821-topic-sm8x50-upstream-ufs-major-5-plus-v2-1-f42a4b712e58@linaro.org
+Reviewed-by: "Bao D. Nguyen" <quic_nguyenb@quicinc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/host/ufs-qcom.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ufs/host/ufs-qcom.c
++++ b/drivers/ufs/host/ufs-qcom.c
+@@ -225,7 +225,7 @@ static void ufs_qcom_select_unipro_mode(
+ ufs_qcom_cap_qunipro(host) ? QUNIPRO_SEL : 0,
+ REG_UFS_CFG1);
+
+- if (host->hw_ver.major == 0x05)
++ if (host->hw_ver.major >= 0x05)
+ ufshcd_rmwl(host->hba, QUNIPRO_G4_SEL, 0, REG_UFS_CFG0);
+
+ /* make sure above configuration is applied before we return */
drm-i915-fix-error-handling-if-driver-creation-fails-during-probe.patch
madvise-madvise_cold_or_pageout_pte_range-don-t-use-mapcount-against-large-folio-for-sharing-check.patch
madvise-madvise_free_pte_range-don-t-use-mapcount-against-large-folio-for-sharing-check.patch
+scsi-snic-fix-double-free-in-snic_tgt_create.patch
+scsi-ufs-ufs-qcom-clear-qunipro_g4_sel-for-hw-major-version-5.patch
+scsi-core-raid_class-remove-raid_component_add.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
