--- /dev/null
+From 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Sat, 22 Dec 2018 10:34:54 +0000
+Subject: cw1200: fix missing unlock on error in cw1200_hw_scan()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 upstream.
+
+Add the missing unlock before return from function cw1200_hw_scan()
+in the error handling case.
+
+Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Acked-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+[iwamatsu: Change the patching file from drivers/net/wireless/st/cw1200/scan.c to
+drivers/net/wireless/cw1200/scan.c]
+Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/cw1200/scan.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/cw1200/scan.c
++++ b/drivers/net/wireless/cw1200/scan.c
+@@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *
+
+ frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
+ req->ie_len);
+- if (!frame.skb)
++ if (!frame.skb) {
++ mutex_unlock(&priv->conf_mutex);
++ up(&priv->scan.lock);
+ return -ENOMEM;
++ }
+
+ if (req->ie_len)
+ memcpy(skb_put(frame.skb, req->ie_len), req->ie, req->ie_len);
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
- drivers/gpu/ipu-v3/ipu-dp.c | 12 +++++++++---
+ drivers/gpu/ipu-v3/ipu-dp.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
-diff --git a/drivers/gpu/ipu-v3/ipu-dp.c b/drivers/gpu/ipu-v3/ipu-dp.c
-index 98686edbcdbb0..33de3a1bac49f 100644
--- a/drivers/gpu/ipu-v3/ipu-dp.c
+++ b/drivers/gpu/ipu-v3/ipu-dp.c
-@@ -195,7 +195,8 @@ int ipu_dp_setup_channel(struct ipu_dp *dp,
+@@ -195,7 +195,8 @@ int ipu_dp_setup_channel(struct ipu_dp *
ipu_dp_csc_init(flow, flow->foreground.in_cs, flow->out_cs,
DP_COM_CONF_CSC_DEF_BOTH);
} else {
/*
* foreground identical to output, apply color
* conversion on background
-@@ -261,6 +262,8 @@ void ipu_dp_disable_channel(struct ipu_dp *dp)
+@@ -261,6 +262,8 @@ void ipu_dp_disable_channel(struct ipu_d
struct ipu_dp_priv *priv = flow->priv;
u32 reg, csc;
if (!dp->foreground)
return;
-@@ -268,8 +271,9 @@ void ipu_dp_disable_channel(struct ipu_dp *dp)
+@@ -268,8 +271,9 @@ void ipu_dp_disable_channel(struct ipu_d
reg = readl(flow->base + DP_COM_CONF);
csc = reg & DP_COM_CONF_CSC_DEF_MASK;
reg &= ~DP_COM_CONF_FG_EN;
writel(reg, flow->base + DP_COM_CONF);
-@@ -350,6 +354,8 @@ int ipu_dp_init(struct ipu_soc *ipu, struct device *dev, unsigned long base)
+@@ -350,6 +354,8 @@ int ipu_dp_init(struct ipu_soc *ipu, str
mutex_init(&priv->mutex);
for (i = 0; i < IPUV3_NUM_FLOWS; i++) {
priv->flow[i].foreground.foreground = true;
priv->flow[i].base = priv->base + ipu_dp_flow_base[i];
priv->flow[i].priv = priv;
---
-2.20.1
-
s390-ctcm-fix-ctcm_new_device-error-return-code.patch
selftests-net-correct-the-return-value-for-run_netso.patch
gpu-ipu-v3-dp-fix-csc-handling.patch
+cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch
+x86-vdso-pass-eh-frame-hdr-to-the-linker.patch
--- /dev/null
+From cd01544a268ad8ee5b1dfe42c4393f1095f86879 Mon Sep 17 00:00:00 2001
+From: Alistair Strachan <astrachan@google.com>
+Date: Fri, 14 Dec 2018 14:36:37 -0800
+Subject: x86/vdso: Pass --eh-frame-hdr to the linker
+
+From: Alistair Strachan <astrachan@google.com>
+
+commit cd01544a268ad8ee5b1dfe42c4393f1095f86879 upstream.
+
+Commit
+
+ 379d98ddf413 ("x86: vdso: Use $LD instead of $CC to link")
+
+accidentally broke unwinding from userspace, because ld would strip the
+.eh_frame sections when linking.
+
+Originally, the compiler would implicitly add --eh-frame-hdr when
+invoking the linker, but when this Makefile was converted from invoking
+ld via the compiler, to invoking it directly (like vmlinux does),
+the flag was missed. (The EH_FRAME section is important for the VDSO
+shared libraries, but not for vmlinux.)
+
+Fix the problem by explicitly specifying --eh-frame-hdr, which restores
+parity with the old method.
+
+See relevant bug reports for additional info:
+
+ https://bugzilla.kernel.org/show_bug.cgi?id=201741
+ https://bugzilla.redhat.com/show_bug.cgi?id=1659295
+
+Fixes: 379d98ddf413 ("x86: vdso: Use $LD instead of $CC to link")
+Reported-by: Florian Weimer <fweimer@redhat.com>
+Reported-by: Carlos O'Donell <carlos@redhat.com>
+Reported-by: "H. J. Lu" <hjl.tools@gmail.com>
+Signed-off-by: Alistair Strachan <astrachan@google.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Tested-by: Laura Abbott <labbott@redhat.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Carlos O'Donell <carlos@redhat.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Joel Fernandes <joel@joelfernandes.org>
+Cc: kernel-team@android.com
+Cc: Laura Abbott <labbott@redhat.com>
+Cc: stable <stable@vger.kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: X86 ML <x86@kernel.org>
+Link: https://lkml.kernel.org/r/20181214223637.35954-1-astrachan@google.com
+Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/vdso/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/entry/vdso/Makefile
++++ b/arch/x86/entry/vdso/Makefile
+@@ -159,7 +159,8 @@ quiet_cmd_vdso = VDSO $@
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
+
+ VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \
+- $(call ld-option, --build-id) -Bsymbolic
++ $(call ld-option, --build-id) $(call ld-option, --eh-frame-hdr) \
++ -Bsymbolic
+ GCOV_PROFILE := n
+
+ #
projects / thirdparty / kernel / stable-queue.git / commitdiff
