--- /dev/null
+From 07bd14ccc3049f9c0147a91a4227a571f981601a Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Wed, 26 Dec 2018 11:28:24 +0000
+Subject: hwmon: (lm80) Fix missing unlock on error in set_fan_div()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 07bd14ccc3049f9c0147a91a4227a571f981601a upstream.
+
+Add the missing unlock before return from function set_fan_div()
+in the error handling case.
+
+Fixes: c9c63915519b ("hwmon: (lm80) fix a missing check of the status of SMBus read")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hwmon/lm80.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/hwmon/lm80.c
++++ b/drivers/hwmon/lm80.c
+@@ -393,8 +393,10 @@ static ssize_t set_fan_div(struct device
+ }
+
+ rv = lm80_read_value(client, LM80_REG_FANDIV);
+- if (rv < 0)
++ if (rv < 0) {
++ mutex_unlock(&data->update_lock);
+ return rv;
++ }
+ reg = (rv & ~(3 << (2 * (nr + 1))))
+ | (data->fan_div[nr] << (2 * (nr + 1)));
+ lm80_write_value(client, LM80_REG_FANDIV, reg);
--- /dev/null
+From 83e418a805d880a8b18add07f94d19b2a5a80307 Mon Sep 17 00:00:00 2001
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Date: Sat, 9 Feb 2019 01:58:50 +0100
+Subject: mmc: meson-gx: fix interrupt name
+
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+
+commit 83e418a805d880a8b18add07f94d19b2a5a80307 upstream.
+
+Commit bb364890323cca ("mmc: meson-gx: Free irq in release() callback")
+changed the _probe code to use request_threaded_irq() instead of
+devm_request_threaded_irq().
+Unfortunately this removes a fallback for the interrupt name:
+devm_request_threaded_irq() uses the device name as fallback if the
+given IRQ name is NULL. request_threaded_irq() has no such fallback,
+thus /proc/interrupts shows "(null)" instead.
+
+Explicitly pass the dev_name() so we get the IRQ name shown in
+/proc/interrupts again.
+While here, also fix the indentation of the request_threaded_irq()
+parameter list.
+
+Fixes: bb364890323cca ("mmc: meson-gx: Free irq in release() callback")
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/meson-gx-mmc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/meson-gx-mmc.c
++++ b/drivers/mmc/host/meson-gx-mmc.c
+@@ -1286,7 +1286,8 @@ static int meson_mmc_probe(struct platfo
+ host->regs + SD_EMMC_IRQ_EN);
+
+ ret = request_threaded_irq(host->irq, meson_mmc_irq,
+- meson_mmc_irq_thread, IRQF_SHARED, NULL, host);
++ meson_mmc_irq_thread, IRQF_SHARED,
++ dev_name(&pdev->dev), host);
+ if (ret)
+ goto err_init_clk;
+
--- /dev/null
+From d2fd6e81912a665993b24dcdc1c1384a42a54f7e Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Thu, 17 Jan 2019 08:46:34 -0600
+Subject: PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter
+
+From: Logan Gunthorpe <logang@deltatee.com>
+
+commit d2fd6e81912a665993b24dcdc1c1384a42a54f7e upstream.
+
+The disable_acs_redir parameter stores a pointer to the string passed to
+pci_setup(). However, the string passed to PCI setup is actually a
+temporary copy allocated in static __initdata memory. After init, once the
+memory is freed, it is no longer valid to reference this pointer.
+
+This bug was noticed in v5.0-rc1 after a change in commit c5eb1190074c
+("PCI / PM: Allow runtime PM without callback functions") caused
+pci_disable_acs_redir() to be called during shutdown which manifested
+as an unable to handle kernel paging request at:
+
+ RIP: 0010:pci_enable_acs+0x3f/0x1e0
+ Call Trace:
+ pci_restore_state.part.44+0x159/0x3c0
+ pci_restore_standard_config+0x33/0x40
+ pci_pm_runtime_resume+0x2b/0xd0
+ ? pci_restore_standard_config+0x40/0x40
+ __rpm_callback+0xbc/0x1b0
+ rpm_callback+0x1f/0x70
+ ? pci_restore_standard_config+0x40/0x40
+ rpm_resume+0x4f9/0x710
+ ? pci_conf1_read+0xb6/0xf0
+ ? pci_conf1_write+0xb2/0xe0
+ __pm_runtime_resume+0x47/0x70
+ pci_device_shutdown+0x1e/0x60
+ device_shutdown+0x14a/0x1f0
+ kernel_restart+0xe/0x50
+ __do_sys_reboot+0x1ee/0x210
+ ? __fput+0x144/0x1d0
+ do_writev+0x5e/0xf0
+ ? do_writev+0x5e/0xf0
+ do_syscall_64+0x48/0xf0
+ entry_SYSCALL_64_after_hwframe+0x44/0xa9
+
+It was also likely possible to trigger this bug when hotplugging PCI
+devices.
+
+To fix this, instead of storing a pointer, we use kstrdup() to copy the
+disable_acs_redir_param to its own buffer which will never be freed.
+
+Fixes: aaca43fda742 ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support")
+Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pci.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/pci.c
++++ b/drivers/pci/pci.c
+@@ -6113,7 +6113,8 @@ static int __init pci_setup(char *str)
+ } else if (!strncmp(str, "pcie_scan_all", 13)) {
+ pci_add_flags(PCI_SCAN_ALL_PCIE_DEVS);
+ } else if (!strncmp(str, "disable_acs_redir=", 18)) {
+- disable_acs_redir_param = str + 18;
++ disable_acs_redir_param =
++ kstrdup(str + 18, GFP_KERNEL);
+ } else {
+ printk(KERN_ERR "PCI: Unknown option `%s'\n",
+ str);
--- /dev/null
+From 8b2db98e814a5ec45e8800fc22ca9000ae0a517b Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Mon, 17 Dec 2018 12:19:53 +0000
+Subject: scsi: target/core: Use kmem_cache_free() instead of kfree()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 8b2db98e814a5ec45e8800fc22ca9000ae0a517b upstream.
+
+memory allocated by kmem_cache_alloc() should be freed using
+kmem_cache_free(), not kfree().
+
+Fixes: ad669505c4e9 ("scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/target/target_core_transport.c
++++ b/drivers/target/target_core_transport.c
+@@ -266,7 +266,7 @@ struct se_session *transport_alloc_sessi
+ }
+ ret = transport_init_session(se_sess);
+ if (ret < 0) {
+- kfree(se_sess);
++ kmem_cache_free(se_sess_cache, se_sess);
+ return ERR_PTR(ret);
+ }
+ se_sess->sup_prot_ops = sup_prot_ops;
tcp-clear-icsk_backoff-in-tcp_write_queue_purge.patch
tcp-tcp_v4_err-should-be-more-careful.patch
net-do-not-allocate-page-fragments-that-are-not-skb-.patch
+hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_div.patch
+scsi-target-core-use-kmem_cache_free-instead-of-kfree.patch
+x86_64-increase-stack-size-for-kasan_extra.patch
+mmc-meson-gx-fix-interrupt-name.patch
+pci-fix-__initdata-issue-with-pci-disable_acs_redir-parameter.patch
--- /dev/null
+From a8e911d13540487942d53137c156bd7707f66e5d Mon Sep 17 00:00:00 2001
+From: Qian Cai <cai@lca.pw>
+Date: Fri, 1 Feb 2019 14:20:20 -0800
+Subject: x86_64: increase stack size for KASAN_EXTRA
+
+From: Qian Cai <cai@lca.pw>
+
+commit a8e911d13540487942d53137c156bd7707f66e5d upstream.
+
+If the kernel is configured with KASAN_EXTRA, the stack size is
+increasted significantly because this option sets "-fstack-reuse" to
+"none" in GCC [1]. As a result, it triggers stack overrun quite often
+with 32k stack size compiled using GCC 8. For example, this reproducer
+
+ https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/madvise/madvise06.c
+
+triggers a "corrupted stack end detected inside scheduler" very reliably
+with CONFIG_SCHED_STACK_END_CHECK enabled.
+
+There are just too many functions that could have a large stack with
+KASAN_EXTRA due to large local variables that have been called over and
+over again without being able to reuse the stacks. Some noticiable ones
+are
+
+ size
+ 7648 shrink_page_list
+ 3584 xfs_rmap_convert
+ 3312 migrate_page_move_mapping
+ 3312 dev_ethtool
+ 3200 migrate_misplaced_transhuge_page
+ 3168 copy_process
+
+There are other 49 functions are over 2k in size while compiling kernel
+with "-Wframe-larger-than=" even with a related minimal config on this
+machine. Hence, it is too much work to change Makefiles for each object
+to compile without "-fsanitize-address-use-after-scope" individually.
+
+[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715#c23
+
+Although there is a patch in GCC 9 to help the situation, GCC 9 probably
+won't be released in a few months and then it probably take another
+6-month to 1-year for all major distros to include it as a default.
+Hence, the stack usage with KASAN_EXTRA can be revisited again in 2020
+when GCC 9 is everywhere. Until then, this patch will help users avoid
+stack overrun.
+
+This has already been fixed for arm64 for the same reason via
+6e8830674ea ("arm64: kasan: Increase stack size for KASAN_EXTRA").
+
+Link: http://lkml.kernel.org/r/20190109215209.2903-1-cai@lca.pw
+Signed-off-by: Qian Cai <cai@lca.pw>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Cc: Alexander Potapenko <glider@google.com>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/page_64_types.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/x86/include/asm/page_64_types.h
++++ b/arch/x86/include/asm/page_64_types.h
+@@ -7,7 +7,11 @@
+ #endif
+
+ #ifdef CONFIG_KASAN
++#ifdef CONFIG_KASAN_EXTRA
++#define KASAN_STACK_ORDER 2
++#else
+ #define KASAN_STACK_ORDER 1
++#endif
+ #else
+ #define KASAN_STACK_ORDER 0
+ #endif
projects / thirdparty / kernel / stable-queue.git / commitdiff
