From 5fb7af5483f61948d81301a1c7d9aded1269bfdc Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 19 Aug 2020 12:29:23 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	pci-hotplug-acpi-fix-context-refcounting-in-acpiphp_grab_context.patch
---
 ...-refcounting-in-acpiphp_grab_context.patch | 51 +++++++++++++++++++
 queue-4.14/series                             |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 queue-4.14/pci-hotplug-acpi-fix-context-refcounting-in-acpiphp_grab_context.patch

diff --git a/queue-4.14/pci-hotplug-acpi-fix-context-refcounting-in-acpiphp_grab_context.patch b/queue-4.14/pci-hotplug-acpi-fix-context-refcounting-in-acpiphp_grab_context.patch
new file mode 100644
index 00000000000..c2b7656cb6b
--- /dev/null
+++ b/queue-4.14/pci-hotplug-acpi-fix-context-refcounting-in-acpiphp_grab_context.patch
@@ -0,0 +1,51 @@
+From dae68d7fd4930315389117e9da35b763f12238f9 Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Fri, 26 Jun 2020 19:42:34 +0200
+Subject: PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit dae68d7fd4930315389117e9da35b763f12238f9 upstream.
+
+If context is not NULL in acpiphp_grab_context(), but the
+is_going_away flag is set for the device's parent, the reference
+counter of the context needs to be decremented before returning
+NULL or the context will never be freed, so make that happen.
+
+Fixes: edf5bf34d408 ("ACPI / dock: Use callback pointers from devices' ACPI hotplug contexts")
+Reported-by: Vasily Averin <vvs@virtuozzo.com>
+Cc: 3.15+ <stable@vger.kernel.org> # 3.15+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/hotplug/acpiphp_glue.c |   14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/drivers/pci/hotplug/acpiphp_glue.c
++++ b/drivers/pci/hotplug/acpiphp_glue.c
+@@ -136,13 +136,21 @@ static struct acpiphp_context *acpiphp_g
+ 	struct acpiphp_context *context;
+ 
+ 	acpi_lock_hp_context();
++
+ 	context = acpiphp_get_context(adev);
+-	if (!context || context->func.parent->is_going_away) {
+-		acpi_unlock_hp_context();
+-		return NULL;
++	if (!context)
++		goto unlock;
++
++	if (context->func.parent->is_going_away) {
++		acpiphp_put_context(context);
++		context = NULL;
++		goto unlock;
+ 	}
++
+ 	get_bridge(context->func.parent);
+ 	acpiphp_put_context(context);
++
++unlock:
+ 	acpi_unlock_hp_context();
+ 	return context;
+ }
diff --git a/queue-4.14/series b/queue-4.14/series
index 73138fff656..3241d32f56f 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -165,3 +165,4 @@ xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch
 xen-balloon-make-the-balloon-wait-interruptible.patch
 net-initialize-fastreuse-on-inet_inherit_port.patch
 smb3-warn-on-confusing-error-scenario-with-sec-krb5.patch
+pci-hotplug-acpi-fix-context-refcounting-in-acpiphp_grab_context.patch
-- 
2.47.3