From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 31 Oct 2022 06:45:20 +0000 (+0100)
Subject: 5.4-stable patches
X-Git-Tag: v4.19.263~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ff98461bbaef152ac5489f02ead22af6a4c7abe1;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch
---

diff --git a/queue-5.4/mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch b/queue-5.4/mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch
new file mode 100644
index 00000000000..016a38f4db6
--- /dev/null
+++ b/queue-5.4/mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch
@@ -0,0 +1,39 @@
+From 9972e6b404884adae9eec7463e30d9b3c9a70b18 Mon Sep 17 00:00:00 2001
+From: Matthew Ma <mahongwei@zeku.com>
+Date: Fri, 14 Oct 2022 11:49:51 +0800
+Subject: mmc: core: Fix kernel panic when remove non-standard SDIO card
+
+From: Matthew Ma <mahongwei@zeku.com>
+
+commit 9972e6b404884adae9eec7463e30d9b3c9a70b18 upstream.
+
+SDIO tuple is only allocated for standard SDIO card, especially it causes
+memory corruption issues when the non-standard SDIO card has removed, which
+is because the card device's reference counter does not increase for it at
+sdio_init_func(), but all SDIO card device reference counter gets decreased
+at sdio_release_func().
+
+Fixes: 6f51be3d37df ("sdio: allow non-standard SDIO cards")
+Signed-off-by: Matthew Ma <mahongwei@zeku.com>
+Reviewed-by: Weizhao Ouyang <ouyangweizhao@zeku.com>
+Reviewed-by: John Wang <wangdayu@zeku.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20221014034951.2300386-1-ouyangweizhao@zeku.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/core/sdio_bus.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/mmc/core/sdio_bus.c
++++ b/drivers/mmc/core/sdio_bus.c
+@@ -266,7 +266,8 @@ static void sdio_release_func(struct dev
+ {
+ 	struct sdio_func *func = dev_to_sdio_func(dev);
+ 
+-	sdio_free_func_cis(func);
++	if (!(func->card->quirks & MMC_QUIRK_NONSTD_SDIO))
++		sdio_free_func_cis(func);
+ 
+ 	kfree(func->info);
+ 	kfree(func->tmpbuf);
diff --git a/queue-5.4/series b/queue-5.4/series
index 3d9ae728b8c..8adbb8d73b6 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -15,3 +15,4 @@ fbdev-smscufx-fix-several-use-after-free-bugs.patch
 mac802154-fix-lqi-recording.patch
 drm-msm-dsi-fix-memory-corruption-with-too-many-bridges.patch
 drm-msm-hdmi-fix-memory-corruption-with-too-many-bridges.patch
+mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch