--- /dev/null
+From 74121b9aa3cd571ddfff014a9f47db36cae3cda9 Mon Sep 17 00:00:00 2001
+From: Thor Thayer <thor.thayer@linux.intel.com>
+Date: Tue, 25 Sep 2018 10:31:52 -0500
+Subject: arm64: dts: stratix10: Correct System Manager register size
+
+From: Thor Thayer <thor.thayer@linux.intel.com>
+
+commit 74121b9aa3cd571ddfff014a9f47db36cae3cda9 upstream.
+
+Correct the register size of the System Manager node.
+
+Cc: stable@vger.kernel.org
+Fixes: 78cd6a9d8e154 ("arm64: dts: Add base stratix 10 dtsi")
+Signed-off-by: Thor Thayer <thor.thayer@linux.intel.com>
+Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi
++++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi
+@@ -249,7 +249,7 @@
+
+ sysmgr: sysmgr@ffd12000 {
+ compatible = "altr,sys-mgr", "syscon";
+- reg = <0xffd12000 0x1000>;
++ reg = <0xffd12000 0x228>;
+ };
+
+ /* Local timer */
--- /dev/null
+From 672ca9dd13f1aca0c17516f76fc5b0e8344b3e46 Mon Sep 17 00:00:00 2001
+From: Nicolas Pitre <nicolas.pitre@linaro.org>
+Date: Tue, 30 Oct 2018 13:26:15 -0400
+Subject: Cramfs: fix abad comparison when wrap-arounds occur
+
+From: Nicolas Pitre <nicolas.pitre@linaro.org>
+
+commit 672ca9dd13f1aca0c17516f76fc5b0e8344b3e46 upstream.
+
+It is possible for corrupted filesystem images to produce very large
+block offsets that may wrap when a length is added, and wrongly pass
+the buffer size test.
+
+Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
+Signed-off-by: Nicolas Pitre <nico@linaro.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cramfs/inode.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/cramfs/inode.c
++++ b/fs/cramfs/inode.c
+@@ -186,7 +186,8 @@ static void *cramfs_read(struct super_bl
+ continue;
+ blk_offset = (blocknr - buffer_blocknr[i]) << PAGE_SHIFT;
+ blk_offset += offset;
+- if (blk_offset + len > BUFFER_SIZE)
++ if (blk_offset > BUFFER_SIZE ||
++ blk_offset + len > BUFFER_SIZE)
+ continue;
+ return read_buffers[i] + blk_offset;
+ }
--- /dev/null
+From 940c620d6af8fca7d115de40f19870fba415efac Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Thu, 27 Sep 2018 22:36:27 +0100
+Subject: rpmsg: smd: fix memory leak on channel create
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit 940c620d6af8fca7d115de40f19870fba415efac upstream.
+
+Currently a failed allocation of channel->name leads to an
+immediate return without freeing channel. Fix this by setting
+ret to -ENOMEM and jumping to an exit path that kfree's channel.
+
+Detected by CoverityScan, CID#1473692 ("Resource Leak")
+
+Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
+Cc: stable@vger.kernel.org
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rpmsg/qcom_smd.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/rpmsg/qcom_smd.c
++++ b/drivers/rpmsg/qcom_smd.c
+@@ -1012,8 +1012,10 @@ static struct qcom_smd_channel *qcom_smd
+
+ channel->edge = edge;
+ channel->name = kstrdup(name, GFP_KERNEL);
+- if (!channel->name)
+- return ERR_PTR(-ENOMEM);
++ if (!channel->name) {
++ ret = -ENOMEM;
++ goto free_channel;
++ }
+
+ mutex_init(&channel->tx_lock);
+ spin_lock_init(&channel->recv_lock);
+@@ -1062,6 +1064,7 @@ static struct qcom_smd_channel *qcom_smd
+
+ free_name_and_channel:
+ kfree(channel->name);
++free_channel:
+ kfree(channel);
+
+ return ERR_PTR(ret);
media-em28xx-fix-input-name-for-terratec-av-350.patch
media-em28xx-make-v4l2-compliance-happier-by-starting-sequence-on-zero.patch
arm64-lse-remove-fcall-used-x0-flag.patch
+rpmsg-smd-fix-memory-leak-on-channel-create.patch
+cramfs-fix-abad-comparison-when-wrap-arounds-occur.patch
+arm64-dts-stratix10-correct-system-manager-register-size.patch
+soc-tegra-pmc-fix-child-node-lookup.patch
--- /dev/null
+From 1dc6bd5e39a29453bdcc17348dd2a89f1aa4004e Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 15 Nov 2017 10:44:58 +0100
+Subject: soc/tegra: pmc: Fix child-node lookup
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 1dc6bd5e39a29453bdcc17348dd2a89f1aa4004e upstream.
+
+Fix child-node lookup during probe, which ended up searching the whole
+device tree depth-first starting at the parent rather than just matching
+on its children.
+
+To make things worse, the parent pmc node could end up being prematurely
+freed as of_find_node_by_name() drops a reference to its first argument.
+
+Fixes: 3568df3d31d6 ("soc: tegra: Add thermal reset (thermtrip) support to PMC")
+Cc: stable <stable@vger.kernel.org> # 4.0
+Cc: Mikko Perttunen <mperttunen@nvidia.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
+Signed-off-by: Thierry Reding <treding@nvidia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/soc/tegra/pmc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/soc/tegra/pmc.c
++++ b/drivers/soc/tegra/pmc.c
+@@ -1189,7 +1189,7 @@ static void tegra_pmc_init_tsense_reset(
+ if (!pmc->soc->has_tsense_reset)
+ return;
+
+- np = of_find_node_by_name(pmc->dev->of_node, "i2c-thermtrip");
++ np = of_get_child_by_name(pmc->dev->of_node, "i2c-thermtrip");
+ if (!np) {
+ dev_warn(dev, "i2c-thermtrip node not found, %s.\n", disabled);
+ return;
projects / thirdparty / kernel / stable-queue.git / commitdiff
