--- /dev/null
+From c3db901c54466a9c135d1e6e95fec452e8a42666 Mon Sep 17 00:00:00 2001
+From: Baoquan He <bhe@redhat.com>
+Date: Thu, 15 Sep 2016 16:50:52 +0800
+Subject: iommu/amd: Free domain id when free a domain of struct dma_ops_domain
+
+From: Baoquan He <bhe@redhat.com>
+
+commit c3db901c54466a9c135d1e6e95fec452e8a42666 upstream.
+
+The current code missed freeing domain id when free a domain of
+struct dma_ops_domain.
+
+Signed-off-by: Baoquan He <bhe@redhat.com>
+Fixes: ec487d1a110a ('x86, AMD IOMMU: add domain allocation and deallocation functions')
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/amd_iommu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/iommu/amd_iommu.c
++++ b/drivers/iommu/amd_iommu.c
+@@ -1833,6 +1833,9 @@ static void dma_ops_domain_free(struct d
+ kfree(dom->aperture[i]);
+ }
+
++ if (dom->domain.id)
++ domain_id_free(dom->domain.id);
++
+ kfree(dom);
+ }
+
--- /dev/null
+From bea64033dd7b5fb6296eda8266acab6364ce1554 Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Tue, 8 Nov 2016 15:08:26 +0100
+Subject: iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit bea64033dd7b5fb6296eda8266acab6364ce1554 upstream.
+
+It turns out that the disable_dmar_iommu() code-path tried
+to get the device_domain_lock recursivly, which will
+dead-lock when this code runs on dmar removal. Fix both
+code-paths that could lead to the dead-lock.
+
+Fixes: 55d940430ab9 ('iommu/vt-d: Get rid of domain->iommu_lock')
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/intel-iommu.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -1672,6 +1672,7 @@ static void disable_dmar_iommu(struct in
+ if (!iommu->domains || !iommu->domain_ids)
+ return;
+
++again:
+ spin_lock_irqsave(&device_domain_lock, flags);
+ list_for_each_entry_safe(info, tmp, &device_domain_list, global) {
+ struct dmar_domain *domain;
+@@ -1684,10 +1685,19 @@ static void disable_dmar_iommu(struct in
+
+ domain = info->domain;
+
+- dmar_remove_one_dev_info(domain, info->dev);
++ __dmar_remove_one_dev_info(info);
+
+- if (!domain_type_is_vm_or_si(domain))
++ if (!domain_type_is_vm_or_si(domain)) {
++ /*
++ * The domain_exit() function can't be called under
++ * device_domain_lock, as it takes this lock itself.
++ * So release the lock here and re-run the loop
++ * afterwards.
++ */
++ spin_unlock_irqrestore(&device_domain_lock, flags);
+ domain_exit(domain);
++ goto again;
++ }
+ }
+ spin_unlock_irqrestore(&device_domain_lock, flags);
+
--- /dev/null
+From 582ab27a063a506ccb55fc48afcc325342a2deba Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Mon, 31 Oct 2016 19:02:39 +0200
+Subject: mei: bus: fix received data size check in NFC fixup
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 582ab27a063a506ccb55fc48afcc325342a2deba upstream.
+
+NFC version reply size checked against only header size, not against
+full message size. That may lead potentially to uninitialized memory access
+in version data.
+
+That leads to warnings when version data is accessed:
+drivers/misc/mei/bus-fixup.c: warning: '*((void *)&ver+11)' may be used uninitialized in this function [-Wuninitialized]: => 212:2
+
+Reported in
+Build regressions/improvements in v4.9-rc3
+https://lkml.org/lkml/2016/10/30/57
+
+Fixes: 59fcd7c63abf (mei: nfc: Initial nfc implementation)
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/misc/mei/bus-fixup.c | 2 +-
+ drivers/nfc/mei_phy.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/misc/mei/bus-fixup.c
++++ b/drivers/misc/mei/bus-fixup.c
+@@ -151,7 +151,7 @@ static int mei_nfc_if_version(struct mei
+
+ ret = 0;
+ bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length);
+- if (bytes_recv < 0 || bytes_recv < sizeof(struct mei_nfc_reply)) {
++ if (bytes_recv < if_version_length) {
+ dev_err(bus->dev, "Could not read IF version\n");
+ ret = -EIO;
+ goto err;
+--- a/drivers/nfc/mei_phy.c
++++ b/drivers/nfc/mei_phy.c
+@@ -133,7 +133,7 @@ static int mei_nfc_if_version(struct nfc
+ return -ENOMEM;
+
+ bytes_recv = mei_cldev_recv(phy->cldev, (u8 *)reply, if_version_length);
+- if (bytes_recv < 0 || bytes_recv < sizeof(struct mei_nfc_reply)) {
++ if (bytes_recv < 0 || bytes_recv < if_version_length) {
+ pr_err("Could not read IF version\n");
+ r = -EIO;
+ goto err;
drm-i915-respect-alternate_ddc_pin-for-all-ddi-ports.patch
dmaengine-at_xdmac-fix-spurious-flag-status-for-mem2mem-transfers.patch
tty-serial-at91-fix-hardware-handshake-on-atmel-platforms.patch
+iommu-amd-free-domain-id-when-free-a-domain-of-struct-dma_ops_domain.patch
+iommu-vt-d-fix-dead-locks-in-disable_dmar_iommu-path.patch
+mei-bus-fix-received-data-size-check-in-nfc-fixup.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
