--- /dev/null
+From 94728ca5f56fd392b0ef42b909b4f1c6f4b9b81b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 30 Apr 2020 23:30:49 +0200
+Subject: drop_monitor: work around gcc-10 stringop-overflow warning
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+[ Upstream commit dc30b4059f6e2abf3712ab537c8718562b21c45d ]
+
+The current gcc-10 snapshot produces a false-positive warning:
+
+net/core/drop_monitor.c: In function 'trace_drop_common.constprop':
+cc1: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=]
+In file included from net/core/drop_monitor.c:23:
+include/uapi/linux/net_dropmon.h:36:8: note: at offset 0 to object 'entries' with size 4 declared here
+ 36 | __u32 entries;
+ | ^~~~~~~
+
+I reported this in the gcc bugzilla, but in case it does not get
+fixed in the release, work around it by using a temporary variable.
+
+Fixes: 9a8afc8d3962 ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol")
+Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94881
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/core/drop_monitor.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
+index ca2c9c8b9a3e9..6d7ff117f3792 100644
+--- a/net/core/drop_monitor.c
++++ b/net/core/drop_monitor.c
+@@ -159,6 +159,7 @@ static void sched_send_work(unsigned long _data)
+ static void trace_drop_common(struct sk_buff *skb, void *location)
+ {
+ struct net_dm_alert_msg *msg;
++ struct net_dm_drop_point *point;
+ struct nlmsghdr *nlh;
+ struct nlattr *nla;
+ int i;
+@@ -177,11 +178,13 @@ static void trace_drop_common(struct sk_buff *skb, void *location)
+ nlh = (struct nlmsghdr *)dskb->data;
+ nla = genlmsg_data(nlmsg_data(nlh));
+ msg = nla_data(nla);
++ point = msg->points;
+ for (i = 0; i < msg->entries; i++) {
+- if (!memcmp(&location, msg->points[i].pc, sizeof(void *))) {
+- msg->points[i].count++;
++ if (!memcmp(&location, &point->pc, sizeof(void *))) {
++ point->count++;
+ goto out;
+ }
++ point++;
+ }
+ if (msg->entries == dm_hit_limit)
+ goto out;
+@@ -190,8 +193,8 @@ static void trace_drop_common(struct sk_buff *skb, void *location)
+ */
+ __nla_reserve_nohdr(dskb, sizeof(struct net_dm_drop_point));
+ nla->nla_len += NLA_ALIGN(sizeof(struct net_dm_drop_point));
+- memcpy(msg->points[msg->entries].pc, &location, sizeof(void *));
+- msg->points[msg->entries].count = 1;
++ memcpy(point->pc, &location, sizeof(void *));
++ point->count = 1;
+ msg->entries++;
+
+ if (!timer_pending(&data->send_timer)) {
+--
+2.20.1
+
--- /dev/null
+From 71c0f008267325c89cd67474fc40bb6866fd8175 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 26 Apr 2020 22:59:21 +0200
+Subject: net: moxa: Fix a potential double 'free_irq()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit ee8d2267f0e39a1bfd95532da3a6405004114b27 ]
+
+Should an irq requested with 'devm_request_irq' be released explicitly,
+it should be done by 'devm_free_irq()', not 'free_irq()'.
+
+Fixes: 6c821bd9edc9 ("net: Add MOXA ART SoCs ethernet driver")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/moxa/moxart_ether.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/moxa/moxart_ether.c b/drivers/net/ethernet/moxa/moxart_ether.c
+index 0622fd03941b8..6fe61d9343cb8 100644
+--- a/drivers/net/ethernet/moxa/moxart_ether.c
++++ b/drivers/net/ethernet/moxa/moxart_ether.c
+@@ -571,7 +571,7 @@ static int moxart_remove(struct platform_device *pdev)
+ struct net_device *ndev = platform_get_drvdata(pdev);
+
+ unregister_netdev(ndev);
+- free_irq(ndev->irq, ndev);
++ devm_free_irq(&pdev->dev, ndev->irq, ndev);
+ moxart_mac_free_memory(ndev);
+ free_netdev(ndev);
+
+--
+2.20.1
+
--- /dev/null
+From 6a66dafe4ab63de6ab7a758d295c942253cce717 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 27 Apr 2020 08:18:03 +0200
+Subject: net/sonic: Fix a resource leak in an error handling path in
+ 'jazz_sonic_probe()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit 10e3cc180e64385edc9890c6855acf5ed9ca1339 ]
+
+A call to 'dma_alloc_coherent()' is hidden in 'sonic_alloc_descriptors()',
+called from 'sonic_probe1()'.
+
+This is correctly freed in the remove function, but not in the error
+handling path of the probe function.
+Fix it and add the missing 'dma_free_coherent()' call.
+
+While at it, rename a label in order to be slightly more informative.
+
+Fixes: efcce839360f ("[PATCH] macsonic/jazzsonic network drivers update")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/natsemi/jazzsonic.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/natsemi/jazzsonic.c b/drivers/net/ethernet/natsemi/jazzsonic.c
+index acf3f11e38cc1..68d2f31921ff8 100644
+--- a/drivers/net/ethernet/natsemi/jazzsonic.c
++++ b/drivers/net/ethernet/natsemi/jazzsonic.c
+@@ -247,13 +247,15 @@ static int jazz_sonic_probe(struct platform_device *pdev)
+ goto out;
+ err = register_netdev(dev);
+ if (err)
+- goto out1;
++ goto undo_probe1;
+
+ printk("%s: MAC %pM IRQ %d\n", dev->name, dev->dev_addr, dev->irq);
+
+ return 0;
+
+-out1:
++undo_probe1:
++ dma_free_coherent(lp->device, SIZEOF_SONIC_DESC * SONIC_BUS_SCALE(lp->dma_bitmode),
++ lp->descriptors, lp->descriptors_laddr);
+ release_mem_region(dev->base_addr, SONIC_MEM_SIZE);
+ out:
+ free_netdev(dev);
+--
+2.20.1
+
ptp-fix-pass-zero-to-err_ptr-in-ptp_clock_register.patch
ptp-fix-the-race-between-the-release-of-ptp_clock-an.patch
ptp-free-ptp-device-pin-descriptors-properly.patch
+shmem-fix-possible-deadlocks-on-shmlock_user_lock.patch
+net-sonic-fix-a-resource-leak-in-an-error-handling-p.patch
+net-moxa-fix-a-potential-double-free_irq.patch
+drop_monitor-work-around-gcc-10-stringop-overflow-wa.patch
--- /dev/null
+From 4c8a4c6ee15dd5268c50c5247ed06b19f07ceded Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Apr 2020 18:14:14 -0700
+Subject: shmem: fix possible deadlocks on shmlock_user_lock
+
+From: Hugh Dickins <hughd@google.com>
+
+[ Upstream commit ea0dfeb4209b4eab954d6e00ed136bc6b48b380d ]
+
+Recent commit 71725ed10c40 ("mm: huge tmpfs: try to split_huge_page()
+when punching hole") has allowed syzkaller to probe deeper, uncovering a
+long-standing lockdep issue between the irq-unsafe shmlock_user_lock,
+the irq-safe xa_lock on mapping->i_pages, and shmem inode's info->lock
+which nests inside xa_lock (or tree_lock) since 4.8's shmem_uncharge().
+
+user_shm_lock(), servicing SysV shmctl(SHM_LOCK), wants
+shmlock_user_lock while its caller shmem_lock() holds info->lock with
+interrupts disabled; but hugetlbfs_file_setup() calls user_shm_lock()
+with interrupts enabled, and might be interrupted by a writeback endio
+wanting xa_lock on i_pages.
+
+This may not risk an actual deadlock, since shmem inodes do not take
+part in writeback accounting, but there are several easy ways to avoid
+it.
+
+Requiring interrupts disabled for shmlock_user_lock would be easy, but
+it's a high-level global lock for which that seems inappropriate.
+Instead, recall that the use of info->lock to guard info->flags in
+shmem_lock() dates from pre-3.1 days, when races with SHMEM_PAGEIN and
+SHMEM_TRUNCATE could occur: nowadays it serves no purpose, the only flag
+added or removed is VM_LOCKED itself, and calls to shmem_lock() an inode
+are already serialized by the caller.
+
+Take info->lock out of the chain and the possibility of deadlock or
+lockdep warning goes away.
+
+Fixes: 4595ef88d136 ("shmem: make shmem_inode_info::lock irq-safe")
+Reported-by: syzbot+c8a8197c8852f566b9d9@syzkaller.appspotmail.com
+Reported-by: syzbot+40b71e145e73f78f81ad@syzkaller.appspotmail.com
+Signed-off-by: Hugh Dickins <hughd@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Yang Shi <yang.shi@linux.alibaba.com>
+Cc: Yang Shi <yang.shi@linux.alibaba.com>
+Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2004161707410.16322@eggly.anvils
+Link: https://lore.kernel.org/lkml/000000000000e5838c05a3152f53@google.com/
+Link: https://lore.kernel.org/lkml/0000000000003712b305a331d3b1@google.com/
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ mm/shmem.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/mm/shmem.c b/mm/shmem.c
+index 90ccbb35458bd..31b0c09fe6c60 100644
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -2082,7 +2082,11 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user)
+ struct shmem_inode_info *info = SHMEM_I(inode);
+ int retval = -ENOMEM;
+
+- spin_lock_irq(&info->lock);
++ /*
++ * What serializes the accesses to info->flags?
++ * ipc_lock_object() when called from shmctl_do_lock(),
++ * no serialization needed when called from shm_destroy().
++ */
+ if (lock && !(info->flags & VM_LOCKED)) {
+ if (!user_shm_lock(inode->i_size, user))
+ goto out_nomem;
+@@ -2097,7 +2101,6 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user)
+ retval = 0;
+
+ out_nomem:
+- spin_unlock_irq(&info->lock);
+ return retval;
+ }
+
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
