--- /dev/null
+From 2d89cd05b7777a59816325c912679dfd4e137019 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 31 Jul 2020 12:10:25 -0400
+Subject: fs: prevent BUG_ON in submit_bh_wbc()
+
+From: Xianting Tian <xianting_tian@126.com>
+
+[ Upstream commit 377254b2cd2252c7c3151b113cbdf93a7736c2e9 ]
+
+If a device is hot-removed --- for example, when a physical device is
+unplugged from pcie slot or a nbd device's network is shutdown ---
+this can result in a BUG_ON() crash in submit_bh_wbc(). This is
+because the when the block device dies, the buffer heads will have
+their Buffer_Mapped flag get cleared, leading to the crash in
+submit_bh_wbc.
+
+We had attempted to work around this problem in commit a17712c8
+("ext4: check superblock mapped prior to committing"). Unfortunately,
+it's still possible to hit the BUG_ON(!buffer_mapped(bh)) if the
+device dies between when the work-around check in ext4_commit_super()
+and when submit_bh_wbh() is finally called:
+
+Code path:
+ext4_commit_super
+ judge if 'buffer_mapped(sbh)' is false, return <== commit a17712c8
+ lock_buffer(sbh)
+ ...
+ unlock_buffer(sbh)
+ __sync_dirty_buffer(sbh,...
+ lock_buffer(sbh)
+ judge if 'buffer_mapped(sbh))' is false, return <== added by this patch
+ submit_bh(...,sbh)
+ submit_bh_wbc(...,sbh,...)
+
+[100722.966497] kernel BUG at fs/buffer.c:3095! <== BUG_ON(!buffer_mapped(bh))' in submit_bh_wbc()
+[100722.966503] invalid opcode: 0000 [#1] SMP
+[100722.966566] task: ffff8817e15a9e40 task.stack: ffffc90024744000
+[100722.966574] RIP: 0010:submit_bh_wbc+0x180/0x190
+[100722.966575] RSP: 0018:ffffc90024747a90 EFLAGS: 00010246
+[100722.966576] RAX: 0000000000620005 RBX: ffff8818a80603a8 RCX: 0000000000000000
+[100722.966576] RDX: ffff8818a80603a8 RSI: 0000000000020800 RDI: 0000000000000001
+[100722.966577] RBP: ffffc90024747ac0 R08: 0000000000000000 R09: ffff88207f94170d
+[100722.966578] R10: 00000000000437c8 R11: 0000000000000001 R12: 0000000000020800
+[100722.966578] R13: 0000000000000001 R14: 000000000bf9a438 R15: ffff88195f333000
+[100722.966580] FS: 00007fa2eee27700(0000) GS:ffff88203d840000(0000) knlGS:0000000000000000
+[100722.966580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[100722.966581] CR2: 0000000000f0b008 CR3: 000000201a622003 CR4: 00000000007606e0
+[100722.966582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[100722.966583] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[100722.966583] PKRU: 55555554
+[100722.966583] Call Trace:
+[100722.966588] __sync_dirty_buffer+0x6e/0xd0
+[100722.966614] ext4_commit_super+0x1d8/0x290 [ext4]
+[100722.966626] __ext4_std_error+0x78/0x100 [ext4]
+[100722.966635] ? __ext4_journal_get_write_access+0xca/0x120 [ext4]
+[100722.966646] ext4_reserve_inode_write+0x58/0xb0 [ext4]
+[100722.966655] ? ext4_dirty_inode+0x48/0x70 [ext4]
+[100722.966663] ext4_mark_inode_dirty+0x53/0x1e0 [ext4]
+[100722.966671] ? __ext4_journal_start_sb+0x6d/0xf0 [ext4]
+[100722.966679] ext4_dirty_inode+0x48/0x70 [ext4]
+[100722.966682] __mark_inode_dirty+0x17f/0x350
+[100722.966686] generic_update_time+0x87/0xd0
+[100722.966687] touch_atime+0xa9/0xd0
+[100722.966690] generic_file_read_iter+0xa09/0xcd0
+[100722.966694] ? page_cache_tree_insert+0xb0/0xb0
+[100722.966704] ext4_file_read_iter+0x4a/0x100 [ext4]
+[100722.966707] ? __inode_security_revalidate+0x4f/0x60
+[100722.966709] __vfs_read+0xec/0x160
+[100722.966711] vfs_read+0x8c/0x130
+[100722.966712] SyS_pread64+0x87/0xb0
+[100722.966716] do_syscall_64+0x67/0x1b0
+[100722.966719] entry_SYSCALL64_slow_path+0x25/0x25
+
+To address this, add the check of 'buffer_mapped(bh)' to
+__sync_dirty_buffer(). This also has the benefit of fixing this for
+other file systems.
+
+With this addition, we can drop the workaround in ext4_commit_supper().
+
+[ Commit description rewritten by tytso. ]
+
+Signed-off-by: Xianting Tian <xianting_tian@126.com>
+Link: https://lore.kernel.org/r/1596211825-8750-1-git-send-email-xianting_tian@126.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/buffer.c | 9 +++++++++
+ fs/ext4/super.c | 7 -------
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/fs/buffer.c b/fs/buffer.c
+index a89be9741d125..52f1a60417d1d 100644
+--- a/fs/buffer.c
++++ b/fs/buffer.c
+@@ -3203,6 +3203,15 @@ int __sync_dirty_buffer(struct buffer_head *bh, int op_flags)
+ WARN_ON(atomic_read(&bh->b_count) < 1);
+ lock_buffer(bh);
+ if (test_clear_buffer_dirty(bh)) {
++ /*
++ * The bh should be mapped, but it might not be if the
++ * device was hot-removed. Not much we can do but fail the I/O.
++ */
++ if (!buffer_mapped(bh)) {
++ unlock_buffer(bh);
++ return -EIO;
++ }
++
+ get_bh(bh);
+ bh->b_end_io = end_buffer_write_sync;
+ ret = submit_bh(REQ_OP_WRITE, op_flags, bh);
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index 370e4273042c5..472fa29c6f604 100644
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -4680,13 +4680,6 @@ static int ext4_commit_super(struct super_block *sb, int sync)
+ if (!sbh || block_device_ejected(sb))
+ return error;
+
+- /*
+- * The superblock bh should be mapped, but it might not be if the
+- * device was hot-removed. Not much we can do but fail the I/O.
+- */
+- if (!buffer_mapped(sbh))
+- return error;
+-
+ /*
+ * If the file system is mounted read-only, don't update the
+ * superblock write time. This avoids updating the superblock
+--
+2.25.1
+
--- /dev/null
+From e9f106d1e2f4711e39b8ed05859ef4c206601e39 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 17 Aug 2020 14:19:30 +0200
+Subject: i2c: rcar: in slave mode, clear NACK earlier
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit 914a7b3563b8fb92f976619bbd0fa3a4a708baae ]
+
+Currently, a NACK in slave mode is set/cleared when SCL is held low by
+the IP core right before the bit is about to be pushed out. This is too
+late for clearing and then a NACK from the previous byte is still used
+for the current one. Now, let's clear the NACK right after we detected
+the STOP condition following the NACK.
+
+Fixes: de20d1857dd6 ("i2c: rcar: add slave support")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rcar.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
+index 4231673435e7b..6be02da2ccc46 100644
+--- a/drivers/i2c/busses/i2c-rcar.c
++++ b/drivers/i2c/busses/i2c-rcar.c
+@@ -534,6 +534,7 @@ static bool rcar_i2c_slave_irq(struct rcar_i2c_priv *priv)
+ /* master sent stop */
+ if (ssr_filtered & SSR) {
+ i2c_slave_event(priv->slave, I2C_SLAVE_STOP, &value);
++ rcar_i2c_write(priv, ICSCR, SIE | SDBS); /* clear our NACK */
+ rcar_i2c_write(priv, ICSIER, SAR);
+ rcar_i2c_write(priv, ICSSR, ~SSR & 0xff);
+ }
+--
+2.25.1
+
--- /dev/null
+From 1a41e5bca22953cfed047234ba0958e51dce220f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 20 Jun 2020 10:54:26 +0800
+Subject: jbd2: abort journal if free a async write error metadata buffer
+
+From: zhangyi (F) <yi.zhang@huawei.com>
+
+[ Upstream commit c044f3d8360d2ecf831ba2cc9f08cf9fb2c699fb ]
+
+If we free a metadata buffer which has been failed to async write out
+in the background, the jbd2 checkpoint procedure will not detect this
+failure in jbd2_log_do_checkpoint(), so it may lead to filesystem
+inconsistency after cleanup journal tail. This patch abort the journal
+if free a buffer has write_io_error flag to prevent potential further
+inconsistency.
+
+Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
+Link: https://lore.kernel.org/r/20200620025427.1756360-5-yi.zhang@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/jbd2/transaction.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
+index 1478512ecab3e..cfbf5474bccab 100644
+--- a/fs/jbd2/transaction.c
++++ b/fs/jbd2/transaction.c
+@@ -1990,6 +1990,7 @@ int jbd2_journal_try_to_free_buffers(journal_t *journal,
+ {
+ struct buffer_head *head;
+ struct buffer_head *bh;
++ bool has_write_io_error = false;
+ int ret = 0;
+
+ J_ASSERT(PageLocked(page));
+@@ -2014,11 +2015,26 @@ int jbd2_journal_try_to_free_buffers(journal_t *journal,
+ jbd_unlock_bh_state(bh);
+ if (buffer_jbd(bh))
+ goto busy;
++
++ /*
++ * If we free a metadata buffer which has been failed to
++ * write out, the jbd2 checkpoint procedure will not detect
++ * this failure and may lead to filesystem inconsistency
++ * after cleanup journal tail.
++ */
++ if (buffer_write_io_error(bh)) {
++ pr_err("JBD2: Error while async write back metadata bh %llu.",
++ (unsigned long long)bh->b_blocknr);
++ has_write_io_error = true;
++ }
+ } while ((bh = bh->b_this_page) != head);
+
+ ret = try_to_free_buffers(page);
+
+ busy:
++ if (has_write_io_error)
++ jbd2_journal_abort(journal, -EIO);
++
+ return ret;
+ }
+
+--
+2.25.1
+
--- /dev/null
+From 4c82652496da375301655e011a0aec360c40f7f4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 17 Jun 2020 11:25:49 +0200
+Subject: jbd2: make sure jh have b_transaction set in refile/unfile_buffer
+
+From: Lukas Czerner <lczerner@redhat.com>
+
+[ Upstream commit 24dc9864914eb5813173cfa53313fcd02e4aea7d ]
+
+Callers of __jbd2_journal_unfile_buffer() and
+__jbd2_journal_refile_buffer() assume that the b_transaction is set. In
+fact if it's not, we can end up with journal_head refcounting errors
+leading to crash much later that might be very hard to track down. Add
+asserts to make sure that is the case.
+
+We also make sure that b_next_transaction is NULL in
+__jbd2_journal_unfile_buffer() since the callers expect that as well and
+we should not get into that stage in this state anyway, leading to
+problems later on if we do.
+
+Tested with fstests.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20200617092549.6712-1-lczerner@redhat.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/jbd2/transaction.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
+index 8de458d64134a..1478512ecab3e 100644
+--- a/fs/jbd2/transaction.c
++++ b/fs/jbd2/transaction.c
+@@ -1896,6 +1896,9 @@ static void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh)
+ */
+ static void __jbd2_journal_unfile_buffer(struct journal_head *jh)
+ {
++ J_ASSERT_JH(jh, jh->b_transaction != NULL);
++ J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
++
+ __jbd2_journal_temp_unlink_buffer(jh);
+ jh->b_transaction = NULL;
+ jbd2_journal_put_journal_head(jh);
+@@ -2443,6 +2446,13 @@ void __jbd2_journal_refile_buffer(struct journal_head *jh)
+
+ was_dirty = test_clear_buffer_jbddirty(bh);
+ __jbd2_journal_temp_unlink_buffer(jh);
++
++ /*
++ * b_transaction must be set, otherwise the new b_transaction won't
++ * be holding jh reference
++ */
++ J_ASSERT_JH(jh, jh->b_transaction != NULL);
++
+ /*
+ * We set b_transaction here because b_next_transaction will inherit
+ * our jh reference and thus __jbd2_journal_file_buffer() must not
+--
+2.25.1
+
--- /dev/null
+From c2a7d832aa3e871b378263c2993d7df9c4d0f646 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 19 Aug 2020 00:22:41 +0530
+Subject: net: gianfar: Add of_node_put() before goto statement
+
+From: Sumera Priyadarsini <sylphrenadin@gmail.com>
+
+[ Upstream commit 989e4da042ca4a56bbaca9223d1a93639ad11e17 ]
+
+Every iteration of for_each_available_child_of_node() decrements
+reference count of the previous node, however when control
+is transferred from the middle of the loop, as in the case of
+a return or break or goto, there is no decrement thus ultimately
+resulting in a memory leak.
+
+Fix a potential memory leak in gianfar.c by inserting of_node_put()
+before the goto statement.
+
+Issue found with Coccinelle.
+
+Signed-off-by: Sumera Priyadarsini <sylphrenadin@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/freescale/gianfar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
+index b665d27f8e299..95ab44aa0eeab 100644
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -844,8 +844,10 @@ static int gfar_of_init(struct platform_device *ofdev, struct net_device **pdev)
+ continue;
+
+ err = gfar_parse_group(child, priv, model);
+- if (err)
++ if (err) {
++ of_node_put(child);
+ goto err_grp_init;
++ }
+ }
+ } else { /* SQ_SG_MODE */
+ err = gfar_parse_group(np, priv, model);
+--
+2.25.1
+
--- /dev/null
+From 21c7fe853f8c296cea85bdc5f7b5370a193c639b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Aug 2020 08:46:32 -0400
+Subject: powerpc/perf: Fix soft lockups due to missed interrupt accounting
+
+From: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
+
+[ Upstream commit 17899eaf88d689529b866371344c8f269ba79b5f ]
+
+Performance monitor interrupt handler checks if any counter has
+overflown and calls record_and_restart() in core-book3s which invokes
+perf_event_overflow() to record the sample information. Apart from
+creating sample, perf_event_overflow() also does the interrupt and
+period checks via perf_event_account_interrupt().
+
+Currently we record information only if the SIAR (Sampled Instruction
+Address Register) valid bit is set (using siar_valid() check) and
+hence the interrupt check.
+
+But it is possible that we do sampling for some events that are not
+generating valid SIAR, and hence there is no chance to disable the
+event if interrupts are more than max_samples_per_tick. This leads to
+soft lockup.
+
+Fix this by adding perf_event_account_interrupt() in the invalid SIAR
+code path for a sampling event. ie if SIAR is invalid, just do
+interrupt check and don't record the sample information.
+
+Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
+Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
+Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/1596717992-7321-1-git-send-email-atrajeev@linux.vnet.ibm.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/perf/core-book3s.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
+index ba49ae6625f1b..a10b67df83bae 100644
+--- a/arch/powerpc/perf/core-book3s.c
++++ b/arch/powerpc/perf/core-book3s.c
+@@ -2042,6 +2042,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
+
+ if (perf_event_overflow(event, &data, regs))
+ power_pmu_stop(event, 0);
++ } else if (period) {
++ /* Account for interrupt in case of invalid SIAR */
++ if (perf_event_account_interrupt(event))
++ power_pmu_stop(event, 0);
+ }
+ }
+
+--
+2.25.1
+
--- /dev/null
+From a06017b2669b9c202f9326841832d14d149be419 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Jun 2020 16:42:45 +0200
+Subject: s390/cio: add cond_resched() in the slow_eval_known_fn() loop
+
+From: Vineeth Vijayan <vneethv@linux.ibm.com>
+
+[ Upstream commit 0b8eb2ee9da1e8c9b8082f404f3948aa82a057b2 ]
+
+The scanning through subchannels during the time of an event could
+take significant amount of time in case of platforms with lots of
+known subchannels. This might result in higher scheduling latencies
+for other tasks especially on systems with a single CPU. Add
+cond_resched() call, as the loop in slow_eval_known_fn() can be
+executed for a longer duration.
+
+Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Signed-off-by: Vineeth Vijayan <vneethv@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/s390/cio/css.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
+index 39a2b0cde9e42..d81fdcd6a1fe0 100644
+--- a/drivers/s390/cio/css.c
++++ b/drivers/s390/cio/css.c
+@@ -529,6 +529,11 @@ static int slow_eval_known_fn(struct subchannel *sch, void *data)
+ rc = css_evaluate_known_subchannel(sch, 1);
+ if (rc == -EAGAIN)
+ css_schedule_eval(sch->schid);
++ /*
++ * The loop might take long time for platforms with lots of
++ * known devices. Allow scheduling here.
++ */
++ cond_resched();
+ }
+ return 0;
+ }
+--
+2.25.1
+
--- /dev/null
+From 5269ff2c50e8b0429fc5afb99f47123102ea97f2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Aug 2020 13:07:34 +0800
+Subject: scsi: ufs: Fix possible infinite loop in ufshcd_hold
+
+From: Stanley Chu <stanley.chu@mediatek.com>
+
+[ Upstream commit 93b6c5db06028a3b55122bbb74d0715dd8ca4ae0 ]
+
+In ufshcd_suspend(), after clk-gating is suspended and link is set
+as Hibern8 state, ufshcd_hold() is still possibly invoked before
+ufshcd_suspend() returns. For example, MediaTek's suspend vops may
+issue UIC commands which would call ufshcd_hold() during the command
+issuing flow.
+
+Now if UFSHCD_CAP_HIBERN8_WITH_CLK_GATING capability is enabled,
+then ufshcd_hold() may enter infinite loops because there is no
+clk-ungating work scheduled or pending. In this case, ufshcd_hold()
+shall just bypass, and keep the link as Hibern8 state.
+
+Link: https://lore.kernel.org/r/20200809050734.18740-1-stanley.chu@mediatek.com
+Reviewed-by: Avri Altman <avri.altman@wdc.com>
+Co-developed-by: Andy Teng <andy.teng@mediatek.com>
+Signed-off-by: Andy Teng <andy.teng@mediatek.com>
+Signed-off-by: Stanley Chu <stanley.chu@mediatek.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/ufs/ufshcd.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
+index a7f520581cb0f..9916c574e8b80 100644
+--- a/drivers/scsi/ufs/ufshcd.c
++++ b/drivers/scsi/ufs/ufshcd.c
+@@ -659,6 +659,7 @@ unblock_reqs:
+ int ufshcd_hold(struct ufs_hba *hba, bool async)
+ {
+ int rc = 0;
++ bool flush_result;
+ unsigned long flags;
+
+ if (!ufshcd_is_clkgating_allowed(hba))
+@@ -690,7 +691,9 @@ start:
+ break;
+ }
+ spin_unlock_irqrestore(hba->host->host_lock, flags);
+- flush_work(&hba->clk_gating.ungate_work);
++ flush_result = flush_work(&hba->clk_gating.ungate_work);
++ if (hba->clk_gating.is_suspended && !flush_result)
++ goto out;
+ spin_lock_irqsave(hba->host->host_lock, flags);
+ goto start;
+ }
+--
+2.25.1
+
--- /dev/null
+From 62dc4dbc2af33972201da76a84cd76d857639fdb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Aug 2020 16:39:36 +0300
+Subject: scsi: ufs: Improve interrupt handling for shared interrupts
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+[ Upstream commit 127d5f7c4b653b8be5eb3b2c7bbe13728f9003ff ]
+
+For shared interrupts, the interrupt status might be zero, so check that
+first.
+
+Link: https://lore.kernel.org/r/20200811133936.19171-2-adrian.hunter@intel.com
+Reviewed-by: Avri Altman <avri.altman@wdc.com>
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/ufs/ufshcd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
+index 9916c574e8b80..ad5f2e2b4cbaf 100644
+--- a/drivers/scsi/ufs/ufshcd.c
++++ b/drivers/scsi/ufs/ufshcd.c
+@@ -4400,7 +4400,7 @@ static void ufshcd_sl_intr(struct ufs_hba *hba, u32 intr_status)
+ */
+ static irqreturn_t ufshcd_intr(int irq, void *__hba)
+ {
+- u32 intr_status, enabled_intr_status;
++ u32 intr_status, enabled_intr_status = 0;
+ irqreturn_t retval = IRQ_NONE;
+ struct ufs_hba *hba = __hba;
+ int retries = hba->nutrs;
+@@ -4414,7 +4414,7 @@ static irqreturn_t ufshcd_intr(int irq, void *__hba)
+ * read, make sure we handle them by checking the interrupt status
+ * again in a loop until we process all of the reqs before returning.
+ */
+- do {
++ while (intr_status && retries--) {
+ enabled_intr_status =
+ intr_status & ufshcd_readl(hba, REG_INTERRUPT_ENABLE);
+ if (intr_status)
+@@ -4425,7 +4425,7 @@ static irqreturn_t ufshcd_intr(int irq, void *__hba)
+ }
+
+ intr_status = ufshcd_readl(hba, REG_INTERRUPT_STATUS);
+- } while (intr_status && --retries);
++ }
+
+ spin_unlock(hba->host->host_lock);
+ return retval;
+--
+2.25.1
+
usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch
efi-provide-empty-efi_enter_virtual_mode-implementat.patch
revert-ath10k-fix-dma-related-firmware-crashes-on-mu.patch
+i2c-rcar-in-slave-mode-clear-nack-earlier.patch
+usb-gadget-f_tcm-fix-some-resource-leaks-in-some-err.patch
+jbd2-make-sure-jh-have-b_transaction-set-in-refile-u.patch
+jbd2-abort-journal-if-free-a-async-write-error-metad.patch
+fs-prevent-bug_on-in-submit_bh_wbc.patch
+s390-cio-add-cond_resched-in-the-slow_eval_known_fn-.patch
+scsi-ufs-fix-possible-infinite-loop-in-ufshcd_hold.patch
+scsi-ufs-improve-interrupt-handling-for-shared-inter.patch
+net-gianfar-add-of_node_put-before-goto-statement.patch
+powerpc-perf-fix-soft-lockups-due-to-missed-interrup.patch
--- /dev/null
+From 1ace396a3ed8767fd26a51a8ca9438f2521d78d2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 Aug 2020 07:55:01 +0200
+Subject: usb: gadget: f_tcm: Fix some resource leaks in some error paths
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit 07c8434150f4eb0b65cae288721c8af1080fde17 ]
+
+If a memory allocation fails within a 'usb_ep_alloc_request()' call, the
+already allocated memory must be released.
+
+Fix a mix-up in the code and free the correct requests.
+
+Fixes: c52661d60f63 ("usb-gadget: Initial merge of target module for UASP + BOT")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/gadget/function/f_tcm.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/usb/gadget/function/f_tcm.c b/drivers/usb/gadget/function/f_tcm.c
+index d2351139342f6..7e8e262b36297 100644
+--- a/drivers/usb/gadget/function/f_tcm.c
++++ b/drivers/usb/gadget/function/f_tcm.c
+@@ -751,12 +751,13 @@ static int uasp_alloc_stream_res(struct f_uas *fu, struct uas_stream *stream)
+ goto err_sts;
+
+ return 0;
++
+ err_sts:
+- usb_ep_free_request(fu->ep_status, stream->req_status);
+- stream->req_status = NULL;
+-err_out:
+ usb_ep_free_request(fu->ep_out, stream->req_out);
+ stream->req_out = NULL;
++err_out:
++ usb_ep_free_request(fu->ep_in, stream->req_in);
++ stream->req_in = NULL;
+ out:
+ return -ENOMEM;
+ }
+--
+2.25.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
