--- /dev/null
+From 71492580571467fb7177aade19c18ce7486267f5 Mon Sep 17 00:00:00 2001
+From: Waiman Long <longman@redhat.com>
+Date: Wed, 9 Jan 2019 23:03:25 -0500
+Subject: locking/lockdep: Add debug_locks check in __lock_downgrade()
+
+From: Waiman Long <longman@redhat.com>
+
+commit 71492580571467fb7177aade19c18ce7486267f5 upstream.
+
+Tetsuo Handa had reported he saw an incorrect "downgrading a read lock"
+warning right after a previous lockdep warning. It is likely that the
+previous warning turned off lock debugging causing the lockdep to have
+inconsistency states leading to the lock downgrade warning.
+
+Fix that by add a check for debug_locks at the beginning of
+__lock_downgrade().
+
+Debugged-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+Reported-by: syzbot+53383ae265fb161ef488@syzkaller.appspotmail.com
+Signed-off-by: Waiman Long <longman@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Will Deacon <will.deacon@arm.com>
+Link: https://lkml.kernel.org/r/1547093005-26085-1-git-send-email-longman@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/locking/lockdep.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/locking/lockdep.c
++++ b/kernel/locking/lockdep.c
+@@ -3314,6 +3314,9 @@ __lock_set_class(struct lockdep_map *loc
+ unsigned int depth;
+ int i;
+
++ if (unlikely(!debug_locks))
++ return 0;
++
+ depth = curr->lockdep_depth;
+ /*
+ * This function is about (re)setting the class of a held lock,
--- /dev/null
+From f45f3f753b0a3d739acda8e311b4f744d82dc52a Mon Sep 17 00:00:00 2001
+From: Hans Verkuil <hverkuil@xs4all.nl>
+Date: Tue, 18 Dec 2018 08:37:08 -0500
+Subject: media: v4l2-ctrls.c/uvc: zero v4l2_event
+
+From: Hans Verkuil <hverkuil@xs4all.nl>
+
+commit f45f3f753b0a3d739acda8e311b4f744d82dc52a upstream.
+
+Control events can leak kernel memory since they do not fully zero the
+event. The same code is present in both v4l2-ctrls.c and uvc_ctrl.c, so
+fix both.
+
+It appears that all other event code is properly zeroing the structure,
+it's these two places.
+
+Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Reported-by: syzbot+4f021cf3697781dbd9fb@syzkaller.appspotmail.com
+Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/usb/uvc/uvc_ctrl.c | 2 +-
+ drivers/media/v4l2-core/v4l2-ctrls.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/media/usb/uvc/uvc_ctrl.c
++++ b/drivers/media/usb/uvc/uvc_ctrl.c
+@@ -1202,7 +1202,7 @@ static void uvc_ctrl_fill_event(struct u
+
+ __uvc_query_v4l2_ctrl(chain, ctrl, mapping, &v4l2_ctrl);
+
+- memset(ev->reserved, 0, sizeof(ev->reserved));
++ memset(ev, 0, sizeof(*ev));
+ ev->type = V4L2_EVENT_CTRL;
+ ev->id = v4l2_ctrl.id;
+ ev->u.ctrl.value = value;
+--- a/drivers/media/v4l2-core/v4l2-ctrls.c
++++ b/drivers/media/v4l2-core/v4l2-ctrls.c
+@@ -1212,7 +1212,7 @@ static u32 user_flags(const struct v4l2_
+
+ static void fill_event(struct v4l2_event *ev, struct v4l2_ctrl *ctrl, u32 changes)
+ {
+- memset(ev->reserved, 0, sizeof(ev->reserved));
++ memset(ev, 0, sizeof(*ev));
+ ev->type = V4L2_EVENT_CTRL;
+ ev->id = ctrl->id;
+ ev->u.ctrl.changes = changes;
projects / thirdparty / kernel / stable-queue.git / commitdiff
