From cc582d866cbeb4ae3f3a5b73b07ffbb17cf45920 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 28 Aug 2017 09:17:39 +0200
Subject: [PATCH] 3.18-stable patches

added patches:
	acpi-apei-add-missing-synchronize_rcu-on-notify_sci-removal.patch
---
 ...ynchronize_rcu-on-notify_sci-removal.patch | 34 +++++++++++++++++++
 queue-3.18/series                             |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 queue-3.18/acpi-apei-add-missing-synchronize_rcu-on-notify_sci-removal.patch

diff --git a/queue-3.18/acpi-apei-add-missing-synchronize_rcu-on-notify_sci-removal.patch b/queue-3.18/acpi-apei-add-missing-synchronize_rcu-on-notify_sci-removal.patch
new file mode 100644
index 00000000000..b9e06cad887
--- /dev/null
+++ b/queue-3.18/acpi-apei-add-missing-synchronize_rcu-on-notify_sci-removal.patch
@@ -0,0 +1,34 @@
+From 7d64f82cceb21e6d95db312d284f5f195e120154 Mon Sep 17 00:00:00 2001
+From: James Morse <james.morse@arm.com>
+Date: Thu, 16 Mar 2017 14:30:39 +0000
+Subject: ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
+
+From: James Morse <james.morse@arm.com>
+
+commit 7d64f82cceb21e6d95db312d284f5f195e120154 upstream.
+
+When removing a GHES device notified by SCI, list_del_rcu() is used,
+ghes_remove() should call synchronize_rcu() before it goes on to call
+kfree(ghes), otherwise concurrent RCU readers may still hold this list
+entry after it has been freed.
+
+Signed-off-by: James Morse <james.morse@arm.com>
+Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
+Fixes: 81e88fdc432a (ACPI, APEI, Generic Hardware Error Source POLL/IRQ/NMI notification type support)
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/apei/ghes.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/acpi/apei/ghes.c
++++ b/drivers/acpi/apei/ghes.c
+@@ -1078,6 +1078,7 @@ static int ghes_remove(struct platform_d
+ 		if (list_empty(&ghes_sci))
+ 			unregister_acpi_hed_notifier(&ghes_notifier_sci);
+ 		mutex_unlock(&ghes_list_mutex);
++		synchronize_rcu();
+ 		break;
+ 	case ACPI_HEST_NOTIFY_NMI:
+ 		ghes_nmi_remove(ghes);
diff --git a/queue-3.18/series b/queue-3.18/series
index 9a132045c7a..0e66745307f 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -19,3 +19,4 @@ bluetooth-cmtp-fix-possible-might-sleep-error-in-cmtp_session.patch
 bluetooth-bnep-fix-possible-might-sleep-error-in-bnep_session.patch
 iio-imu-adis16480-fix-acceleration-scale-factor-for-adis16480.patch
 staging-rtl8188eu-add-rnx-n150nub-support.patch
+acpi-apei-add-missing-synchronize_rcu-on-notify_sci-removal.patch
-- 
2.47.3