--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Dominique Martinet <dominique.martinet@cea.fr>
+Date: Tue, 28 Aug 2018 07:32:35 +0900
+Subject: 9p: clear dangling pointers in p9stat_free
+
+From: Dominique Martinet <dominique.martinet@cea.fr>
+
+[ Upstream commit 62e3941776fea8678bb8120607039410b1b61a65 ]
+
+p9stat_free is more of a cleanup function than a 'free' function as it
+only frees the content of the struct; there are chances of use-after-free
+if it is improperly used (e.g. p9stat_free called twice as it used to be
+possible to)
+
+Clearing dangling pointers makes the function idempotent and safer to use.
+
+Link: http://lkml.kernel.org/r/1535410108-20650-2-git-send-email-asmadeus@codewreck.org
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Reported-by: syzbot+d4252148d198410b864f@syzkaller.appspotmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/9p/protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/net/9p/protocol.c
++++ b/net/9p/protocol.c
+@@ -45,10 +45,15 @@ p9pdu_writef(struct p9_fcall *pdu, int p
+ void p9stat_free(struct p9_wstat *stbuf)
+ {
+ kfree(stbuf->name);
++ stbuf->name = NULL;
+ kfree(stbuf->uid);
++ stbuf->uid = NULL;
+ kfree(stbuf->gid);
++ stbuf->gid = NULL;
+ kfree(stbuf->muid);
++ stbuf->muid = NULL;
+ kfree(stbuf->extension);
++ stbuf->extension = NULL;
+ }
+ EXPORT_SYMBOL(p9stat_free);
+
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Date: Wed, 26 Sep 2018 12:11:27 +0300
+Subject: drm/omap: fix memory barrier bug in DMM driver
+
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+
+[ Upstream commit 538f66ba204944470a653a4cccc5f8befdf97c22 ]
+
+A DMM timeout "timed out waiting for done" has been observed on DRA7
+devices. The timeout happens rarely, and only when the system is under
+heavy load.
+
+Debugging showed that the timeout can be made to happen much more
+frequently by optimizing the DMM driver, so that there's almost no code
+between writing the last DMM descriptors to RAM, and writing to DMM
+register which starts the DMM transaction.
+
+The current theory is that a wmb() does not properly ensure that the
+data written to RAM is observable by all the components in the system.
+
+This DMM timeout has caused interesting (and rare) bugs as the error
+handling was not functioning properly (the error handling has been fixed
+in previous commits):
+
+ * If a DMM timeout happened when a GEM buffer was being pinned for
+ display on the screen, a timeout error would be shown, but the driver
+ would continue programming DSS HW with broken buffer, leading to
+ SYNCLOST floods and possible crashes.
+
+ * If a DMM timeout happened when other user (say, video decoder) was
+ pinning a GEM buffer, a timeout would be shown but if the user
+ handled the error properly, no other issues followed.
+
+ * If a DMM timeout happened when a GEM buffer was being released, the
+ driver does not even notice the error, leading to crashes or hang
+ later.
+
+This patch adds wmb() and readl() calls after the last bit is written to
+RAM, which should ensure that the execution proceeds only after the data
+is actually in RAM, and thus observable by DMM.
+
+The read-back should not be needed. Further study is required to understand
+if DMM is somehow special case and read-back is ok, or if DRA7's memory
+barriers do not work correctly.
+
+Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
++++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
+@@ -256,6 +256,17 @@ static int dmm_txn_commit(struct dmm_txn
+ }
+
+ txn->last_pat->next_pa = 0;
++ /* ensure that the written descriptors are visible to DMM */
++ wmb();
++
++ /*
++ * NOTE: the wmb() above should be enough, but there seems to be a bug
++ * in OMAP's memory barrier implementation, which in some rare cases may
++ * cause the writes not to be observable after wmb().
++ */
++
++ /* read back to ensure the data is in RAM */
++ readl(&txn->last_pat->next_pa);
+
+ /* write to PAT_DESCR to clear out any pending transaction */
+ writel(0x0, dmm->base + reg[PAT_DESCR][engine->id]);
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Nicholas Mc Guire <hofrat@osadl.org>
+Date: Sun, 9 Sep 2018 12:02:32 -0400
+Subject: media: pci: cx23885: handle adding to list failure
+
+From: Nicholas Mc Guire <hofrat@osadl.org>
+
+[ Upstream commit c5d59528e24ad22500347b199d52b9368e686a42 ]
+
+altera_hw_filt_init() which calls append_internal() assumes
+that the node was successfully linked in while in fact it can
+silently fail. So the call-site needs to set return to -ENOMEM
+on append_internal() returning NULL and exit through the err path.
+
+Fixes: 349bcf02e361 ("[media] Altera FPGA based CI driver module")
+
+Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/media/pci/cx23885/altera-ci.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/media/pci/cx23885/altera-ci.c
++++ b/drivers/media/pci/cx23885/altera-ci.c
+@@ -662,6 +662,10 @@ static int altera_hw_filt_init(struct al
+ }
+
+ temp_int = append_internal(inter);
++ if (!temp_int) {
++ ret = -ENOMEM;
++ goto err;
++ }
+ inter->filts_used = 1;
+ inter->dev = config->dev;
+ inter->fpga_rw = config->fpga_rw;
+@@ -696,6 +700,7 @@ err:
+ __func__, ret);
+
+ kfree(pid_filt);
++ kfree(inter);
+
+ return ret;
+ }
+@@ -731,6 +736,10 @@ int altera_ci_init(struct altera_ci_conf
+ }
+
+ temp_int = append_internal(inter);
++ if (!temp_int) {
++ ret = -ENOMEM;
++ goto err;
++ }
+ inter->cis_used = 1;
+ inter->dev = config->dev;
+ inter->fpga_rw = config->fpga_rw;
+@@ -799,6 +808,7 @@ err:
+ ci_dbg_print("%s: Cannot initialize CI: Error %d.\n", __func__, ret);
+
+ kfree(state);
++ kfree(inter);
+
+ return ret;
+ }
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Marco Felsch <m.felsch@pengutronix.de>
+Date: Thu, 28 Jun 2018 12:20:33 -0400
+Subject: media: tvp5150: fix width alignment during set_selection()
+
+From: Marco Felsch <m.felsch@pengutronix.de>
+
+[ Upstream commit bd24db04101f45a9c1d874fe21b0c7eab7bcadec ]
+
+The driver ignored the width alignment which exists due to the UYVY
+colorspace format. Fix the width alignment and make use of the the
+provided v4l2 helper function to set the width, height and all
+alignments in one.
+
+Fixes: 963ddc63e20d ("[media] media: tvp5150: Add cropping support")
+
+Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/media/i2c/tvp5150.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/drivers/media/i2c/tvp5150.c
++++ b/drivers/media/i2c/tvp5150.c
+@@ -864,9 +864,6 @@ static int tvp5150_s_crop(struct v4l2_su
+
+ /* tvp5150 has some special limits */
+ rect.left = clamp(rect.left, 0, TVP5150_MAX_CROP_LEFT);
+- rect.width = clamp_t(unsigned int, rect.width,
+- TVP5150_H_MAX - TVP5150_MAX_CROP_LEFT - rect.left,
+- TVP5150_H_MAX - rect.left);
+ rect.top = clamp(rect.top, 0, TVP5150_MAX_CROP_TOP);
+
+ /* Calculate height based on current standard */
+@@ -880,9 +877,16 @@ static int tvp5150_s_crop(struct v4l2_su
+ else
+ hmax = TVP5150_V_MAX_OTHERS;
+
+- rect.height = clamp_t(unsigned int, rect.height,
++ /*
++ * alignments:
++ * - width = 2 due to UYVY colorspace
++ * - height, image = no special alignment
++ */
++ v4l_bound_align_image(&rect.width,
++ TVP5150_H_MAX - TVP5150_MAX_CROP_LEFT - rect.left,
++ TVP5150_H_MAX - rect.left, 1, &rect.height,
+ hmax - TVP5150_MAX_CROP_TOP - rect.top,
+- hmax - rect.top);
++ hmax - rect.top, 0, 0);
+
+ tvp5150_write(sd, TVP5150_VERT_BLANKING_START, rect.top);
+ tvp5150_write(sd, TVP5150_VERT_BLANKING_STOP,
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Dengcheng Zhu <dzhu@wavecomp.com>
+Date: Tue, 11 Sep 2018 14:49:20 -0700
+Subject: MIPS: kexec: Mark CPU offline before disabling local IRQ
+
+From: Dengcheng Zhu <dzhu@wavecomp.com>
+
+[ Upstream commit dc57aaf95a516f70e2d527d8287a0332c481a226 ]
+
+After changing CPU online status, it will not be sent any IPIs such as in
+__flush_cache_all() on software coherency systems. Do this before disabling
+local IRQ.
+
+Signed-off-by: Dengcheng Zhu <dzhu@wavecomp.com>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Patchwork: https://patchwork.linux-mips.org/patch/20571/
+Cc: pburton@wavecomp.com
+Cc: ralf@linux-mips.org
+Cc: linux-mips@linux-mips.org
+Cc: rachel.mozes@intel.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/kernel/crash.c | 3 +++
+ arch/mips/kernel/machine_kexec.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+--- a/arch/mips/kernel/crash.c
++++ b/arch/mips/kernel/crash.c
+@@ -34,6 +34,9 @@ static void crash_shutdown_secondary(voi
+ if (!cpu_online(cpu))
+ return;
+
++ /* We won't be sent IPIs any more. */
++ set_cpu_online(cpu, false);
++
+ local_irq_disable();
+ if (!cpu_isset(cpu, cpus_in_crash))
+ crash_save_cpu(regs, cpu);
+--- a/arch/mips/kernel/machine_kexec.c
++++ b/arch/mips/kernel/machine_kexec.c
+@@ -95,6 +95,9 @@ machine_kexec(struct kimage *image)
+ *ptr = (unsigned long) phys_to_virt(*ptr);
+ }
+
++ /* Mark offline BEFORE disabling local irq. */
++ set_cpu_online(smp_processor_id(), false);
++
+ /*
+ * we do not want to be bothered.
+ */
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Joel Stanley <joel@jms.id.au>
+Date: Fri, 14 Sep 2018 13:36:47 +0930
+Subject: powerpc/boot: Ensure _zimage_start is a weak symbol
+
+From: Joel Stanley <joel@jms.id.au>
+
+[ Upstream commit ee9d21b3b3583712029a0db65a4b7c081d08d3b3 ]
+
+When building with clang crt0's _zimage_start is not marked weak, which
+breaks the build when linking the kernel image:
+
+ $ objdump -t arch/powerpc/boot/crt0.o |grep _zimage_start$
+ 0000000000000058 g .text 0000000000000000 _zimage_start
+
+ ld: arch/powerpc/boot/wrapper.a(crt0.o): in function '_zimage_start':
+ (.text+0x58): multiple definition of '_zimage_start';
+ arch/powerpc/boot/pseries-head.o:(.text+0x0): first defined here
+
+Clang requires the .weak directive to appear after the symbol is
+declared. The binutils manual says:
+
+ This directive sets the weak attribute on the comma separated list of
+ symbol names. If the symbols do not already exist, they will be
+ created.
+
+So it appears this is different with clang. The only reference I could
+see for this was an OpenBSD mailing list post[1].
+
+Changing it to be after the declaration fixes building with Clang, and
+still works with GCC.
+
+ $ objdump -t arch/powerpc/boot/crt0.o |grep _zimage_start$
+ 0000000000000058 w .text 0000000000000000 _zimage_start
+
+Reported to clang as https://bugs.llvm.org/show_bug.cgi?id=38921
+
+[1] https://groups.google.com/forum/#!topic/fa.openbsd.tech/PAgKKen2YCY
+
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/boot/crt0.S | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/powerpc/boot/crt0.S
++++ b/arch/powerpc/boot/crt0.S
+@@ -47,8 +47,10 @@ p_end: .long _end
+ p_pstack: .long _platform_stack_top
+ #endif
+
+- .weak _zimage_start
+ .globl _zimage_start
++ /* Clang appears to require the .weak directive to be after the symbol
++ * is defined. See https://bugs.llvm.org/show_bug.cgi?id=38921 */
++ .weak _zimage_start
+ _zimage_start:
+ .globl _zimage_start_lib
+ _zimage_start_lib:
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 1 Oct 2018 16:21:51 +1000
+Subject: powerpc/nohash: fix undefined behaviour when testing page size support
+
+From: Daniel Axtens <dja@axtens.net>
+
+[ Upstream commit f5e284803a7206d43e26f9ffcae5de9626d95e37 ]
+
+When enumerating page size definitions to check hardware support,
+we construct a constant which is (1U << (def->shift - 10)).
+
+However, the array of page size definitions is only initalised for
+various MMU_PAGE_* constants, so it contains a number of 0-initialised
+elements with def->shift == 0. This means we end up shifting by a
+very large number, which gives the following UBSan splat:
+
+================================================================================
+UBSAN: Undefined behaviour in /home/dja/dev/linux/linux/arch/powerpc/mm/tlb_nohash.c:506:21
+shift exponent 4294967286 is too large for 32-bit type 'unsigned int'
+CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc3-00045-ga604f927b012-dirty #6
+Call Trace:
+[c00000000101bc20] [c000000000a13d54] .dump_stack+0xa8/0xec (unreliable)
+[c00000000101bcb0] [c0000000004f20a8] .ubsan_epilogue+0x18/0x64
+[c00000000101bd30] [c0000000004f2b10] .__ubsan_handle_shift_out_of_bounds+0x110/0x1a4
+[c00000000101be20] [c000000000d21760] .early_init_mmu+0x1b4/0x5a0
+[c00000000101bf10] [c000000000d1ba28] .early_setup+0x100/0x130
+[c00000000101bf90] [c000000000000528] start_here_multiplatform+0x68/0x80
+================================================================================
+
+Fix this by first checking if the element exists (shift != 0) before
+constructing the constant.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/mm/tlb_nohash.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/powerpc/mm/tlb_nohash.c
++++ b/arch/powerpc/mm/tlb_nohash.c
+@@ -479,6 +479,9 @@ static void setup_page_sizes(void)
+ for (psize = 0; psize < MMU_PAGE_COUNT; ++psize) {
+ struct mmu_psize_def *def = &mmu_psize_defs[psize];
+
++ if (!def->shift)
++ continue;
++
+ if (tlb1ps & (1U << (def->shift - 10))) {
+ def->flags |= MMU_PAGE_SIZE_DIRECT;
+
media-em28xx-make-v4l2-compliance-happier-by-starting-sequence-on-zero.patch
cramfs-fix-abad-comparison-when-wrap-arounds-occur.patch
dm-remove-duplicate-dm_get_live_table-in-__dm_destroy.patch
+tty-check-name-length-in-tty_find_polling_driver.patch
+powerpc-nohash-fix-undefined-behaviour-when-testing-page-size-support.patch
+drm-omap-fix-memory-barrier-bug-in-dmm-driver.patch
+media-pci-cx23885-handle-adding-to-list-failure.patch
+mips-kexec-mark-cpu-offline-before-disabling-local-irq.patch
+powerpc-boot-ensure-_zimage_start-is-a-weak-symbol.patch
+media-tvp5150-fix-width-alignment-during-set_selection.patch
+9p-clear-dangling-pointers-in-p9stat_free.patch
--- /dev/null
+From foo@baz Tue Nov 13 16:17:58 PST 2018
+From: Miles Chen <miles.chen@mediatek.com>
+Date: Mon, 8 Oct 2018 10:39:17 +0800
+Subject: tty: check name length in tty_find_polling_driver()
+
+From: Miles Chen <miles.chen@mediatek.com>
+
+[ Upstream commit 33a1a7be198657c8ca26ad406c4d2a89b7162bcc ]
+
+The issue is found by a fuzzing test.
+If tty_find_polling_driver() recevies an incorrect input such as
+',,' or '0b', the len becomes 0 and strncmp() always return 0.
+In this case, a null p->ops->poll_init() is called and it causes a kernel
+panic.
+
+Fix this by checking name length against zero in tty_find_polling_driver().
+
+$echo ,, > /sys/module/kgdboc/parameters/kgdboc
+[ 20.804451] WARNING: CPU: 1 PID: 104 at drivers/tty/serial/serial_core.c:457
+uart_get_baud_rate+0xe8/0x190
+[ 20.804917] Modules linked in:
+[ 20.805317] CPU: 1 PID: 104 Comm: sh Not tainted 4.19.0-rc7ajb #8
+[ 20.805469] Hardware name: linux,dummy-virt (DT)
+[ 20.805732] pstate: 20000005 (nzCv daif -PAN -UAO)
+[ 20.805895] pc : uart_get_baud_rate+0xe8/0x190
+[ 20.806042] lr : uart_get_baud_rate+0xc0/0x190
+[ 20.806476] sp : ffffffc06acff940
+[ 20.806676] x29: ffffffc06acff940 x28: 0000000000002580
+[ 20.806977] x27: 0000000000009600 x26: 0000000000009600
+[ 20.807231] x25: ffffffc06acffad0 x24: 00000000ffffeff0
+[ 20.807576] x23: 0000000000000001 x22: 0000000000000000
+[ 20.807807] x21: 0000000000000001 x20: 0000000000000000
+[ 20.808049] x19: ffffffc06acffac8 x18: 0000000000000000
+[ 20.808277] x17: 0000000000000000 x16: 0000000000000000
+[ 20.808520] x15: ffffffffffffffff x14: ffffffff00000000
+[ 20.808757] x13: ffffffffffffffff x12: 0000000000000001
+[ 20.809011] x11: 0101010101010101 x10: ffffff880d59ff5f
+[ 20.809292] x9 : ffffff880d59ff5e x8 : ffffffc06acffaf3
+[ 20.809549] x7 : 0000000000000000 x6 : ffffff880d59ff5f
+[ 20.809803] x5 : 0000000080008001 x4 : 0000000000000003
+[ 20.810056] x3 : ffffff900853e6b4 x2 : dfffff9000000000
+[ 20.810693] x1 : ffffffc06acffad0 x0 : 0000000000000cb0
+[ 20.811005] Call trace:
+[ 20.811214] uart_get_baud_rate+0xe8/0x190
+[ 20.811479] serial8250_do_set_termios+0xe0/0x6f4
+[ 20.811719] serial8250_set_termios+0x48/0x54
+[ 20.811928] uart_set_options+0x138/0x1bc
+[ 20.812129] uart_poll_init+0x114/0x16c
+[ 20.812330] tty_find_polling_driver+0x158/0x200
+[ 20.812545] configure_kgdboc+0xbc/0x1bc
+[ 20.812745] param_set_kgdboc_var+0xb8/0x150
+[ 20.812960] param_attr_store+0xbc/0x150
+[ 20.813160] module_attr_store+0x40/0x58
+[ 20.813364] sysfs_kf_write+0x8c/0xa8
+[ 20.813563] kernfs_fop_write+0x154/0x290
+[ 20.813764] vfs_write+0xf0/0x278
+[ 20.813951] __arm64_sys_write+0x84/0xf4
+[ 20.814400] el0_svc_common+0xf4/0x1dc
+[ 20.814616] el0_svc_handler+0x98/0xbc
+[ 20.814804] el0_svc+0x8/0xc
+[ 20.822005] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
+[ 20.826913] Mem abort info:
+[ 20.827103] ESR = 0x84000006
+[ 20.827352] Exception class = IABT (current EL), IL = 16 bits
+[ 20.827655] SET = 0, FnV = 0
+[ 20.827855] EA = 0, S1PTW = 0
+[ 20.828135] user pgtable: 4k pages, 39-bit VAs, pgdp = (____ptrval____)
+[ 20.828484] [0000000000000000] pgd=00000000aadee003, pud=00000000aadee003, pmd=0000000000000000
+[ 20.829195] Internal error: Oops: 84000006 [#1] SMP
+[ 20.829564] Modules linked in:
+[ 20.829890] CPU: 1 PID: 104 Comm: sh Tainted: G W 4.19.0-rc7ajb #8
+[ 20.830545] Hardware name: linux,dummy-virt (DT)
+[ 20.830829] pstate: 60000085 (nZCv daIf -PAN -UAO)
+[ 20.831174] pc : (null)
+[ 20.831457] lr : serial8250_do_set_termios+0x358/0x6f4
+[ 20.831727] sp : ffffffc06acff9b0
+[ 20.831936] x29: ffffffc06acff9b0 x28: ffffff9008d7c000
+[ 20.832267] x27: ffffff900969e16f x26: 0000000000000000
+[ 20.832589] x25: ffffff900969dfb0 x24: 0000000000000000
+[ 20.832906] x23: ffffffc06acffad0 x22: ffffff900969e160
+[ 20.833232] x21: 0000000000000000 x20: ffffffc06acffac8
+[ 20.833559] x19: ffffff900969df90 x18: 0000000000000000
+[ 20.833878] x17: 0000000000000000 x16: 0000000000000000
+[ 20.834491] x15: ffffffffffffffff x14: ffffffff00000000
+[ 20.834821] x13: ffffffffffffffff x12: 0000000000000001
+[ 20.835143] x11: 0101010101010101 x10: ffffff880d59ff5f
+[ 20.835467] x9 : ffffff880d59ff5e x8 : ffffffc06acffaf3
+[ 20.835790] x7 : 0000000000000000 x6 : ffffff880d59ff5f
+[ 20.836111] x5 : c06419717c314100 x4 : 0000000000000007
+[ 20.836419] x3 : 0000000000000000 x2 : 0000000000000000
+[ 20.836732] x1 : 0000000000000001 x0 : ffffff900969df90
+[ 20.837100] Process sh (pid: 104, stack limit = 0x(____ptrval____))
+[ 20.837396] Call trace:
+[ 20.837566] (null)
+[ 20.837816] serial8250_set_termios+0x48/0x54
+[ 20.838089] uart_set_options+0x138/0x1bc
+[ 20.838570] uart_poll_init+0x114/0x16c
+[ 20.838834] tty_find_polling_driver+0x158/0x200
+[ 20.839119] configure_kgdboc+0xbc/0x1bc
+[ 20.839380] param_set_kgdboc_var+0xb8/0x150
+[ 20.839658] param_attr_store+0xbc/0x150
+[ 20.839920] module_attr_store+0x40/0x58
+[ 20.840183] sysfs_kf_write+0x8c/0xa8
+[ 20.840183] sysfs_kf_write+0x8c/0xa8
+[ 20.840440] kernfs_fop_write+0x154/0x290
+[ 20.840702] vfs_write+0xf0/0x278
+[ 20.840942] __arm64_sys_write+0x84/0xf4
+[ 20.841209] el0_svc_common+0xf4/0x1dc
+[ 20.841471] el0_svc_handler+0x98/0xbc
+[ 20.841713] el0_svc+0x8/0xc
+[ 20.842057] Code: bad PC value
+[ 20.842764] ---[ end trace a8835d7de79aaadf ]---
+[ 20.843134] Kernel panic - not syncing: Fatal exception
+[ 20.843515] SMP: stopping secondary CPUs
+[ 20.844289] Kernel Offset: disabled
+[ 20.844634] CPU features: 0x0,21806002
+[ 20.844857] Memory Limit: none
+[ 20.845172] ---[ end Kernel panic - not syncing: Fatal exception ]---
+
+Signed-off-by: Miles Chen <miles.chen@mediatek.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/tty_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -357,7 +357,7 @@ struct tty_driver *tty_find_polling_driv
+ mutex_lock(&tty_mutex);
+ /* Search through the tty devices to look for a match */
+ list_for_each_entry(p, &tty_drivers, tty_drivers) {
+- if (strncmp(name, p->name, len) != 0)
++ if (!len || strncmp(name, p->name, len) != 0)
+ continue;
+ stp = str;
+ if (*stp == ',')
projects / thirdparty / kernel / stable-queue.git / commitdiff
