--- /dev/null
+From 34aa363dca56091295bff10bfa7b96b6a869c3b5 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Fri, 9 Jun 2017 10:14:53 +0100
+Subject: ARM: 8680/1: boot/compressed: fix inappropriate Thumb2 mnemonic for
+ __nop
+
+[ Upstream commit 60ce2858514ed9ccaf00dc7e9f4dc219537e9855 ]
+
+Commit 06a4b6d009a1 ("ARM: 8677/1: boot/compressed: fix decompressor
+header layout for v7-M") fixed an issue in the layout of the header
+of the compressed kernel image that was caused by the assembler
+emitting narrow opcodes for 'mov r0, r0', and for this reason, the
+mnemonic was updated to use the W() macro, which will append the .w
+suffix (which forces a wide encoding) if required, i.e., when building
+the kernel in Thumb2 mode.
+
+However, this failed to take into account that on Thumb2 kernels built
+for CPUs that are also ARM capable, the entry point is entered in ARM
+mode, and so the instructions emitted here will be ARM instructions
+that only exist in a wide encoding to begin with, which is why the
+assembler rejects the .w suffix here and aborts the build with the
+following message:
+
+ head.S: Assembler messages:
+ head.S:132: Error: width suffixes are invalid in ARM mode -- `mov.w r0,r0'
+
+So replace the W(mov) with separate ARM and Thumb2 instructions, where
+the latter will only be used for THUMB2_ONLY builds.
+
+Fixes: 06a4b6d009a1 ("ARM: 8677/1: boot/compressed: fix decompressor ...")
+Reported-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/compressed/efi-header.S | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
+index 3f7d1b74c5e02..a17ca8d78656d 100644
+--- a/arch/arm/boot/compressed/efi-header.S
++++ b/arch/arm/boot/compressed/efi-header.S
+@@ -17,7 +17,8 @@
+ @ there.
+ .inst 'M' | ('Z' << 8) | (0x1310 << 16) @ tstne r0, #0x4d000
+ #else
+- W(mov) r0, r0
++ AR_CLASS( mov r0, r0 )
++ M_CLASS( nop.w )
+ #endif
+ .endm
+
+--
+2.20.1
+
--- /dev/null
+From cee8e7bffa930767cbe51757867696ba0f0f51d1 Mon Sep 17 00:00:00 2001
+From: Prasad Sodagudi <psodagud@codeaurora.org>
+Date: Sun, 24 Mar 2019 07:57:04 -0700
+Subject: genirq: Prevent use-after-free and work list corruption
+
+[ Upstream commit 59c39840f5abf4a71e1810a8da71aaccd6c17d26 ]
+
+When irq_set_affinity_notifier() replaces the notifier, then the
+reference count on the old notifier is dropped which causes it to be
+freed. But nothing ensures that the old notifier is not longer queued
+in the work list. If it is queued this results in a use after free and
+possibly in work list corruption.
+
+Ensure that the work is canceled before the reference is dropped.
+
+Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: marc.zyngier@arm.com
+Link: https://lkml.kernel.org/r/1553439424-6529-1-git-send-email-psodagud@codeaurora.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/irq/manage.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
+index cf94460504bba..be7f489788e27 100644
+--- a/kernel/irq/manage.c
++++ b/kernel/irq/manage.c
+@@ -332,8 +332,10 @@ irq_set_affinity_notifier(unsigned int irq, struct irq_affinity_notify *notify)
+ desc->affinity_notify = notify;
+ raw_spin_unlock_irqrestore(&desc->lock, flags);
+
+- if (old_notify)
++ if (old_notify) {
++ cancel_work_sync(&old_notify->work);
+ kref_put(&old_notify->kref, old_notify->release);
++ }
+
+ return 0;
+ }
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
