--- /dev/null
+From d6b340d7cb33c816ef4abe8143764ec5ab14a5cc Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 26 Jul 2018 14:58:03 +0200
+Subject: ALSA: trident: Suppress gcc string warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit d6b340d7cb33c816ef4abe8143764ec5ab14a5cc upstream.
+
+The meddlesome gcc warns about the possible shortname string in
+trident driver code:
+ sound/pci/trident/trident.c: In function ‘snd_trident_probe’:
+ sound/pci/trident/trident.c:126:2: warning: ‘strcat’ accessing 17 or more bytes at offsets 36 and 20 may overlap 1 byte at offset 36 [-Wrestrict]
+ strcat(card->shortname, card->driver);
+
+It happens since gcc calculates the possible string size from
+card->driver, but this can't be true since we did set the string just
+before that, and they are much shorter.
+
+For shutting it up, use the exactly same string set to card->driver
+for strcat() to card->shortname, too.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/trident/trident.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/trident/trident.c
++++ b/sound/pci/trident/trident.c
+@@ -123,7 +123,7 @@ static int snd_trident_probe(struct pci_
+ } else {
+ strcpy(card->shortname, "Trident ");
+ }
+- strcat(card->shortname, card->driver);
++ strcat(card->shortname, str);
+ sprintf(card->longname, "%s PCI Audio at 0x%lx, irq %d",
+ card->shortname, trident->port, trident->irq);
+
--- /dev/null
+From dc25ab067645eabd037f1a23d49a666f9e0b8c68 Mon Sep 17 00:00:00 2001
+From: Sam Bobroff <sbobroff@linux.ibm.com>
+Date: Mon, 5 Nov 2018 16:57:47 +1100
+Subject: drm/ast: Fix incorrect free on ioregs
+
+From: Sam Bobroff <sbobroff@linux.ibm.com>
+
+commit dc25ab067645eabd037f1a23d49a666f9e0b8c68 upstream.
+
+If the platform has no IO space, ioregs is placed next to the already
+allocated regs. In this case, it should not be separately freed.
+
+This prevents a kernel warning from __vunmap "Trying to vfree()
+nonexistent vm area" when unloading the driver.
+
+Fixes: 0dd68309b9c5 ("drm/ast: Try to use MMIO registers when PIO isn't supported")
+
+Signed-off-by: Sam Bobroff <sbobroff@linux.ibm.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/ast/ast_main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/ast/ast_main.c
++++ b/drivers/gpu/drm/ast/ast_main.c
+@@ -557,7 +557,8 @@ int ast_driver_unload(struct drm_device
+ drm_mode_config_cleanup(dev);
+
+ ast_mm_fini(ast);
+- pci_iounmap(dev->pdev, ast->ioregs);
++ if (ast->ioregs != ast->regs + AST_IO_MM_OFFSET)
++ pci_iounmap(dev->pdev, ast->ioregs);
+ pci_iounmap(dev->pdev, ast->regs);
+ kfree(ast);
+ return 0;
--- /dev/null
+From 24c3456c8d5ee6fc1933ca40f7b4406130682668 Mon Sep 17 00:00:00 2001
+From: Sagi Grimberg <sagi@grimberg.me>
+Date: Wed, 14 Nov 2018 10:17:01 -0800
+Subject: iser: set sector for ambiguous mr status errors
+
+From: Sagi Grimberg <sagi@grimberg.me>
+
+commit 24c3456c8d5ee6fc1933ca40f7b4406130682668 upstream.
+
+If for some reason we failed to query the mr status, we need to make sure
+to provide sufficient information for an ambiguous error (guard error on
+sector 0).
+
+Fixes: 0a7a08ad6f5f ("IB/iser: Implement check_protection")
+Cc: <stable@vger.kernel.org>
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/ulp/iser/iser_verbs.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/infiniband/ulp/iser/iser_verbs.c
++++ b/drivers/infiniband/ulp/iser/iser_verbs.c
+@@ -1289,7 +1289,9 @@ u8 iser_check_task_pi_status(struct iscs
+ IB_MR_CHECK_SIG_STATUS, &mr_status);
+ if (ret) {
+ pr_err("ib_check_mr_status failed, ret %d\n", ret);
+- goto err;
++ /* Not a lot we can do, return ambiguous guard error */
++ *sector = 0;
++ return 0x1;
+ }
+
+ if (mr_status.fail_status & IB_MR_CHECK_SIG_STATUS) {
+@@ -1317,7 +1319,4 @@ u8 iser_check_task_pi_status(struct iscs
+ }
+
+ return 0;
+-err:
+- /* Not alot we can do here, return ambiguous guard error */
+- return 0x1;
+ }
--- /dev/null
+From 2dd453168643d9475028cd867c57e65956a0f7f9 Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@redhat.com>
+Date: Mon, 10 Sep 2018 16:20:14 -0700
+Subject: kgdboc: Fix restrict error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Laura Abbott <labbott@redhat.com>
+
+commit 2dd453168643d9475028cd867c57e65956a0f7f9 upstream.
+
+There's an error when compiled with restrict:
+
+drivers/tty/serial/kgdboc.c: In function ‘configure_kgdboc’:
+drivers/tty/serial/kgdboc.c:137:2: error: ‘strcpy’ source argument is the same
+as destination [-Werror=restrict]
+ strcpy(config, opt);
+ ^~~~~~~~~~~~~~~~~~~
+
+As the error implies, this is from trying to use config as both source and
+destination. Drop the call to the function where config is the argument
+since nothing else happens in the function.
+
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/kgdboc.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/tty/serial/kgdboc.c
++++ b/drivers/tty/serial/kgdboc.c
+@@ -162,15 +162,13 @@ static int configure_kgdboc(void)
+ {
+ struct tty_driver *p;
+ int tty_line = 0;
+- int err;
++ int err = -ENODEV;
+ char *cptr = config;
+ struct console *cons;
+
+- err = kgdboc_option_setup(config);
+- if (err || !strlen(config) || isspace(config[0]))
++ if (!strlen(config) || isspace(config[0]))
+ goto noconfig;
+
+- err = -ENODEV;
+ kgdboc_io_ops.is_console = 0;
+ kgdb_tty_driver = NULL;
+
--- /dev/null
+From f16703360da7731a057df2ffa902306819c22398 Mon Sep 17 00:00:00 2001
+From: Markus Hofstaetter <markus.hofstaetter@ait.ac.at>
+Date: Wed, 11 Nov 2015 12:40:29 +0100
+Subject: leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF
+
+From: Markus Hofstaetter <markus.hofstaetter@ait.ac.at>
+
+commit f16703360da7731a057df2ffa902306819c22398 upstream.
+
+Some PWMs are disabled by default or the default pin setting
+does not match the LED_OFF state (e.g., active-low leds).
+Hence, the driver may end up reporting 0 brightness, but
+the leds are actually on using full brightness, because
+it never enforces its default configuration.
+So enforce it by calling led_pwm_set() after successfully
+registering the device.
+
+Tested on a Phytec phyFLEX i.MX6Q board based on kernel
+v3.19.5.
+
+Signed-off-by: Markus Hofstaetter <markus.hofstaetter@ait.ac.at>
+Tested-by: Markus Hofstaetter <markus.hofstaetter@ait.ac.at>
+Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/leds/leds-pwm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/leds/leds-pwm.c
++++ b/drivers/leds/leds-pwm.c
+@@ -132,6 +132,7 @@ static int led_pwm_add(struct device *de
+ ret = led_classdev_register(dev, &led_data->cdev);
+ if (ret == 0) {
+ priv->num_leds++;
++ led_pwm_set(&led_data->cdev, led_data->cdev.brightness);
+ } else {
+ dev_err(dev, "failed to register PWM led for %s: %d\n",
+ led->name, ret);
--- /dev/null
+From 2d88a331e48095cf60ad9bdf3177bd401bf99727 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+Date: Sat, 6 Feb 2016 22:37:33 +0800
+Subject: leds: leds-gpio: Fix return value check in create_gpio_led()
+
+From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+
+commit 2d88a331e48095cf60ad9bdf3177bd401bf99727 upstream.
+
+In case of error, the function gpio_to_desc() returns NULL
+pointer not ERR_PTR(). The IS_ERR() test in the return value
+check should be replaced with NULL test.
+
+Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/leds/leds-gpio.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/leds/leds-gpio.c
++++ b/drivers/leds/leds-gpio.c
+@@ -118,8 +118,8 @@ static int create_gpio_led(const struct
+ return ret;
+
+ led_dat->gpiod = gpio_to_desc(template->gpio);
+- if (IS_ERR(led_dat->gpiod))
+- return PTR_ERR(led_dat->gpiod);
++ if (!led_dat->gpiod)
++ return -EINVAL;
+ }
+
+ led_dat->cdev.name = template->name;
--- /dev/null
+From d1aa577f5e191d77d3ad62da93729b5af9532bb4 Mon Sep 17 00:00:00 2001
+From: Milo Kim <milo.kim@ti.com>
+Date: Fri, 20 Nov 2015 17:03:00 +0900
+Subject: leds: turn off the LED and wait for completion on unregistering LED class device
+
+From: Milo Kim <milo.kim@ti.com>
+
+commit d1aa577f5e191d77d3ad62da93729b5af9532bb4 upstream.
+
+Workqueue, 'set_brightness_work' is used for scheduling brightness control.
+This workqueue is canceled when the LED class device is unregistered.
+Currently, LED subsystem handles like below.
+
+ cancel_work_sync(&led_cdev->set_brightness_work)
+ led_set_brightness(led_cdev, LED_OFF)
+
+However, this could be a problem.
+Workqueue is going to be canceled but LED device needs to be off.
+The worst case is null pointer access due to scheduling a workqueue.
+
+LED module is loaded.
+ LED driver private data is allocated by using devm_zalloc().
+
+LED module is unloaded.
+ led_classdev_unregister() is called.
+ cancel_work_sync()
+ led_set_brightness(led_cdev, LED_OFF)
+ schedule_work() if LED driver uses brightness_set_blocking()
+ In the meantime, driver private data will be freed.
+
+ ..scheduling..
+
+ brightness_set_blocking() callback is invoked.
+ For the brightness control, LED driver tries to access private
+ data but resource is removed!
+
+To avoid this problem, LED subsystem should turn off the brightness first
+and wait for completion.
+
+ led_set_brightness(led_cdev, LED_OFF)
+ flush_work(&led_cdev->set_brightness_work)
+
+It guarantees that LED driver turns off the brightness prior to
+resource management.
+
+Cc: linux-leds@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Milo Kim <milo.kim@ti.com>
+Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/leds/led-class.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/leds/led-class.c
++++ b/drivers/leds/led-class.c
+@@ -247,12 +247,13 @@ void led_classdev_unregister(struct led_
+ up_write(&led_cdev->trigger_lock);
+ #endif
+
+- cancel_work_sync(&led_cdev->set_brightness_work);
+-
+ /* Stop blinking */
+ led_stop_software_blink(led_cdev);
++
+ led_set_brightness(led_cdev, LED_OFF);
+
++ flush_work(&led_cdev->set_brightness_work);
++
+ device_unregister(led_cdev->dev);
+
+ down_write(&leds_list_lock);
--- /dev/null
+From c50cbd85cd7027d32ac5945bb60217936b4f7eaf Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Wed, 21 Nov 2018 22:14:39 +0300
+Subject: mips: fix mips_get_syscall_arg o32 check
+
+From: Dmitry V. Levin <ldv@altlinux.org>
+
+commit c50cbd85cd7027d32ac5945bb60217936b4f7eaf upstream.
+
+When checking for TIF_32BIT_REGS flag, mips_get_syscall_arg() should
+use the task specified as its argument instead of the current task.
+
+This potentially affects all syscall_get_arguments() users
+who specify tasks different from the current.
+
+Fixes: c0ff3c53d4f99 ("MIPS: Enable HAVE_ARCH_TRACEHOOK.")
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Patchwork: https://patchwork.linux-mips.org/patch/21185/
+Cc: Elvira Khabirova <lineprinter@altlinux.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Cc: stable@vger.kernel.org # v3.13+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/syscall.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/syscall.h
++++ b/arch/mips/include/asm/syscall.h
+@@ -51,7 +51,7 @@ static inline unsigned long mips_get_sys
+ #ifdef CONFIG_64BIT
+ case 4: case 5: case 6: case 7:
+ #ifdef CONFIG_MIPS32_O32
+- if (test_thread_flag(TIF_32BIT_REGS))
++ if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
+ return get_user(*arg, (int *)usp + n);
+ else
+ #endif
--- /dev/null
+From 7d35baa4e9ec4b717bc0e58a39cdb6a1c50f5465 Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Mon, 26 Nov 2018 11:25:40 +0100
+Subject: MIPS: ralink: Fix mt7620 nd_sd pinmux
+
+From: Mathias Kresin <dev@kresin.me>
+
+commit 7d35baa4e9ec4b717bc0e58a39cdb6a1c50f5465 upstream.
+
+In case the nd_sd group is set to the sd-card function, Pins 45 + 46 are
+configured as GPIOs. If they are blocked by the sd function, they can't
+be used as GPIOs.
+
+Reported-by: Kristian Evensen <kristian.evensen@gmail.com>
+Signed-off-by: Mathias Kresin <dev@kresin.me>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Fixes: f576fb6a0700 ("MIPS: ralink: cleanup the soc specific pinmux data")
+Patchwork: https://patchwork.linux-mips.org/patch/21220/
+Cc: John Crispin <john@phrozen.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Cc: stable@vger.kernel.org # v3.18+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/ralink/mt7620.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/ralink/mt7620.c
++++ b/arch/mips/ralink/mt7620.c
+@@ -81,7 +81,7 @@ static struct rt2880_pmx_func pcie_rst_g
+ };
+ static struct rt2880_pmx_func nd_sd_grp[] = {
+ FUNC("nand", MT7620_GPIO_MODE_NAND, 45, 15),
+- FUNC("sd", MT7620_GPIO_MODE_SD, 45, 15)
++ FUNC("sd", MT7620_GPIO_MODE_SD, 47, 13)
+ };
+
+ static struct rt2880_pmx_group mt7620a_pinmux_data[] = {
--- /dev/null
+From 42c335f7e67029d2e01711f2f2bc6252277c8993 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Tue, 9 May 2017 15:34:44 -0700
+Subject: scsi: csiostor: Avoid content leaks and casts
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 42c335f7e67029d2e01711f2f2bc6252277c8993 upstream.
+
+When copying attributes, the len argument was padded out and the
+resulting memcpy() would copy beyond the end of the source buffer.
+Avoid this, and use size_t for val_len to avoid all the casts.
+Similarly, avoid source buffer casts and use void *.
+
+Additionally enforces val_len can be represented by u16 and that the DMA
+buffer was not overflowed. Fixes the size of mfa, which is not
+FC_FDMI_PORT_ATTR_MAXFRAMESIZE_LEN (but it will be padded up to 4). This
+was noticed by the future CONFIG_FORTIFY_SOURCE checks.
+
+Cc: Daniel Micay <danielmicay@gmail.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Acked-by: Varun Prakash <varun@chelsio.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/csiostor/csio_lnode.c | 43 ++++++++++++++++++++++---------------
+ 1 file changed, 26 insertions(+), 17 deletions(-)
+
+--- a/drivers/scsi/csiostor/csio_lnode.c
++++ b/drivers/scsi/csiostor/csio_lnode.c
+@@ -238,14 +238,23 @@ csio_osname(uint8_t *buf, size_t buf_len
+ }
+
+ static inline void
+-csio_append_attrib(uint8_t **ptr, uint16_t type, uint8_t *val, uint16_t len)
++csio_append_attrib(uint8_t **ptr, uint16_t type, void *val, size_t val_len)
+ {
++ uint16_t len;
+ struct fc_fdmi_attr_entry *ae = (struct fc_fdmi_attr_entry *)*ptr;
++
++ if (WARN_ON(val_len > U16_MAX))
++ return;
++
++ len = val_len;
++
+ ae->type = htons(type);
+ len += 4; /* includes attribute type and length */
+ len = (len + 3) & ~3; /* should be multiple of 4 bytes */
+ ae->len = htons(len);
+- memcpy(ae->value, val, len);
++ memcpy(ae->value, val, val_len);
++ if (len > val_len)
++ memset(ae->value + val_len, 0, len - val_len);
+ *ptr += len;
+ }
+
+@@ -335,7 +344,7 @@ csio_ln_fdmi_rhba_cbfn(struct csio_hw *h
+ numattrs++;
+ val = htonl(FC_PORTSPEED_1GBIT | FC_PORTSPEED_10GBIT);
+ csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_SUPPORTEDSPEED,
+- (uint8_t *)&val,
++ &val,
+ FC_FDMI_PORT_ATTR_SUPPORTEDSPEED_LEN);
+ numattrs++;
+
+@@ -346,23 +355,22 @@ csio_ln_fdmi_rhba_cbfn(struct csio_hw *h
+ else
+ val = htonl(CSIO_HBA_PORTSPEED_UNKNOWN);
+ csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_CURRENTPORTSPEED,
+- (uint8_t *)&val,
+- FC_FDMI_PORT_ATTR_CURRENTPORTSPEED_LEN);
++ &val, FC_FDMI_PORT_ATTR_CURRENTPORTSPEED_LEN);
+ numattrs++;
+
+ mfs = ln->ln_sparm.csp.sp_bb_data;
+ csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_MAXFRAMESIZE,
+- (uint8_t *)&mfs, FC_FDMI_PORT_ATTR_MAXFRAMESIZE_LEN);
++ &mfs, sizeof(mfs));
+ numattrs++;
+
+ strcpy(buf, "csiostor");
+ csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_OSDEVICENAME, buf,
+- (uint16_t)strlen(buf));
++ strlen(buf));
+ numattrs++;
+
+ if (!csio_hostname(buf, sizeof(buf))) {
+ csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_HOSTNAME,
+- buf, (uint16_t)strlen(buf));
++ buf, strlen(buf));
+ numattrs++;
+ }
+ attrib_blk->numattrs = htonl(numattrs);
+@@ -444,33 +452,32 @@ csio_ln_fdmi_dprt_cbfn(struct csio_hw *h
+
+ strcpy(buf, "Chelsio Communications");
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_MANUFACTURER, buf,
+- (uint16_t)strlen(buf));
++ strlen(buf));
+ numattrs++;
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_SERIALNUMBER,
+- hw->vpd.sn, (uint16_t)sizeof(hw->vpd.sn));
++ hw->vpd.sn, sizeof(hw->vpd.sn));
+ numattrs++;
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_MODEL, hw->vpd.id,
+- (uint16_t)sizeof(hw->vpd.id));
++ sizeof(hw->vpd.id));
+ numattrs++;
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_MODELDESCRIPTION,
+- hw->model_desc, (uint16_t)strlen(hw->model_desc));
++ hw->model_desc, strlen(hw->model_desc));
+ numattrs++;
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_HARDWAREVERSION,
+- hw->hw_ver, (uint16_t)sizeof(hw->hw_ver));
++ hw->hw_ver, sizeof(hw->hw_ver));
+ numattrs++;
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_FIRMWAREVERSION,
+- hw->fwrev_str, (uint16_t)strlen(hw->fwrev_str));
++ hw->fwrev_str, strlen(hw->fwrev_str));
+ numattrs++;
+
+ if (!csio_osname(buf, sizeof(buf))) {
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_OSNAMEVERSION,
+- buf, (uint16_t)strlen(buf));
++ buf, strlen(buf));
+ numattrs++;
+ }
+
+ csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_MAXCTPAYLOAD,
+- (uint8_t *)&maxpayload,
+- FC_FDMI_HBA_ATTR_MAXCTPAYLOAD_LEN);
++ &maxpayload, FC_FDMI_HBA_ATTR_MAXCTPAYLOAD_LEN);
+ len = (uint32_t)(pld - (uint8_t *)cmd);
+ numattrs++;
+ attrib_blk->numattrs = htonl(numattrs);
+@@ -1794,6 +1801,8 @@ csio_ln_mgmt_submit_req(struct csio_iore
+ struct csio_mgmtm *mgmtm = csio_hw_to_mgmtm(hw);
+ int rv;
+
++ BUG_ON(pld_len > pld->len);
++
+ io_req->io_cbfn = io_cbfn; /* Upper layer callback handler */
+ io_req->fw_handle = (uintptr_t) (io_req);
+ io_req->eq_idx = mgmtm->eq_idx;
--- /dev/null
+From 81df022b688d43d2a3667518b2f755d384397910 Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Mon, 27 Nov 2017 23:47:35 +0100
+Subject: scsi: scsi_devinfo: cleanly zero-pad devinfo strings
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit 81df022b688d43d2a3667518b2f755d384397910 upstream.
+
+Cleanly fill memory for "vendor" and "model" with 0-bytes for the
+"compatible" case rather than adding only a single 0 byte. This
+simplifies the devinfo code a a bit, and avoids mistakes in other places
+of the code (not in current upstream, but we had one such mistake in the
+SUSE kernel).
+
+[mkp: applied by hand and added braces]
+
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_devinfo.c | 22 +++++++---------------
+ 1 file changed, 7 insertions(+), 15 deletions(-)
+
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -33,7 +33,6 @@ struct scsi_dev_info_list_table {
+ };
+
+
+-static const char spaces[] = " "; /* 16 of them */
+ static unsigned scsi_default_dev_flags;
+ static LIST_HEAD(scsi_dev_info_list);
+ static char scsi_dev_flags[256];
+@@ -291,20 +290,13 @@ static void scsi_strcpy_devinfo(char *na
+ size_t from_length;
+
+ from_length = strlen(from);
+- strncpy(to, from, min(to_length, from_length));
+- if (from_length < to_length) {
+- if (compatible) {
+- /*
+- * NUL terminate the string if it is short.
+- */
+- to[from_length] = '\0';
+- } else {
+- /*
+- * space pad the string if it is short.
+- */
+- strncpy(&to[from_length], spaces,
+- to_length - from_length);
+- }
++ /* this zero-pads the destination */
++ strncpy(to, from, to_length);
++ if (from_length < to_length && !compatible) {
++ /*
++ * space pad the string if it is short.
++ */
++ memset(&to[from_length], ' ', to_length - from_length);
+ }
+ if (from_length > to_length)
+ printk(KERN_WARNING "%s: %s string '%s' is too long\n",
scsi-bfa-convert-to-strlcpy-strlcat.patch
staging-rts5208-fix-gcc-8-logic-error-warning.patch
kdb-use-memmove-instead-of-overlapping-memcpy.patch
+iser-set-sector-for-ambiguous-mr-status-errors.patch
+uprobes-fix-handle_swbp-vs.-unregister-register-race-once-more.patch
+mips-ralink-fix-mt7620-nd_sd-pinmux.patch
+mips-fix-mips_get_syscall_arg-o32-check.patch
+drm-ast-fix-incorrect-free-on-ioregs.patch
+scsi-scsi_devinfo-cleanly-zero-pad-devinfo-strings.patch
+alsa-trident-suppress-gcc-string-warning.patch
+scsi-csiostor-avoid-content-leaks-and-casts.patch
+kgdboc-fix-restrict-error.patch
+leds-call-led_pwm_set-in-leds-pwm-to-enforce-default-led_off.patch
+leds-turn-off-the-led-and-wait-for-completion-on-unregistering-led-class-device.patch
+leds-leds-gpio-fix-return-value-check-in-create_gpio_led.patch
--- /dev/null
+From 09d3f015d1e1b4fee7e9bbdcf54201d239393391 Mon Sep 17 00:00:00 2001
+From: Andrea Parri <andrea.parri@amarulasolutions.com>
+Date: Thu, 22 Nov 2018 17:10:31 +0100
+Subject: uprobes: Fix handle_swbp() vs. unregister() + register() race once more
+
+From: Andrea Parri <andrea.parri@amarulasolutions.com>
+
+commit 09d3f015d1e1b4fee7e9bbdcf54201d239393391 upstream.
+
+Commit:
+
+ 142b18ddc8143 ("uprobes: Fix handle_swbp() vs unregister() + register() race")
+
+added the UPROBE_COPY_INSN flag, and corresponding smp_wmb() and smp_rmb()
+memory barriers, to ensure that handle_swbp() uses fully-initialized
+uprobes only.
+
+However, the smp_rmb() is mis-placed: this barrier should be placed
+after handle_swbp() has tested for the flag, thus guaranteeing that
+(program-order) subsequent loads from the uprobe can see the initial
+stores performed by prepare_uprobe().
+
+Move the smp_rmb() accordingly. Also amend the comments associated
+to the two memory barriers to indicate their actual locations.
+
+Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Vince Weaver <vincent.weaver@maine.edu>
+Cc: stable@kernel.org
+Fixes: 142b18ddc8143 ("uprobes: Fix handle_swbp() vs unregister() + register() race")
+Link: http://lkml.kernel.org/r/20181122161031.15179-1-andrea.parri@amarulasolutions.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/uprobes.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/kernel/events/uprobes.c
++++ b/kernel/events/uprobes.c
+@@ -606,7 +606,7 @@ static int prepare_uprobe(struct uprobe
+ BUG_ON((uprobe->offset & ~PAGE_MASK) +
+ UPROBE_SWBP_INSN_SIZE > PAGE_SIZE);
+
+- smp_wmb(); /* pairs with rmb() in find_active_uprobe() */
++ smp_wmb(); /* pairs with the smp_rmb() in handle_swbp() */
+ set_bit(UPROBE_COPY_INSN, &uprobe->flags);
+
+ out:
+@@ -1892,10 +1892,18 @@ static void handle_swbp(struct pt_regs *
+ * After we hit the bp, _unregister + _register can install the
+ * new and not-yet-analyzed uprobe at the same address, restart.
+ */
+- smp_rmb(); /* pairs with wmb() in install_breakpoint() */
+ if (unlikely(!test_bit(UPROBE_COPY_INSN, &uprobe->flags)))
+ goto out;
+
++ /*
++ * Pairs with the smp_wmb() in prepare_uprobe().
++ *
++ * Guarantees that if we see the UPROBE_COPY_INSN bit set, then
++ * we must also see the stores to &uprobe->arch performed by the
++ * prepare_uprobe() call.
++ */
++ smp_rmb();
++
+ /* Tracing handlers use ->utask to communicate with fetch methods */
+ if (!get_utask())
+ goto out;
projects / thirdparty / kernel / stable-queue.git / commitdiff
