From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 31 Oct 2022 06:44:59 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.19.263~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3521b6f88039556197af62e834ed2867b4967e93;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch
---

diff --git a/queue-4.9/mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch b/queue-4.9/mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch
new file mode 100644
index 00000000000..aa44cc34070
--- /dev/null
+++ b/queue-4.9/mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch
@@ -0,0 +1,39 @@
+From 9972e6b404884adae9eec7463e30d9b3c9a70b18 Mon Sep 17 00:00:00 2001
+From: Matthew Ma <mahongwei@zeku.com>
+Date: Fri, 14 Oct 2022 11:49:51 +0800
+Subject: mmc: core: Fix kernel panic when remove non-standard SDIO card
+
+From: Matthew Ma <mahongwei@zeku.com>
+
+commit 9972e6b404884adae9eec7463e30d9b3c9a70b18 upstream.
+
+SDIO tuple is only allocated for standard SDIO card, especially it causes
+memory corruption issues when the non-standard SDIO card has removed, which
+is because the card device's reference counter does not increase for it at
+sdio_init_func(), but all SDIO card device reference counter gets decreased
+at sdio_release_func().
+
+Fixes: 6f51be3d37df ("sdio: allow non-standard SDIO cards")
+Signed-off-by: Matthew Ma <mahongwei@zeku.com>
+Reviewed-by: Weizhao Ouyang <ouyangweizhao@zeku.com>
+Reviewed-by: John Wang <wangdayu@zeku.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20221014034951.2300386-1-ouyangweizhao@zeku.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/core/sdio_bus.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/mmc/core/sdio_bus.c
++++ b/drivers/mmc/core/sdio_bus.c
+@@ -263,7 +263,8 @@ static void sdio_release_func(struct dev
+ {
+ 	struct sdio_func *func = dev_to_sdio_func(dev);
+ 
+-	sdio_free_func_cis(func);
++	if (!(func->card->quirks & MMC_QUIRK_NONSTD_SDIO))
++		sdio_free_func_cis(func);
+ 
+ 	kfree(func->info);
+ 	kfree(func->tmpbuf);
diff --git a/queue-4.9/series b/queue-4.9/series
index 14a84a96622..33ca90e098e 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -16,3 +16,4 @@ tools-iio-iio_utils-fix-digit-calculation.patch
 fbdev-smscufx-fix-several-use-after-free-bugs.patch
 mac802154-fix-lqi-recording.patch
 drm-msm-hdmi-fix-memory-corruption-with-too-many-bridges.patch
+mmc-core-fix-kernel-panic-when-remove-non-standard-sdio-card.patch