--- /dev/null
+From jacek.anaszewski@gmail.com Thu Mar 22 11:57:33 2018
+From: Jacek Anaszewski <jacek.anaszewski@gmail.com>
+Date: Mon, 19 Mar 2018 20:23:19 +0100
+Subject: led: core: Clear LED_BLINK_SW flag in led_blink_set()
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: linux-kernel@vger.kernel.org, linux-leds@vger.kernel.org, pavel@ucw.cz, jacek.anaszewski@gmail.com, Matthieu CASTET <matthieu.castet@parrot.com>
+Message-ID: <1521487399-10447-3-git-send-email-jacek.anaszewski@gmail.com>
+
+From: Jacek Anaszewski <jacek.anaszewski@gmail.com>
+
+[Only needed in 4.9.y due to other fixes in mainline - gregkh]
+
+With the current code, the following sequence won't work :
+echo timer > trigger
+
+echo 0 > delay_off
+* at this point we call
+** led_delay_off_store
+** led_blink_set
+---
+ drivers/leds/led-core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/leds/led-core.c
++++ b/drivers/leds/led-core.c
+@@ -188,6 +188,7 @@ void led_blink_set(struct led_classdev *
+ {
+ del_timer_sync(&led_cdev->blink_timer);
+
++ led_cdev->flags &= ~LED_BLINK_SW;
+ led_cdev->flags &= ~LED_BLINK_ONESHOT;
+ led_cdev->flags &= ~LED_BLINK_ONESHOT_STOP;
+
--- /dev/null
+From jacek.anaszewski@gmail.com Thu Mar 22 11:56:58 2018
+From: Jacek Anaszewski <jacek.anaszewski@gmail.com>
+Date: Mon, 19 Mar 2018 20:23:18 +0100
+Subject: Revert "led: core: Fix brightness setting when setting delay_off=0"
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: linux-kernel@vger.kernel.org, linux-leds@vger.kernel.org, pavel@ucw.cz, jacek.anaszewski@gmail.com
+Message-ID: <1521487399-10447-2-git-send-email-jacek.anaszewski@gmail.com>
+
+From: Jacek Anaszewski <jacek.anaszewski@gmail.com>
+
+This reverts commit 86b9fa2190907f4f550d9d6bf490c5f89ca33836 which was
+commit 2b83ff96f51d0b039c4561b9f95c824d7bddb85c upstream.
+
+The commit being reverted has two flaws:
+ - it introduces a regression, fixed in the upstream
+ commit 7b6af2c53192f1766892ef40c8f48a413509ed72.
+ - it has truncated commit message
+
+Reported-by: Sasha Levin <Alexander.Levin@microsoft.com>
+Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
+Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/leds/led-core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/leds/led-core.c
++++ b/drivers/leds/led-core.c
+@@ -186,7 +186,7 @@ void led_blink_set(struct led_classdev *
+ unsigned long *delay_on,
+ unsigned long *delay_off)
+ {
+- led_stop_software_blink(led_cdev);
++ del_timer_sync(&led_cdev->blink_timer);
+
+ led_cdev->flags &= ~LED_BLINK_ONESHOT;
+ led_cdev->flags &= ~LED_BLINK_ONESHOT_STOP;
asoc-rsnd-check-src-mod-pointer-for-rsnd_mod_id.patch
smb3-validate-negotiate-request-must-always-be-signed.patch
cifs-enable-encryption-during-session-setup-phase.patch
+staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch
+revert-led-core-fix-brightness-setting-when-setting-delay_off-0.patch
+led-core-clear-led_blink_sw-flag-in-led_blink_set.patch
--- /dev/null
+From 740a5759bf222332fbb5eda42f89aa25ba38f9b2 Mon Sep 17 00:00:00 2001
+From: Yisheng Xie <xieyisheng1@huawei.com>
+Date: Wed, 28 Feb 2018 14:59:22 +0800
+Subject: staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
+
+From: Yisheng Xie <xieyisheng1@huawei.com>
+
+commit 740a5759bf222332fbb5eda42f89aa25ba38f9b2 upstream.
+
+ashmem_mutex may create a chain of dependencies like:
+
+CPU0 CPU1
+ mmap syscall ioctl syscall
+ -> mmap_sem (acquired) -> ashmem_ioctl
+ -> ashmem_mmap -> ashmem_mutex (acquired)
+ -> ashmem_mutex (try to acquire) -> copy_from_user
+ -> mmap_sem (try to acquire)
+
+There is a lock odering problem between mmap_sem and ashmem_mutex causing
+a lockdep splat[1] during a syzcaller test. This patch fixes the problem
+by move copy_from_user out of ashmem_mutex.
+
+[1] https://www.spinics.net/lists/kernel/msg2733200.html
+
+Fixes: ce8a3a9e76d0 (staging: android: ashmem: Fix a race condition in pin ioctls)
+Reported-by: syzbot+d7a918a7a8e1c952bc36@syzkaller.appspotmail.com
+Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
+Cc: "Joel Fernandes (Google)" <joel.opensrc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/android/ashmem.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+--- a/drivers/staging/android/ashmem.c
++++ b/drivers/staging/android/ashmem.c
+@@ -718,16 +718,14 @@ static int ashmem_pin_unpin(struct ashme
+ size_t pgstart, pgend;
+ int ret = -EINVAL;
+
++ if (unlikely(copy_from_user(&pin, p, sizeof(pin))))
++ return -EFAULT;
++
+ mutex_lock(&ashmem_mutex);
+
+ if (unlikely(!asma->file))
+ goto out_unlock;
+
+- if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) {
+- ret = -EFAULT;
+- goto out_unlock;
+- }
+-
+ /* per custom, you can pass zero for len to mean "everything onward" */
+ if (!pin.len)
+ pin.len = PAGE_ALIGN(asma->size) - pin.offset;
projects / thirdparty / kernel / stable-queue.git / commitdiff
