--- /dev/null
+From 9b0eb69b75bccada2d341d7e7ca342f0cb1c9a6a Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Thu, 27 Jun 2019 13:39:48 -0700
+Subject: cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 9b0eb69b75bccada2d341d7e7ca342f0cb1c9a6a upstream.
+
+btrfs is going to use css_put() and wbc helpers to improve cgroup
+writeback support. Add dummy css_get() definition and export wbc
+helpers to prepare for module and !CONFIG_CGROUP builds.
+
+[only backport the export of __inode_attach_wb for stable kernels - gregkh]
+
+Reported-by: kbuild test robot <lkp@intel.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fs-writeback.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/fs-writeback.c
++++ b/fs/fs-writeback.c
+@@ -269,6 +269,7 @@ void __inode_attach_wb(struct inode *ino
+ if (unlikely(cmpxchg(&inode->i_wb, NULL, wb)))
+ wb_put(wb);
+ }
++EXPORT_SYMBOL_GPL(__inode_attach_wb);
+
+ /**
+ * locked_inode_to_wb_and_lock_list - determine a locked inode's wb and lock it
--- /dev/null
+From 8301c719a2bd131436438e49130ee381d30933f5 Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Wed, 10 Jun 2020 18:41:35 -0700
+Subject: nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 8301c719a2bd131436438e49130ee381d30933f5 upstream.
+
+After commit c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if
+mapping has no dirty pages"), the following null pointer dereference has
+been reported on nilfs2:
+
+ BUG: kernel NULL pointer dereference, address: 00000000000000a8
+ #PF: supervisor read access in kernel mode
+ #PF: error_code(0x0000) - not-present page
+ PGD 0 P4D 0
+ Oops: 0000 [#1] SMP PTI
+ ...
+ RIP: 0010:percpu_counter_add_batch+0xa/0x60
+ ...
+ Call Trace:
+ __test_set_page_writeback+0x2d3/0x330
+ nilfs_segctor_do_construct+0x10d3/0x2110 [nilfs2]
+ nilfs_segctor_construct+0x168/0x260 [nilfs2]
+ nilfs_segctor_thread+0x127/0x3b0 [nilfs2]
+ kthread+0xf8/0x130
+ ...
+
+This crash turned out to be caused by set_page_writeback() call for
+segment summary buffers at nilfs_segctor_prepare_write().
+
+set_page_writeback() can call inc_wb_stat(inode_to_wb(inode),
+WB_WRITEBACK) where inode_to_wb(inode) is NULL if the inode of
+underlying block device does not have an associated wb.
+
+This fixes the issue by calling inode_attach_wb() in advance to ensure
+to associate the bdev inode with its wb.
+
+Fixes: c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages")
+Reported-by: Walton Hoops <me@waltonhoops.com>
+Reported-by: Tomas Hlavaty <tom@logand.com>
+Reported-by: ARAI Shun-ichi <hermes@ceres.dti.ne.jp>
+Reported-by: Hideki EIRAKU <hdk1983@gmail.com>
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: <stable@vger.kernel.org> [5.4+]
+Link: http://lkml.kernel.org/r/20200608.011819.1399059588922299158.konishi.ryusuke@gmail.com
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nilfs2/segment.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/nilfs2/segment.c
++++ b/fs/nilfs2/segment.c
+@@ -2781,6 +2781,8 @@ int nilfs_attach_log_writer(struct super
+ if (!nilfs->ns_writer)
+ return -ENOMEM;
+
++ inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL);
++
+ err = nilfs_segctor_start_thread(nilfs->ns_writer);
+ if (err) {
+ kfree(nilfs->ns_writer);
alsa-usb-audio-fix-inconsistent-card-pm-state-after-resume.patch
acpi-sysfs-fix-reference-count-leak-in-acpi_sysfs_add_hotplug_profile.patch
acpi-pm-avoid-using-power-resources-if-there-are-none-for-d0.patch
+cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch
+nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch
+spi-bcm2835aux-fix-controller-unregister-order.patch
--- /dev/null
+From b9dd3f6d417258ad0beeb292a1bc74200149f15d Mon Sep 17 00:00:00 2001
+From: Lukas Wunner <lukas@wunner.de>
+Date: Fri, 15 May 2020 17:58:03 +0200
+Subject: spi: bcm2835aux: Fix controller unregister order
+
+From: Lukas Wunner <lukas@wunner.de>
+
+commit b9dd3f6d417258ad0beeb292a1bc74200149f15d upstream.
+
+The BCM2835aux SPI driver uses devm_spi_register_master() on bind.
+As a consequence, on unbind, __device_release_driver() first invokes
+bcm2835aux_spi_remove() before unregistering the SPI controller via
+devres_release_all().
+
+This order is incorrect: bcm2835aux_spi_remove() turns off the SPI
+controller, including its interrupts and clock. The SPI controller
+is thus no longer usable.
+
+When the SPI controller is subsequently unregistered, it unbinds all
+its slave devices. If their drivers need to access the SPI bus,
+e.g. to quiesce their interrupts, unbinding will fail.
+
+As a rule, devm_spi_register_master() must not be used if the
+->remove() hook performs teardown steps which shall be performed
+after unbinding of slaves.
+
+Fix by using the non-devm variant spi_register_master(). Note that the
+struct spi_master as well as the driver-private data are not freed until
+after bcm2835aux_spi_remove() has finished, so accessing them is safe.
+
+Fixes: 1ea29b39f4c8 ("spi: bcm2835aux: add bcm2835 auxiliary spi device driver")
+Signed-off-by: Lukas Wunner <lukas@wunner.de>
+Cc: stable@vger.kernel.org # v4.4+
+Cc: Martin Sperl <kernel@martin.sperl.org>
+Link: https://lore.kernel.org/r/32f27f4d8242e4d75f9a53f7e8f1f77483b08669.1589557526.git.lukas@wunner.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi-bcm2835aux.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/spi/spi-bcm2835aux.c
++++ b/drivers/spi/spi-bcm2835aux.c
+@@ -457,7 +457,7 @@ static int bcm2835aux_spi_probe(struct p
+ goto out_clk_disable;
+ }
+
+- err = devm_spi_register_master(&pdev->dev, master);
++ err = spi_register_master(master);
+ if (err) {
+ dev_err(&pdev->dev, "could not register SPI master: %d\n", err);
+ goto out_clk_disable;
+@@ -477,6 +477,8 @@ static int bcm2835aux_spi_remove(struct
+ struct spi_master *master = platform_get_drvdata(pdev);
+ struct bcm2835aux_spi *bs = spi_master_get_devdata(master);
+
++ spi_unregister_master(master);
++
+ bcm2835aux_spi_reset_hw(bs);
+
+ /* disable the HW block by releasing the clock */
projects / thirdparty / kernel / stable-queue.git / commitdiff
