--- /dev/null
+From 0349f3e82f07ef6f8201073d4758d8e227de123f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 26 Aug 2019 02:41:17 -0400
+Subject: dm zoned: fix invalid memory access
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+[ Upstream commit 0c8e9c2d668278652af028c3cc068c65f66342f4 ]
+
+Commit 75d66ffb48efb30f2dd42f041ba8b39c5b2bd115 ("dm zoned: properly
+handle backing device failure") triggers a coverity warning:
+
+*** CID 1452808: Memory - illegal accesses (USE_AFTER_FREE)
+/drivers/md/dm-zoned-target.c: 137 in dmz_submit_bio()
+131 clone->bi_private = bioctx;
+132
+133 bio_advance(bio, clone->bi_iter.bi_size);
+134
+135 refcount_inc(&bioctx->ref);
+136 generic_make_request(clone);
+>>> CID 1452808: Memory - illegal accesses (USE_AFTER_FREE)
+>>> Dereferencing freed pointer "clone".
+137 if (clone->bi_status == BLK_STS_IOERR)
+138 return -EIO;
+139
+140 if (bio_op(bio) == REQ_OP_WRITE && dmz_is_seq(zone))
+141 zone->wp_block += nr_blocks;
+142
+
+The "clone" bio may be processed and freed before the check
+"clone->bi_status == BLK_STS_IOERR" - so this check can access invalid
+memory.
+
+Fixes: 75d66ffb48efb3 ("dm zoned: properly handle backing device failure")
+Cc: stable@vger.kernel.org
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/dm-zoned-target.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/md/dm-zoned-target.c b/drivers/md/dm-zoned-target.c
+index ff3fd011796ed..3334f5865de77 100644
+--- a/drivers/md/dm-zoned-target.c
++++ b/drivers/md/dm-zoned-target.c
+@@ -133,8 +133,6 @@ static int dmz_submit_bio(struct dmz_target *dmz, struct dm_zone *zone,
+
+ refcount_inc(&bioctx->ref);
+ generic_make_request(clone);
+- if (clone->bi_status == BLK_STS_IOERR)
+- return -EIO;
+
+ if (bio_op(bio) == REQ_OP_WRITE && dmz_is_seq(zone))
+ zone->wp_block += nr_blocks;
+--
+2.20.1
+
--- /dev/null
+From 3bf463880a5fe5b8909b6349c9a8590251c0a584 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Sep 2019 22:44:51 +0200
+Subject: net/ibmvnic: Fix missing { in __ibmvnic_reset
+
+From: Michal Suchanek <msuchanek@suse.de>
+
+[ Upstream commit c8dc55956b09b53ccffceb6e3146981210e27821 ]
+
+Commit 1c2977c09499 ("net/ibmvnic: free reset work of removed device from queue")
+adds a } without corresponding { causing build break.
+
+Fixes: 1c2977c09499 ("net/ibmvnic: free reset work of removed device from queue")
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>
+Reviewed-by: Juliet Kim <julietk@linux.vnet.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
+index 6644cabc8e756..5cb55ea671e35 100644
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1984,7 +1984,7 @@ static void __ibmvnic_reset(struct work_struct *work)
+ rwi = get_next_rwi(adapter);
+ while (rwi) {
+ if (adapter->state == VNIC_REMOVING ||
+- adapter->state == VNIC_REMOVED)
++ adapter->state == VNIC_REMOVED) {
+ kfree(rwi);
+ rc = EBUSY;
+ break;
+--
+2.20.1
+
--- /dev/null
+From 6d3872ffedabc9c329e9b162a3bde02a0e464eea Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 2 Aug 2019 18:15:48 +0800
+Subject: Revert "f2fs: avoid out-of-range memory access"
+
+From: Chao Yu <yuchao0@huawei.com>
+
+[ Upstream commit a37d0862d17411edb67677a580a6f505ec2225f6 ]
+
+As Pavel Machek reported:
+
+"We normally use -EUCLEAN to signal filesystem corruption. Plus, it is
+good idea to report it to the syslog and mark filesystem as "needing
+fsck" if filesystem can do that."
+
+Still we need improve the original patch with:
+- use unlikely keyword
+- add message print
+- return EUCLEAN
+
+However, after rethink this patch, I don't think we should add such
+condition check here as below reasons:
+- We have already checked the field in f2fs_sanity_check_ckpt(),
+- If there is fs corrupt or security vulnerability, there is nothing
+to guarantee the field is integrated after the check, unless we do
+the check before each of its use, however no filesystem does that.
+- We only have similar check for bitmap, which was added due to there
+is bitmap corruption happened on f2fs' runtime in product.
+- There are so many key fields in SB/CP/NAT did have such check
+after f2fs_sanity_check_{sb,cp,..}.
+
+So I propose to revert this unneeded check.
+
+This reverts commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a.
+
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/f2fs/segment.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
+index ce15fbcd7cff0..291f7106537c7 100644
+--- a/fs/f2fs/segment.c
++++ b/fs/f2fs/segment.c
+@@ -3403,11 +3403,6 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi)
+ seg_i = CURSEG_I(sbi, i);
+ segno = le32_to_cpu(ckpt->cur_data_segno[i]);
+ blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]);
+- if (blk_off > ENTRIES_IN_SUM) {
+- f2fs_bug_on(sbi, 1);
+- f2fs_put_page(page, 1);
+- return -EFAULT;
+- }
+ seg_i->next_segno = segno;
+ reset_curseg(sbi, i, 0);
+ seg_i->alloc_type = ckpt->alloc_type[i];
+--
+2.20.1
+
alsa-hda-apply-amd-controller-workaround-for-raven-platform.patch
platform-x86-i2c-multi-instantiate-derive-the-device-name-from-parent.patch
objtool-clobber-user-cflags-variable.patch
+revert-f2fs-avoid-out-of-range-memory-access.patch
+dm-zoned-fix-invalid-memory-access.patch
+net-ibmvnic-fix-missing-in-__ibmvnic_reset.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
