--- /dev/null
+From 01867289d27533ea20534005d4be31a98d1f089a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 21 Jun 2021 15:28:59 -0700
+Subject: gpiolib: cdev: zero padding during conversion to
+ gpioline_info_changed
+
+From: Gabriel Knezek <gabeknez@linux.microsoft.com>
+
+[ Upstream commit cb8f63b8cbf39845244f3ccae43bb7e63bd70543 ]
+
+When userspace requests a GPIO v1 line info changed event,
+lineinfo_watch_read() populates and returns the gpioline_info_changed
+structure. It contains 5 words of padding at the end which are not
+initialized before being returned to userspace.
+
+Zero the structure in gpio_v2_line_info_change_to_v1() before populating
+its contents.
+
+Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
+Signed-off-by: Gabriel Knezek <gabeknez@linux.microsoft.com>
+Reviewed-by: Kent Gibson <warthog618@gmail.com>
+Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpio/gpiolib-cdev.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
+index 1631727bf0da..c7b5446d01fd 100644
+--- a/drivers/gpio/gpiolib-cdev.c
++++ b/drivers/gpio/gpiolib-cdev.c
+@@ -1880,6 +1880,7 @@ static void gpio_v2_line_info_changed_to_v1(
+ struct gpio_v2_line_info_changed *lic_v2,
+ struct gpioline_info_changed *lic_v1)
+ {
++ memset(lic_v1, 0, sizeof(*lic_v1));
+ gpio_v2_line_info_to_v1(&lic_v2->info, &lic_v1->info);
+ lic_v1->timestamp = lic_v2->timestamp_ns;
+ lic_v1->event_type = lic_v2->event_type;
+--
+2.30.2
+
--- /dev/null
+From fdf5a333e96acd39636f731a41b9e19af3ff86d2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 6 Jun 2021 15:55:55 +0200
+Subject: i2c: i801: Ensure that SMBHSTSTS_INUSE_STS is cleared when leaving
+ i801_access
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+[ Upstream commit 065b6211a87746e196b56759a70c7851418dd741 ]
+
+As explained in [0] currently we may leave SMBHSTSTS_INUSE_STS set,
+thus potentially breaking ACPI/BIOS usage of the SMBUS device.
+
+Seems patch [0] needs a little bit more of review effort, therefore
+I'd suggest to apply a part of it as quick win. Just clearing
+SMBHSTSTS_INUSE_STS when leaving i801_access() should fix the
+referenced issue and leaves more time for discussing a more
+sophisticated locking handling.
+
+[0] https://www.spinics.net/lists/linux-i2c/msg51558.html
+
+Fixes: 01590f361e94 ("i2c: i801: Instantiate SPD EEPROMs automatically")
+Suggested-by: Hector Martin <marcan@marcan.st>
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Reviewed-by: Hector Martin <marcan@marcan.st>
+Reviewed-by: Jean Delvare <jdelvare@suse.de>
+Tested-by: Jean Delvare <jdelvare@suse.de>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-i801.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c
+index f9e1c2ceaac0..04a1e38f2a6f 100644
+--- a/drivers/i2c/busses/i2c-i801.c
++++ b/drivers/i2c/busses/i2c-i801.c
+@@ -978,6 +978,9 @@ static s32 i801_access(struct i2c_adapter *adap, u16 addr,
+ }
+
+ out:
++ /* Unlock the SMBus device for use by BIOS/ACPI */
++ outb_p(SMBHSTSTS_INUSE_STS, SMBHSTSTS(priv));
++
+ pm_runtime_mark_last_busy(&priv->pci_dev->dev);
+ pm_runtime_put_autosuspend(&priv->pci_dev->dev);
+ mutex_unlock(&priv->acpi_lock);
+--
+2.30.2
+
--- /dev/null
+From cfefdae722e887996ab65c58aaad78f104cf75b5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 24 Jun 2021 18:39:33 -0700
+Subject: nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
+
+From: Pavel Skripkin <paskripkin@gmail.com>
+
+[ Upstream commit 8fd0c1b0647a6bda4067ee0cd61e8395954b6f28 ]
+
+My local syzbot instance hit memory leak in nilfs2. The problem was in
+missing kobject_put() in nilfs_sysfs_delete_device_group().
+
+kobject_del() does not call kobject_cleanup() for passed kobject and it
+leads to leaking duped kobject name if kobject_put() was not called.
+
+Fail log:
+
+ BUG: memory leak
+ unreferenced object 0xffff8880596171e0 (size 8):
+ comm "syz-executor379", pid 8381, jiffies 4294980258 (age 21.100s)
+ hex dump (first 8 bytes):
+ 6c 6f 6f 70 30 00 00 00 loop0...
+ backtrace:
+ kstrdup+0x36/0x70 mm/util.c:60
+ kstrdup_const+0x53/0x80 mm/util.c:83
+ kvasprintf_const+0x108/0x190 lib/kasprintf.c:48
+ kobject_set_name_vargs+0x56/0x150 lib/kobject.c:289
+ kobject_add_varg lib/kobject.c:384 [inline]
+ kobject_init_and_add+0xc9/0x160 lib/kobject.c:473
+ nilfs_sysfs_create_device_group+0x150/0x800 fs/nilfs2/sysfs.c:999
+ init_nilfs+0xe26/0x12b0 fs/nilfs2/the_nilfs.c:637
+
+Link: https://lkml.kernel.org/r/20210612140559.20022-1-paskripkin@gmail.com
+Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/<device> group")
+Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
+Acked-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: Michael L. Semon <mlsemon35@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nilfs2/sysfs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
+index 303d71430bdd..9c6c0e2e5880 100644
+--- a/fs/nilfs2/sysfs.c
++++ b/fs/nilfs2/sysfs.c
+@@ -1053,6 +1053,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs)
+ nilfs_sysfs_delete_superblock_group(nilfs);
+ nilfs_sysfs_delete_segctor_group(nilfs);
+ kobject_del(&nilfs->ns_dev_kobj);
++ kobject_put(&nilfs->ns_dev_kobj);
+ kfree(nilfs->ns_dev_subgroups);
+ }
+
+--
+2.30.2
+
--- /dev/null
+From 1677bdb8aba4618cab8cce9eb74374d77678017e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 6 Jun 2021 22:19:40 +0300
+Subject: pinctrl: microchip-sgpio: Put fwnode in error case during ->probe()
+
+From: Andy Shevchenko <andy.shevchenko@gmail.com>
+
+[ Upstream commit 76b7f8fae30a9249f820e019f1e62eca992751a2 ]
+
+device_for_each_child_node() bumps a reference counting of a returned variable.
+We have to balance it whenever we return to the caller.
+
+Fixes: 7e5ea974e61c ("pinctrl: pinctrl-microchip-sgpio: Add pinctrl driver for Microsemi Serial GPIO")
+Cc: Lars Povlsen <lars.povlsen@microchip.com>
+Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Link: https://lore.kernel.org/r/20210606191940.29312-1-andy.shevchenko@gmail.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/pinctrl-microchip-sgpio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/pinctrl-microchip-sgpio.c b/drivers/pinctrl/pinctrl-microchip-sgpio.c
+index c12fa57ebd12..165cb7a59715 100644
+--- a/drivers/pinctrl/pinctrl-microchip-sgpio.c
++++ b/drivers/pinctrl/pinctrl-microchip-sgpio.c
+@@ -845,8 +845,10 @@ static int microchip_sgpio_probe(struct platform_device *pdev)
+ i = 0;
+ device_for_each_child_node(dev, fwnode) {
+ ret = microchip_sgpio_register_bank(dev, priv, fwnode, i++);
+- if (ret)
++ if (ret) {
++ fwnode_handle_put(fwnode);
+ return ret;
++ }
+ }
+
+ if (priv->in.gpio.ngpio != priv->out.gpio.ngpio) {
+--
+2.30.2
+
--- /dev/null
+From 6b86c2fa668f18511d6ad219eae113b6a1b4c1a1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 17 Jun 2021 16:46:29 +0200
+Subject: pinctrl: stm32: fix the reported number of GPIO lines per bank
+
+From: Fabien Dessenne <fabien.dessenne@foss.st.com>
+
+[ Upstream commit 67e2996f72c71ebe4ac2fcbcf77e54479bb7aa11 ]
+
+Each GPIO bank supports a variable number of lines which is usually 16, but
+is less in some cases : this is specified by the last argument of the
+"gpio-ranges" bank node property.
+Report to the framework, the actual number of lines, so the libgpiod
+gpioinfo command lists the actually existing GPIO lines.
+
+Fixes: 1dc9d289154b ("pinctrl: stm32: add possibility to use gpio-ranges to declare bank range")
+Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
+Link: https://lore.kernel.org/r/20210617144629.2557693-1-fabien.dessenne@foss.st.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/stm32/pinctrl-stm32.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
+index 7d9bdedcd71b..3af4430543dc 100644
+--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
++++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
+@@ -1229,7 +1229,7 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl,
+ struct device *dev = pctl->dev;
+ struct resource res;
+ int npins = STM32_GPIO_PINS_PER_BANK;
+- int bank_nr, err;
++ int bank_nr, err, i = 0;
+
+ if (!IS_ERR(bank->rstc))
+ reset_control_deassert(bank->rstc);
+@@ -1251,9 +1251,14 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl,
+
+ of_property_read_string(np, "st,bank-name", &bank->gpio_chip.label);
+
+- if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, 0, &args)) {
++ if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, i, &args)) {
+ bank_nr = args.args[1] / STM32_GPIO_PINS_PER_BANK;
+ bank->gpio_chip.base = args.args[1];
++
++ npins = args.args[2];
++ while (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3,
++ ++i, &args))
++ npins += args.args[2];
+ } else {
+ bank_nr = pctl->nbanks;
+ bank->gpio_chip.base = bank_nr * STM32_GPIO_PINS_PER_BANK;
+--
+2.30.2
+
--- /dev/null
+From 110bfd621f45b71e49eb8f2f6d16d9dd12029dec Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 17 Jun 2021 13:55:04 +0200
+Subject: scsi: sd: Call sd_revalidate_disk() for ioctl(BLKRRPART)
+
+From: Christoph Hellwig <hch@lst.de>
+
+[ Upstream commit d1b7f92035c6fb42529ada531e2cbf3534544c82 ]
+
+While the disk state has nothing to do with partitions, BLKRRPART is used
+to force a full revalidate after things like a disk format for historical
+reasons. Restore that behavior.
+
+Link: https://lore.kernel.org/r/20210617115504.1732350-1-hch@lst.de
+Fixes: 471bd0af544b ("sd: use bdev_check_media_change")
+Reported-by: Xiang Chen <chenxiang66@hisilicon.com>
+Tested-by: Xiang Chen <chenxiang66@hisilicon.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/sd.c | 22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
+index ed0b1bb99f08..a0356f3707b8 100644
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -1387,6 +1387,22 @@ static void sd_uninit_command(struct scsi_cmnd *SCpnt)
+ }
+ }
+
++static bool sd_need_revalidate(struct block_device *bdev,
++ struct scsi_disk *sdkp)
++{
++ if (sdkp->device->removable || sdkp->write_prot) {
++ if (bdev_check_media_change(bdev))
++ return true;
++ }
++
++ /*
++ * Force a full rescan after ioctl(BLKRRPART). While the disk state has
++ * nothing to do with partitions, BLKRRPART is used to force a full
++ * revalidate after things like a format for historical reasons.
++ */
++ return test_bit(GD_NEED_PART_SCAN, &bdev->bd_disk->state);
++}
++
+ /**
+ * sd_open - open a scsi disk device
+ * @bdev: Block device of the scsi disk to open
+@@ -1423,10 +1439,8 @@ static int sd_open(struct block_device *bdev, fmode_t mode)
+ if (!scsi_block_when_processing_errors(sdev))
+ goto error_out;
+
+- if (sdev->removable || sdkp->write_prot) {
+- if (bdev_check_media_change(bdev))
+- sd_revalidate_disk(bdev->bd_disk);
+- }
++ if (sd_need_revalidate(bdev, sdkp))
++ sd_revalidate_disk(bdev->bd_disk);
+
+ /*
+ * If the drive is empty, just let the open fail.
+--
+2.30.2
+
net-ll_temac-avoid-ndo_start_xmit-returning-netdev_t.patch
riscv-dts-fu740-fix-cache-controller-interrupts.patch
perf-x86-track-pmu-in-per-cpu-cpu_hw_events.patch
+pinctrl-microchip-sgpio-put-fwnode-in-error-case-dur.patch
+pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch
+i2c-i801-ensure-that-smbhststs_inuse_sts-is-cleared-.patch
+gpiolib-cdev-zero-padding-during-conversion-to-gpiol.patch
+scsi-sd-call-sd_revalidate_disk-for-ioctl-blkrrpart.patch
+software-node-handle-software-node-injection-to-an-e.patch
+nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch
--- /dev/null
+From dd41e14b5574cc25ce54b79fb587b72ac97daa86 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 23 Jun 2021 16:14:21 +0300
+Subject: software node: Handle software node injection to an existing device
+ properly
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+[ Upstream commit 5dca69e26fe97f17d4a6cbd6872103c868577b14 ]
+
+The function software_node_notify() - the function that creates
+and removes the symlinks between the node and the device - was
+called unconditionally in device_add_software_node() and
+device_remove_software_node(), but it needs to be called in
+those functions only in the special case where the node is
+added to a device that has already been registered.
+
+This fixes NULL pointer dereference that happens if
+device_remove_software_node() is used with device that was
+never registered.
+
+Fixes: b622b24519f5 ("software node: Allow node addition to already existing device")
+Reported-and-tested-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/base/swnode.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/base/swnode.c b/drivers/base/swnode.c
+index 88310ac9ce90..62c536f9d925 100644
+--- a/drivers/base/swnode.c
++++ b/drivers/base/swnode.c
+@@ -1032,7 +1032,15 @@ int device_add_software_node(struct device *dev, const struct software_node *nod
+ }
+
+ set_secondary_fwnode(dev, &swnode->fwnode);
+- software_node_notify(dev, KOBJ_ADD);
++
++ /*
++ * If the device has been fully registered by the time this function is
++ * called, software_node_notify() must be called separately so that the
++ * symlinks get created and the reference count of the node is kept in
++ * balance.
++ */
++ if (device_is_registered(dev))
++ software_node_notify(dev, KOBJ_ADD);
+
+ return 0;
+ }
+@@ -1052,7 +1060,8 @@ void device_remove_software_node(struct device *dev)
+ if (!swnode)
+ return;
+
+- software_node_notify(dev, KOBJ_REMOVE);
++ if (device_is_registered(dev))
++ software_node_notify(dev, KOBJ_REMOVE);
+ set_secondary_fwnode(dev, NULL);
+ kobject_put(&swnode->kobj);
+ }
+@@ -1106,8 +1115,7 @@ int software_node_notify(struct device *dev, unsigned long action)
+
+ switch (action) {
+ case KOBJ_ADD:
+- ret = sysfs_create_link_nowarn(&dev->kobj, &swnode->kobj,
+- "software_node");
++ ret = sysfs_create_link(&dev->kobj, &swnode->kobj, "software_node");
+ if (ret)
+ break;
+
+--
+2.30.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
