--- /dev/null
+From c14594bdcf9e99097536c834c85d5ceef2143ccb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 10 Nov 2020 22:46:14 +0800
+Subject: cosa: Add missing kfree in error path of cosa_write
+
+From: Wang Hai <wanghai38@huawei.com>
+
+[ Upstream commit 52755b66ddcef2e897778fac5656df18817b59ab ]
+
+If memory allocation for 'kbuf' succeed, cosa_write() doesn't have a
+corresponding kfree() in exception handling. Thus add kfree() for this
+function implementation.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wang Hai <wanghai38@huawei.com>
+Acked-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
+Link: https://lore.kernel.org/r/20201110144614.43194-1-wanghai38@huawei.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wan/cosa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c
+index b87fe0a01c69f..3c02473a20f21 100644
+--- a/drivers/net/wan/cosa.c
++++ b/drivers/net/wan/cosa.c
+@@ -903,6 +903,7 @@ static ssize_t cosa_write(struct file *file,
+ chan->tx_status = 1;
+ spin_unlock_irqrestore(&cosa->lock, flags);
+ up(&chan->wsem);
++ kfree(kbuf);
+ return -ERESTARTSYS;
+ }
+ }
+--
+2.27.0
+
--- /dev/null
+From 38468a5a4c95f5debd6b64ecd35f9447fded43c7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 10 Nov 2020 15:28:25 +1300
+Subject: of/address: Fix of_node memory leak in of_dma_is_coherent
+
+From: Evan Nimmo <evan.nimmo@alliedtelesis.co.nz>
+
+[ Upstream commit a5bea04fcc0b3c0aec71ee1fd58fd4ff7ee36177 ]
+
+Commit dabf6b36b83a ("of: Add OF_DMA_DEFAULT_COHERENT & select it on
+powerpc") added a check to of_dma_is_coherent which returns early
+if OF_DMA_DEFAULT_COHERENT is enabled. This results in the of_node_put()
+being skipped causing a memory leak. Moved the of_node_get() below this
+check so we now we only get the node if OF_DMA_DEFAULT_COHERENT is not
+enabled.
+
+Fixes: dabf6b36b83a ("of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc")
+Signed-off-by: Evan Nimmo <evan.nimmo@alliedtelesis.co.nz>
+Link: https://lore.kernel.org/r/20201110022825.30895-1-evan.nimmo@alliedtelesis.co.nz
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/of/address.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/of/address.c b/drivers/of/address.c
+index 37619bb2c97ad..d188eacbd3b80 100644
+--- a/drivers/of/address.c
++++ b/drivers/of/address.c
+@@ -901,11 +901,13 @@ EXPORT_SYMBOL_GPL(of_dma_get_range);
+ */
+ bool of_dma_is_coherent(struct device_node *np)
+ {
+- struct device_node *node = of_node_get(np);
++ struct device_node *node;
+
+ if (IS_ENABLED(CONFIG_OF_DMA_DEFAULT_COHERENT))
+ return true;
+
++ node = of_node_get(np);
++
+ while (node) {
+ if (of_property_read_bool(node, "dma-coherent")) {
+ of_node_put(node);
+--
+2.27.0
+
--- /dev/null
+From 3588d09d164b386df153092892ec1b1fda1e4dbd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 30 Oct 2020 12:49:45 +0100
+Subject: perf: Fix get_recursion_context()
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+[ Upstream commit ce0f17fc93f63ee91428af10b7b2ddef38cd19e5 ]
+
+One should use in_serving_softirq() to detect SoftIRQ context.
+
+Fixes: 96f6d4444302 ("perf_counter: avoid recursion")
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/20201030151955.120572175@infradead.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/events/internal.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/events/internal.h b/kernel/events/internal.h
+index 486fd78eb8d5e..c8c1c3db5d065 100644
+--- a/kernel/events/internal.h
++++ b/kernel/events/internal.h
+@@ -212,7 +212,7 @@ static inline int get_recursion_context(int *recursion)
+ rctx = 3;
+ else if (in_irq())
+ rctx = 2;
+- else if (in_softirq())
++ else if (in_serving_softirq())
+ rctx = 1;
+ else
+ rctx = 0;
+--
+2.27.0
+
--- /dev/null
+From 5ce9145336388148c1e717f9c8c61932dc2b8f48 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 30 Oct 2020 13:54:50 +0800
+Subject: pinctrl: aspeed: Fix GPI only function problem.
+
+From: Billy Tsai <billy_tsai@aspeedtech.com>
+
+[ Upstream commit 9b92f5c51e9a41352d665f6f956bd95085a56a83 ]
+
+Some gpio pin at aspeed soc is input only and the prefix name of these
+pin is "GPI" only.
+This patch fine-tune the condition of GPIO check from "GPIO" to "GPI"
+and it will fix the usage error of banks D and E in the AST2400/AST2500
+and banks T and U in the AST2600.
+
+Fixes: 4d3d0e4272d8 ("pinctrl: Add core support for Aspeed SoCs")
+Signed-off-by: Billy Tsai <billy_tsai@aspeedtech.com>
+Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
+Link: https://lore.kernel.org/r/20201030055450.29613-1-billy_tsai@aspeedtech.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/aspeed/pinctrl-aspeed.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/pinctrl/aspeed/pinctrl-aspeed.c b/drivers/pinctrl/aspeed/pinctrl-aspeed.c
+index 49aeba9125319..23d2f0ba12db5 100644
+--- a/drivers/pinctrl/aspeed/pinctrl-aspeed.c
++++ b/drivers/pinctrl/aspeed/pinctrl-aspeed.c
+@@ -387,13 +387,14 @@ int aspeed_pinmux_set_mux(struct pinctrl_dev *pctldev, unsigned int function,
+ static bool aspeed_expr_is_gpio(const struct aspeed_sig_expr *expr)
+ {
+ /*
+- * The signal type is GPIO if the signal name has "GPIO" as a prefix.
++ * The signal type is GPIO if the signal name has "GPI" as a prefix.
+ * strncmp (rather than strcmp) is used to implement the prefix
+ * requirement.
+ *
+- * expr->signal might look like "GPIOT3" in the GPIO case.
++ * expr->signal might look like "GPIOB1" in the GPIO case.
++ * expr->signal might look like "GPIT0" in the GPI case.
+ */
+- return strncmp(expr->signal, "GPIO", 4) == 0;
++ return strncmp(expr->signal, "GPI", 3) == 0;
+ }
+
+ static bool aspeed_gpio_in_exprs(const struct aspeed_sig_expr **exprs)
+--
+2.27.0
+
cfg80211-regulatory-fix-inconsistent-format-argument.patch
scsi-scsi_dh_alua-avoid-crash-during-alua_bus_detach.patch
iommu-amd-increase-interrupt-remapping-table-limit-t.patch
+pinctrl-aspeed-fix-gpi-only-function-problem.patch
+xfs-fix-flags-argument-to-rmap-lookup-when-convertin.patch
+xfs-fix-rmap-key-and-record-comparison-functions.patch
+xfs-fix-a-missing-unlock-on-error-in-xfs_fs_map_bloc.patch
+of-address-fix-of_node-memory-leak-in-of_dma_is_cohe.patch
+cosa-add-missing-kfree-in-error-path-of-cosa_write.patch
+perf-fix-get_recursion_context.patch
--- /dev/null
+From a8b1faf0c6d20df22e1a24b26ab5992e6d64d182 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Nov 2020 08:07:37 -0800
+Subject: xfs: fix a missing unlock on error in xfs_fs_map_blocks
+
+From: Christoph Hellwig <hch@lst.de>
+
+[ Upstream commit 2bd3fa793aaa7e98b74e3653fdcc72fa753913b5 ]
+
+We also need to drop the iolock when invalidate_inode_pages2 fails, not
+only on all other error or successful cases.
+
+Fixes: 527851124d10 ("xfs: implement pNFS export operations")
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/xfs/xfs_pnfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/xfs/xfs_pnfs.c b/fs/xfs/xfs_pnfs.c
+index cecd37569ddb3..353bfe9c5cdd9 100644
+--- a/fs/xfs/xfs_pnfs.c
++++ b/fs/xfs/xfs_pnfs.c
+@@ -144,7 +144,7 @@ xfs_fs_map_blocks(
+ goto out_unlock;
+ error = invalidate_inode_pages2(inode->i_mapping);
+ if (WARN_ON_ONCE(error))
+- return error;
++ goto out_unlock;
+
+ end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + length);
+ offset_fsb = XFS_B_TO_FSBT(mp, offset);
+--
+2.27.0
+
--- /dev/null
+From 7bb1622fc11e2d3651626b28cff07876065f7038 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 8 Nov 2020 16:32:43 -0800
+Subject: xfs: fix flags argument to rmap lookup when converting shared file
+ rmaps
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+[ Upstream commit ea8439899c0b15a176664df62aff928010fad276 ]
+
+Pass the same oldext argument (which contains the existing rmapping's
+unwritten state) to xfs_rmap_lookup_le_range at the start of
+xfs_rmap_convert_shared. At this point in the code, flags is zero,
+which means that we perform lookups using the wrong key.
+
+Fixes: 3f165b334e51 ("xfs: convert unwritten status of reverse mappings for shared files")
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/xfs/libxfs/xfs_rmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/xfs/libxfs/xfs_rmap.c b/fs/xfs/libxfs/xfs_rmap.c
+index 3a8cc7139912b..89fdcc641715f 100644
+--- a/fs/xfs/libxfs/xfs_rmap.c
++++ b/fs/xfs/libxfs/xfs_rmap.c
+@@ -1318,7 +1318,7 @@ xfs_rmap_convert_shared(
+ * record for our insertion point. This will also give us the record for
+ * start block contiguity tests.
+ */
+- error = xfs_rmap_lookup_le_range(cur, bno, owner, offset, flags,
++ error = xfs_rmap_lookup_le_range(cur, bno, owner, offset, oldext,
+ &PREV, &i);
+ XFS_WANT_CORRUPTED_GOTO(mp, i == 1, done);
+
+--
+2.27.0
+
--- /dev/null
+From 92f2e03186f3a28d8322fff1d88a529541d2a07b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 8 Nov 2020 16:32:44 -0800
+Subject: xfs: fix rmap key and record comparison functions
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+[ Upstream commit 6ff646b2ceb0eec916101877f38da0b73e3a5b7f ]
+
+Keys for extent interval records in the reverse mapping btree are
+supposed to be computed as follows:
+
+(physical block, owner, fork, is_btree, is_unwritten, offset)
+
+This provides users the ability to look up a reverse mapping from a bmbt
+record -- start with the physical block; then if there are multiple
+records for the same block, move on to the owner; then the inode fork
+type; and so on to the file offset.
+
+However, the key comparison functions incorrectly remove the
+fork/btree/unwritten information that's encoded in the on-disk offset.
+This means that lookup comparisons are only done with:
+
+(physical block, owner, offset)
+
+This means that queries can return incorrect results. On consistent
+filesystems this hasn't been an issue because blocks are never shared
+between forks or with bmbt blocks; and are never unwritten. However,
+this bug means that online repair cannot always detect corruption in the
+key information in internal rmapbt nodes.
+
+Found by fuzzing keys[1].attrfork = ones on xfs/371.
+
+Fixes: 4b8ed67794fe ("xfs: add rmap btree operations")
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/xfs/libxfs/xfs_rmap_btree.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/fs/xfs/libxfs/xfs_rmap_btree.c b/fs/xfs/libxfs/xfs_rmap_btree.c
+index 33a28efc3085b..c5a24b80c7f72 100644
+--- a/fs/xfs/libxfs/xfs_rmap_btree.c
++++ b/fs/xfs/libxfs/xfs_rmap_btree.c
+@@ -262,8 +262,8 @@ xfs_rmapbt_key_diff(
+ else if (y > x)
+ return -1;
+
+- x = XFS_RMAP_OFF(be64_to_cpu(kp->rm_offset));
+- y = rec->rm_offset;
++ x = be64_to_cpu(kp->rm_offset);
++ y = xfs_rmap_irec_offset_pack(rec);
+ if (x > y)
+ return 1;
+ else if (y > x)
+@@ -294,8 +294,8 @@ xfs_rmapbt_diff_two_keys(
+ else if (y > x)
+ return -1;
+
+- x = XFS_RMAP_OFF(be64_to_cpu(kp1->rm_offset));
+- y = XFS_RMAP_OFF(be64_to_cpu(kp2->rm_offset));
++ x = be64_to_cpu(kp1->rm_offset);
++ y = be64_to_cpu(kp2->rm_offset);
+ if (x > y)
+ return 1;
+ else if (y > x)
+@@ -401,8 +401,8 @@ xfs_rmapbt_keys_inorder(
+ return 1;
+ else if (a > b)
+ return 0;
+- a = XFS_RMAP_OFF(be64_to_cpu(k1->rmap.rm_offset));
+- b = XFS_RMAP_OFF(be64_to_cpu(k2->rmap.rm_offset));
++ a = be64_to_cpu(k1->rmap.rm_offset);
++ b = be64_to_cpu(k2->rmap.rm_offset);
+ if (a <= b)
+ return 1;
+ return 0;
+@@ -431,8 +431,8 @@ xfs_rmapbt_recs_inorder(
+ return 1;
+ else if (a > b)
+ return 0;
+- a = XFS_RMAP_OFF(be64_to_cpu(r1->rmap.rm_offset));
+- b = XFS_RMAP_OFF(be64_to_cpu(r2->rmap.rm_offset));
++ a = be64_to_cpu(r1->rmap.rm_offset);
++ b = be64_to_cpu(r2->rmap.rm_offset);
+ if (a <= b)
+ return 1;
+ return 0;
+--
+2.27.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
