--- /dev/null
+From 0f5eb1545907edeea7672a9c1652c4231150ff22 Mon Sep 17 00:00:00 2001
+From: Ian Abbott <abbotti@mev.co.uk>
+Date: Wed, 15 Nov 2017 16:33:12 -0600
+Subject: fpga: region: release of_parse_phandle nodes after use
+
+From: Ian Abbott <abbotti@mev.co.uk>
+
+commit 0f5eb1545907edeea7672a9c1652c4231150ff22 upstream.
+
+Both fpga_region_get_manager() and fpga_region_get_bridges() call
+of_parse_phandle(), but nothing calls of_node_put() on the returned
+struct device_node pointers. Make sure to do that to stop their
+reference counters getting out of whack.
+
+Fixes: 0fa20cdfcc1f ("fpga: fpga-region: device tree control for FPGA")
+Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
+Signed-off-by: Alan Tull <atull@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/fpga/fpga-region.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+--- a/drivers/fpga/fpga-region.c
++++ b/drivers/fpga/fpga-region.c
+@@ -147,6 +147,7 @@ static struct fpga_manager *fpga_region_
+ mgr_node = of_parse_phandle(np, "fpga-mgr", 0);
+ if (mgr_node) {
+ mgr = of_fpga_mgr_get(mgr_node);
++ of_node_put(mgr_node);
+ of_node_put(np);
+ return mgr;
+ }
+@@ -192,10 +193,13 @@ static int fpga_region_get_bridges(struc
+ parent_br = region_np->parent;
+
+ /* If overlay has a list of bridges, use it. */
+- if (of_parse_phandle(overlay, "fpga-bridges", 0))
++ br = of_parse_phandle(overlay, "fpga-bridges", 0);
++ if (br) {
++ of_node_put(br);
+ np = overlay;
+- else
++ } else {
+ np = region_np;
++ }
+
+ for (i = 0; ; i++) {
+ br = of_parse_phandle(np, "fpga-bridges", i);
+@@ -203,12 +207,15 @@ static int fpga_region_get_bridges(struc
+ break;
+
+ /* If parent bridge is in list, skip it. */
+- if (br == parent_br)
++ if (br == parent_br) {
++ of_node_put(br);
+ continue;
++ }
+
+ /* If node is a bridge, get it and add to list */
+ ret = fpga_bridge_get_to_list(br, region->info,
+ ®ion->bridge_list);
++ of_node_put(br);
+
+ /* If any of the bridges are in use, give up */
+ if (ret == -EBUSY) {
--- /dev/null
+From 44117a1d1732c513875d5a163f10d9adbe866c08 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Date: Thu, 11 Jan 2018 18:57:26 +0100
+Subject: serial: core: mark port as initialized after successful IRQ change
+
+From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+
+commit 44117a1d1732c513875d5a163f10d9adbe866c08 upstream.
+
+setserial changes the IRQ via uart_set_info(). It invokes
+uart_shutdown() which free the current used IRQ and clear
+TTY_PORT_INITIALIZED. It will then update the IRQ number and invoke
+uart_startup() before returning to the caller leaving
+TTY_PORT_INITIALIZED cleared.
+
+The next open will crash with
+| list_add double add: new=ffffffff839fcc98, prev=ffffffff839fcc98, next=ffffffff839fcc98.
+since the close from the IOCTL won't free the IRQ (and clean the list)
+due to the TTY_PORT_INITIALIZED check in uart_shutdown().
+
+There is same pattern in uart_do_autoconfig() and I *think* it also
+needs to set TTY_PORT_INITIALIZED there.
+Is there a reason why uart_startup() does not set the flag by itself
+after the IRQ has been acquired (since it is cleared in uart_shutdown)?
+
+Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/serial_core.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/tty/serial/serial_core.c
++++ b/drivers/tty/serial/serial_core.c
+@@ -987,6 +987,8 @@ static int uart_set_info(struct tty_stru
+ }
+ } else {
+ retval = uart_startup(tty, state, 1);
++ if (retval == 0)
++ tty_port_set_initialized(port, true);
+ if (retval > 0)
+ retval = 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
