--- /dev/null
+From 47830c1127ef166af787caf2f871f23089610a7f Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 4 Apr 2019 08:53:30 +0200
+Subject: staging: greybus: power_supply: fix prop-descriptor request size
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 47830c1127ef166af787caf2f871f23089610a7f upstream.
+
+Since moving the message buffers off the stack, the dynamically
+allocated get-prop-descriptor request buffer is incorrectly sized due to
+using the pointer rather than request-struct size when creating the
+operation.
+
+Fortunately, the pointer size is always larger than this one-byte
+request, but this could still cause trouble on the remote end due to the
+unexpected message size.
+
+Fixes: 9d15134d067e ("greybus: power_supply: rework get descriptors")
+Cc: stable <stable@vger.kernel.org> # 4.9
+Cc: Rui Miguel Silva <rui.silva@linaro.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Reviewed-by: Rui Miguel Silva <rmfrfs@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/greybus/power_supply.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/greybus/power_supply.c
++++ b/drivers/staging/greybus/power_supply.c
+@@ -520,7 +520,7 @@ static int gb_power_supply_prop_descript
+
+ op = gb_operation_create(connection,
+ GB_POWER_SUPPLY_TYPE_GET_PROP_DESCRIPTORS,
+- sizeof(req), sizeof(*resp) + props_count *
++ sizeof(*req), sizeof(*resp) + props_count *
+ sizeof(struct gb_power_supply_props_desc),
+ GFP_KERNEL);
+ if (!op)
--- /dev/null
+From af708900e9a48c0aa46070c8a8cdf0608a1d2025 Mon Sep 17 00:00:00 2001
+From: Suresh Udipi <sudipi@jp.adit-jv.com>
+Date: Wed, 24 Apr 2019 21:23:43 +0200
+Subject: staging: most: cdev: fix chrdev_region leak in mod_exit
+
+From: Suresh Udipi <sudipi@jp.adit-jv.com>
+
+commit af708900e9a48c0aa46070c8a8cdf0608a1d2025 upstream.
+
+It looks like v4.18-rc1 commit [0] which upstreams mld-1.8.0
+commit [1] missed to fix the memory leak in mod_exit function.
+
+Do it now.
+
+[0] aba258b7310167 ("staging: most: cdev: fix chrdev_region leak")
+[1] https://github.com/microchip-ais/linux/commit/a2d8f7ae7ea381
+ ("staging: most: cdev: fix leak for chrdev_region")
+
+Signed-off-by: Suresh Udipi <sudipi@jp.adit-jv.com>
+Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
+Acked-by: Christian Gromm <christian.gromm@microchip.com>
+Fixes: aba258b73101 ("staging: most: cdev: fix chrdev_region leak")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/most/cdev/cdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/most/cdev/cdev.c
++++ b/drivers/staging/most/cdev/cdev.c
+@@ -546,7 +546,7 @@ static void __exit mod_exit(void)
+ destroy_cdev(c);
+ destroy_channel(c);
+ }
+- unregister_chrdev_region(comp.devno, 1);
++ unregister_chrdev_region(comp.devno, CHRDEV_REGION_SIZE);
+ ida_destroy(&comp.minor_id);
+ class_destroy(comp.class);
+ }
--- /dev/null
+From 98592c1faca82a9024a64e4ecead68b19f81c299 Mon Sep 17 00:00:00 2001
+From: Christian Gromm <christian.gromm@microchip.com>
+Date: Tue, 30 Apr 2019 14:07:48 +0200
+Subject: staging: most: sound: pass correct device when creating a sound card
+
+From: Christian Gromm <christian.gromm@microchip.com>
+
+commit 98592c1faca82a9024a64e4ecead68b19f81c299 upstream.
+
+This patch fixes the usage of the wrong struct device when calling
+function snd_card_new.
+
+Reported-by: Eugeniu Rosca <erosca@de.adit-jv.com>
+Signed-off-by: Christian Gromm <christian.gromm@microchip.com>
+Fixes: 69c90cf1b2fa ("staging: most: sound: call snd_card_new with struct device")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/most/sound/sound.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/most/sound/sound.c
++++ b/drivers/staging/most/sound/sound.c
+@@ -622,7 +622,7 @@ static int audio_probe_channel(struct mo
+ INIT_LIST_HEAD(&adpt->dev_list);
+ iface->priv = adpt;
+ list_add_tail(&adpt->list, &adpt_list);
+- ret = snd_card_new(&iface->dev, -1, "INIC", THIS_MODULE,
++ ret = snd_card_new(iface->driver_dev, -1, "INIC", THIS_MODULE,
+ sizeof(*channel), &adpt->card);
+ if (ret < 0)
+ goto err_free_adpt;
--- /dev/null
+From f0996bc2978e02d2ea898101462b960f6119b18f Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Date: Mon, 6 May 2019 13:45:26 +0300
+Subject: ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+
+commit f0996bc2978e02d2ea898101462b960f6119b18f upstream.
+
+Building lib/ubsan.c with gcc-9 results in a ton of nasty warnings like
+this one:
+
+ lib/ubsan.c warning: conflicting types for built-in function
+ ‘__ubsan_handle_negate_overflow’; expected ‘void(void *, void *)’ [-Wbuiltin-declaration-mismatch]
+
+The kernel's declarations of __ubsan_handle_*() often uses 'unsigned
+long' types in parameters while GCC these parameters as 'void *' types,
+hence the mismatch.
+
+Fix this by using 'void *' to match GCC's declarations.
+
+Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Fixes: c6d308534aef ("UBSAN: run-time undefined behavior sanity checker")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ lib/ubsan.c | 49 +++++++++++++++++++++++--------------------------
+ 1 file changed, 23 insertions(+), 26 deletions(-)
+
+--- a/lib/ubsan.c
++++ b/lib/ubsan.c
+@@ -86,11 +86,13 @@ static bool is_inline_int(struct type_de
+ return bits <= inline_bits;
+ }
+
+-static s_max get_signed_val(struct type_descriptor *type, unsigned long val)
++static s_max get_signed_val(struct type_descriptor *type, void *val)
+ {
+ if (is_inline_int(type)) {
+ unsigned extra_bits = sizeof(s_max)*8 - type_bit_width(type);
+- return ((s_max)val) << extra_bits >> extra_bits;
++ unsigned long ulong_val = (unsigned long)val;
++
++ return ((s_max)ulong_val) << extra_bits >> extra_bits;
+ }
+
+ if (type_bit_width(type) == 64)
+@@ -99,15 +101,15 @@ static s_max get_signed_val(struct type_
+ return *(s_max *)val;
+ }
+
+-static bool val_is_negative(struct type_descriptor *type, unsigned long val)
++static bool val_is_negative(struct type_descriptor *type, void *val)
+ {
+ return type_is_signed(type) && get_signed_val(type, val) < 0;
+ }
+
+-static u_max get_unsigned_val(struct type_descriptor *type, unsigned long val)
++static u_max get_unsigned_val(struct type_descriptor *type, void *val)
+ {
+ if (is_inline_int(type))
+- return val;
++ return (unsigned long)val;
+
+ if (type_bit_width(type) == 64)
+ return *(u64 *)val;
+@@ -116,7 +118,7 @@ static u_max get_unsigned_val(struct typ
+ }
+
+ static void val_to_string(char *str, size_t size, struct type_descriptor *type,
+- unsigned long value)
++ void *value)
+ {
+ if (type_is_int(type)) {
+ if (type_bit_width(type) == 128) {
+@@ -163,8 +165,8 @@ static void ubsan_epilogue(unsigned long
+ current->in_ubsan--;
+ }
+
+-static void handle_overflow(struct overflow_data *data, unsigned long lhs,
+- unsigned long rhs, char op)
++static void handle_overflow(struct overflow_data *data, void *lhs,
++ void *rhs, char op)
+ {
+
+ struct type_descriptor *type = data->type;
+@@ -191,8 +193,7 @@ static void handle_overflow(struct overf
+ }
+
+ void __ubsan_handle_add_overflow(struct overflow_data *data,
+- unsigned long lhs,
+- unsigned long rhs)
++ void *lhs, void *rhs)
+ {
+
+ handle_overflow(data, lhs, rhs, '+');
+@@ -200,23 +201,21 @@ void __ubsan_handle_add_overflow(struct
+ EXPORT_SYMBOL(__ubsan_handle_add_overflow);
+
+ void __ubsan_handle_sub_overflow(struct overflow_data *data,
+- unsigned long lhs,
+- unsigned long rhs)
++ void *lhs, void *rhs)
+ {
+ handle_overflow(data, lhs, rhs, '-');
+ }
+ EXPORT_SYMBOL(__ubsan_handle_sub_overflow);
+
+ void __ubsan_handle_mul_overflow(struct overflow_data *data,
+- unsigned long lhs,
+- unsigned long rhs)
++ void *lhs, void *rhs)
+ {
+ handle_overflow(data, lhs, rhs, '*');
+ }
+ EXPORT_SYMBOL(__ubsan_handle_mul_overflow);
+
+ void __ubsan_handle_negate_overflow(struct overflow_data *data,
+- unsigned long old_val)
++ void *old_val)
+ {
+ unsigned long flags;
+ char old_val_str[VALUE_LENGTH];
+@@ -237,8 +236,7 @@ EXPORT_SYMBOL(__ubsan_handle_negate_over
+
+
+ void __ubsan_handle_divrem_overflow(struct overflow_data *data,
+- unsigned long lhs,
+- unsigned long rhs)
++ void *lhs, void *rhs)
+ {
+ unsigned long flags;
+ char rhs_val_str[VALUE_LENGTH];
+@@ -323,7 +321,7 @@ static void ubsan_type_mismatch_common(s
+ }
+
+ void __ubsan_handle_type_mismatch(struct type_mismatch_data *data,
+- unsigned long ptr)
++ void *ptr)
+ {
+ struct type_mismatch_data_common common_data = {
+ .location = &data->location,
+@@ -332,12 +330,12 @@ void __ubsan_handle_type_mismatch(struct
+ .type_check_kind = data->type_check_kind
+ };
+
+- ubsan_type_mismatch_common(&common_data, ptr);
++ ubsan_type_mismatch_common(&common_data, (unsigned long)ptr);
+ }
+ EXPORT_SYMBOL(__ubsan_handle_type_mismatch);
+
+ void __ubsan_handle_type_mismatch_v1(struct type_mismatch_data_v1 *data,
+- unsigned long ptr)
++ void *ptr)
+ {
+
+ struct type_mismatch_data_common common_data = {
+@@ -347,12 +345,12 @@ void __ubsan_handle_type_mismatch_v1(str
+ .type_check_kind = data->type_check_kind
+ };
+
+- ubsan_type_mismatch_common(&common_data, ptr);
++ ubsan_type_mismatch_common(&common_data, (unsigned long)ptr);
+ }
+ EXPORT_SYMBOL(__ubsan_handle_type_mismatch_v1);
+
+ void __ubsan_handle_vla_bound_not_positive(struct vla_bound_data *data,
+- unsigned long bound)
++ void *bound)
+ {
+ unsigned long flags;
+ char bound_str[VALUE_LENGTH];
+@@ -369,8 +367,7 @@ void __ubsan_handle_vla_bound_not_positi
+ }
+ EXPORT_SYMBOL(__ubsan_handle_vla_bound_not_positive);
+
+-void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data,
+- unsigned long index)
++void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data, void *index)
+ {
+ unsigned long flags;
+ char index_str[VALUE_LENGTH];
+@@ -388,7 +385,7 @@ void __ubsan_handle_out_of_bounds(struct
+ EXPORT_SYMBOL(__ubsan_handle_out_of_bounds);
+
+ void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data,
+- unsigned long lhs, unsigned long rhs)
++ void *lhs, void *rhs)
+ {
+ unsigned long flags;
+ struct type_descriptor *rhs_type = data->rhs_type;
+@@ -439,7 +436,7 @@ void __ubsan_handle_builtin_unreachable(
+ EXPORT_SYMBOL(__ubsan_handle_builtin_unreachable);
+
+ void __ubsan_handle_load_invalid_value(struct invalid_value_data *data,
+- unsigned long val)
++ void *val)
+ {
+ unsigned long flags;
+ char val_str[VALUE_LENGTH];
projects / thirdparty / kernel / stable-queue.git / commitdiff
