From 4cd4f1936b1c44ec9928b44abc12cc86b2196123 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 20 Aug 2023 20:13:31 +0200
Subject: [PATCH] 5.4-stable patches

added patches:
	btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch
	tty-serial-fsl_lpuart-clear-the-error-flags-by-writing-1-for-lpuart32-platforms.patch
---
 ...on-condition-in-btrfs_cancel_balance.patch | 64 +++++++++++++++++++
 queue-5.4/series                              |  2 +
 ...-by-writing-1-for-lpuart32-platforms.patch | 37 +++++++++++
 3 files changed, 103 insertions(+)
 create mode 100644 queue-5.4/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch
 create mode 100644 queue-5.4/tty-serial-fsl_lpuart-clear-the-error-flags-by-writing-1-for-lpuart32-platforms.patch

diff --git a/queue-5.4/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch b/queue-5.4/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch
new file mode 100644
index 00000000000..2fc600221c5
--- /dev/null
+++ b/queue-5.4/btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch
@@ -0,0 +1,64 @@
+From 29eefa6d0d07e185f7bfe9576f91e6dba98189c2 Mon Sep 17 00:00:00 2001
+From: xiaoshoukui <xiaoshoukui@gmail.com>
+Date: Tue, 15 Aug 2023 02:55:59 -0400
+Subject: btrfs: fix BUG_ON condition in btrfs_cancel_balance
+
+From: xiaoshoukui <xiaoshoukui@gmail.com>
+
+commit 29eefa6d0d07e185f7bfe9576f91e6dba98189c2 upstream.
+
+Pausing and canceling balance can race to interrupt balance lead to BUG_ON
+panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance
+does not take this race scenario into account.
+
+However, the race condition has no other side effects. We can fix that.
+
+Reproducing it with panic trace like this:
+
+  kernel BUG at fs/btrfs/volumes.c:4618!
+  RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0
+  Call Trace:
+   <TASK>
+   ? do_nanosleep+0x60/0x120
+   ? hrtimer_nanosleep+0xb7/0x1a0
+   ? sched_core_clone_cookie+0x70/0x70
+   btrfs_ioctl_balance_ctl+0x55/0x70
+   btrfs_ioctl+0xa46/0xd20
+   __x64_sys_ioctl+0x7d/0xa0
+   do_syscall_64+0x38/0x80
+   entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+  Race scenario as follows:
+  > mutex_unlock(&fs_info->balance_mutex);
+  > --------------------
+  > .......issue pause and cancel req in another thread
+  > --------------------
+  > ret = __btrfs_balance(fs_info);
+  >
+  > mutex_lock(&fs_info->balance_mutex);
+  > if (ret == -ECANCELED && atomic_read(&fs_info->balance_pause_req)) {
+  >         btrfs_info(fs_info, "balance: paused");
+  >         btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);
+  > }
+
+CC: stable@vger.kernel.org # 4.19+
+Signed-off-by: xiaoshoukui <xiaoshoukui@ruijie.com.cn>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/volumes.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/btrfs/volumes.c
++++ b/fs/btrfs/volumes.c
+@@ -4558,8 +4558,7 @@ int btrfs_cancel_balance(struct btrfs_fs
+ 		}
+ 	}
+ 
+-	BUG_ON(fs_info->balance_ctl ||
+-		test_bit(BTRFS_FS_BALANCE_RUNNING, &fs_info->flags));
++	ASSERT(!test_bit(BTRFS_FS_BALANCE_RUNNING, &fs_info->flags));
+ 	atomic_dec(&fs_info->balance_cancel_req);
+ 	mutex_unlock(&fs_info->balance_mutex);
+ 	return 0;
diff --git a/queue-5.4/series b/queue-5.4/series
index d737124c283..9697a27d65b 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -58,3 +58,5 @@ virtio-mmio-don-t-break-lifecycle-of-vm_dev.patch
 i2c-bcm-iproc-fix-bcm_iproc_i2c_isr-deadlock-issue.patch
 fbdev-mmp-fix-value-check-in-mmphw_probe.patch
 powerpc-rtas_flash-allow-user-copy-to-flash-block-cache-objects.patch
+tty-serial-fsl_lpuart-clear-the-error-flags-by-writing-1-for-lpuart32-platforms.patch
+btrfs-fix-bug_on-condition-in-btrfs_cancel_balance.patch
diff --git a/queue-5.4/tty-serial-fsl_lpuart-clear-the-error-flags-by-writing-1-for-lpuart32-platforms.patch b/queue-5.4/tty-serial-fsl_lpuart-clear-the-error-flags-by-writing-1-for-lpuart32-platforms.patch
new file mode 100644
index 00000000000..8d8728afb85
--- /dev/null
+++ b/queue-5.4/tty-serial-fsl_lpuart-clear-the-error-flags-by-writing-1-for-lpuart32-platforms.patch
@@ -0,0 +1,37 @@
+From 282069845af388b08d622ad192b831dcd0549c62 Mon Sep 17 00:00:00 2001
+From: Sherry Sun <sherry.sun@nxp.com>
+Date: Tue, 1 Aug 2023 10:23:04 +0800
+Subject: tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms
+
+From: Sherry Sun <sherry.sun@nxp.com>
+
+commit 282069845af388b08d622ad192b831dcd0549c62 upstream.
+
+Do not read the data register to clear the error flags for lpuart32
+platforms, the additional read may cause the receive FIFO underflow
+since the DMA has already read the data register.
+Actually all lpuart32 platforms support write 1 to clear those error
+bits, let's use this method to better clear the error flags.
+
+Fixes: 42b68768e51b ("serial: fsl_lpuart: DMA support for 32-bit variant")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
+Link: https://lore.kernel.org/r/20230801022304.24251-1-sherry.sun@nxp.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/serial/fsl_lpuart.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/serial/fsl_lpuart.c
++++ b/drivers/tty/serial/fsl_lpuart.c
+@@ -1023,8 +1023,8 @@ static void lpuart_copy_rx_to_tty(struct
+ 		unsigned long sr = lpuart32_read(&sport->port, UARTSTAT);
+ 
+ 		if (sr & (UARTSTAT_PE | UARTSTAT_FE)) {
+-			/* Read DR to clear the error flags */
+-			lpuart32_read(&sport->port, UARTDATA);
++			/* Clear the error flags */
++			lpuart32_write(&sport->port, sr, UARTSTAT);
+ 
+ 			if (sr & UARTSTAT_PE)
+ 				sport->port.icount.parity++;
-- 
2.47.3