--- /dev/null
+From a3dd4d63eeb452cfb064a13862fb376ab108f6a6 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 25 Nov 2024 15:46:16 +0100
+Subject: ALSA: usb-audio: Fix out of bounds reads when finding clock sources
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6 upstream.
+
+The current USB-audio driver code doesn't check bLength of each
+descriptor at traversing for clock descriptors. That is, when a
+device provides a bogus descriptor with a shorter bLength, the driver
+might hit out-of-bounds reads.
+
+For addressing it, this patch adds sanity checks to the validator
+functions for the clock descriptor traversal. When the descriptor
+length is shorter than expected, it's skipped in the loop.
+
+For the clock source and clock multiplier descriptors, we can just
+check bLength against the sizeof() of each descriptor type.
+OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
+of bNrInPins elements and two more fields at its tail, hence those
+have to be checked in addition to the sizeof() check.
+
+Reported-by: Benoît Sevens <bsevens@google.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com
+Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/clock.c | 24 +++++++++++++++++++++++-
+ 1 file changed, 23 insertions(+), 1 deletion(-)
+
+--- a/sound/usb/clock.c
++++ b/sound/usb/clock.c
+@@ -36,6 +36,12 @@ union uac23_clock_multiplier_desc {
+ struct uac_clock_multiplier_descriptor v3;
+ };
+
++/* check whether the descriptor bLength has the minimal length */
++#define DESC_LENGTH_CHECK(p, proto) \
++ ((proto) == UAC_VERSION_3 ? \
++ ((p)->v3.bLength >= sizeof((p)->v3)) : \
++ ((p)->v2.bLength >= sizeof((p)->v2)))
++
+ #define GET_VAL(p, proto, field) \
+ ((proto) == UAC_VERSION_3 ? (p)->v3.field : (p)->v2.field)
+
+@@ -58,6 +64,8 @@ static bool validate_clock_source(void *
+ {
+ union uac23_clock_source_desc *cs = p;
+
++ if (!DESC_LENGTH_CHECK(cs, proto))
++ return false;
+ return GET_VAL(cs, proto, bClockID) == id;
+ }
+
+@@ -65,13 +73,27 @@ static bool validate_clock_selector(void
+ {
+ union uac23_clock_selector_desc *cs = p;
+
+- return GET_VAL(cs, proto, bClockID) == id;
++ if (!DESC_LENGTH_CHECK(cs, proto))
++ return false;
++ if (GET_VAL(cs, proto, bClockID) != id)
++ return false;
++ /* additional length check for baCSourceID array (in bNrInPins size)
++ * and two more fields (which sizes depend on the protocol)
++ */
++ if (proto == UAC_VERSION_3)
++ return cs->v3.bLength >= sizeof(cs->v3) + cs->v3.bNrInPins +
++ 4 /* bmControls */ + 2 /* wCSelectorDescrStr */;
++ else
++ return cs->v2.bLength >= sizeof(cs->v2) + cs->v2.bNrInPins +
++ 1 /* bmControls */ + 1 /* iClockSelector */;
+ }
+
+ static bool validate_clock_multiplier(void *p, int id, int proto)
+ {
+ union uac23_clock_multiplier_desc *cs = p;
+
++ if (!DESC_LENGTH_CHECK(cs, proto))
++ return false;
+ return GET_VAL(cs, proto, bClockID) == id;
+ }
+
--- /dev/null
+From b909df18ce2a998afef81d58bbd1a05dc0788c40 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Beno=C3=AEt=20Sevens?= <bsevens@google.com>
+Date: Wed, 20 Nov 2024 12:41:44 +0000
+Subject: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Benoît Sevens <bsevens@google.com>
+
+commit b909df18ce2a998afef81d58bbd1a05dc0788c40 upstream.
+
+A bogus device can provide a bNumConfigurations value that exceeds the
+initial value used in usb_get_configuration for allocating dev->config.
+
+This can lead to out-of-bounds accesses later, e.g. in
+usb_destroy_configuration.
+
+Signed-off-by: Benoît Sevens <bsevens@google.com>
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Cc: stable@kernel.org
+Link: https://patch.msgid.link/20241120124144.3814457-1-bsevens@google.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/quirks.c | 27 +++++++++++++++++++++------
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+--- a/sound/usb/quirks.c
++++ b/sound/usb/quirks.c
+@@ -555,6 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_
+ static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf)
+ {
+ struct usb_host_config *config = dev->actconfig;
++ struct usb_device_descriptor new_device_descriptor;
+ int err;
+
+ if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD ||
+@@ -566,10 +567,14 @@ static int snd_usb_extigy_boot_quirk(str
+ if (err < 0)
+ dev_dbg(&dev->dev, "error sending boot message: %d\n", err);
+ err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
+- &dev->descriptor, sizeof(dev->descriptor));
+- config = dev->actconfig;
++ &new_device_descriptor, sizeof(new_device_descriptor));
+ if (err < 0)
+ dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err);
++ if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations)
++ dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n",
++ new_device_descriptor.bNumConfigurations);
++ else
++ memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor));
+ err = usb_reset_configuration(dev);
+ if (err < 0)
+ dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err);
+@@ -901,6 +906,7 @@ static void mbox2_setup_48_24_magic(stru
+ static int snd_usb_mbox2_boot_quirk(struct usb_device *dev)
+ {
+ struct usb_host_config *config = dev->actconfig;
++ struct usb_device_descriptor new_device_descriptor;
+ int err;
+ u8 bootresponse[0x12];
+ int fwsize;
+@@ -936,10 +942,14 @@ static int snd_usb_mbox2_boot_quirk(stru
+ dev_dbg(&dev->dev, "device initialised!\n");
+
+ err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
+- &dev->descriptor, sizeof(dev->descriptor));
+- config = dev->actconfig;
++ &new_device_descriptor, sizeof(new_device_descriptor));
+ if (err < 0)
+ dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err);
++ if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations)
++ dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n",
++ new_device_descriptor.bNumConfigurations);
++ else
++ memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor));
+
+ err = usb_reset_configuration(dev);
+ if (err < 0)
+@@ -1249,6 +1259,7 @@ static void mbox3_setup_defaults(struct
+ static int snd_usb_mbox3_boot_quirk(struct usb_device *dev)
+ {
+ struct usb_host_config *config = dev->actconfig;
++ struct usb_device_descriptor new_device_descriptor;
+ int err;
+ int descriptor_size;
+
+@@ -1262,10 +1273,14 @@ static int snd_usb_mbox3_boot_quirk(stru
+ dev_dbg(&dev->dev, "MBOX3: device initialised!\n");
+
+ err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
+- &dev->descriptor, sizeof(dev->descriptor));
+- config = dev->actconfig;
++ &new_device_descriptor, sizeof(new_device_descriptor));
+ if (err < 0)
+ dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err);
++ if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations)
++ dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n",
++ new_device_descriptor.bNumConfigurations);
++ else
++ memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor));
+
+ err = usb_reset_configuration(dev);
+ if (err < 0)
--- /dev/null
+From 346dbf1b1345476a6524512892cceb931bee3039 Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Mon, 11 Nov 2024 16:51:02 +0100
+Subject: dm-cache: fix warnings about duplicate slab caches
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 346dbf1b1345476a6524512892cceb931bee3039 upstream.
+
+The commit 4c39529663b9 adds a warning about duplicate cache names if
+CONFIG_DEBUG_VM is selected. These warnings are triggered by the dm-cache
+code.
+
+The dm-cache code allocates a slab cache for each device. This commit
+changes it to allocate just one slab cache in the module init function.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Fixes: 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-cache-background-tracker.c | 25 ++++++-------------------
+ drivers/md/dm-cache-background-tracker.h | 8 ++++++++
+ drivers/md/dm-cache-target.c | 25 ++++++++++++++++++++-----
+ 3 files changed, 34 insertions(+), 24 deletions(-)
+
+--- a/drivers/md/dm-cache-background-tracker.c
++++ b/drivers/md/dm-cache-background-tracker.c
+@@ -11,12 +11,6 @@
+
+ #define DM_MSG_PREFIX "dm-background-tracker"
+
+-struct bt_work {
+- struct list_head list;
+- struct rb_node node;
+- struct policy_work work;
+-};
+-
+ struct background_tracker {
+ unsigned int max_work;
+ atomic_t pending_promotes;
+@@ -26,10 +20,10 @@ struct background_tracker {
+ struct list_head issued;
+ struct list_head queued;
+ struct rb_root pending;
+-
+- struct kmem_cache *work_cache;
+ };
+
++struct kmem_cache *btracker_work_cache = NULL;
++
+ struct background_tracker *btracker_create(unsigned int max_work)
+ {
+ struct background_tracker *b = kmalloc(sizeof(*b), GFP_KERNEL);
+@@ -48,12 +42,6 @@ struct background_tracker *btracker_crea
+ INIT_LIST_HEAD(&b->queued);
+
+ b->pending = RB_ROOT;
+- b->work_cache = KMEM_CACHE(bt_work, 0);
+- if (!b->work_cache) {
+- DMERR("couldn't create mempool for background work items");
+- kfree(b);
+- b = NULL;
+- }
+
+ return b;
+ }
+@@ -66,10 +54,9 @@ void btracker_destroy(struct background_
+ BUG_ON(!list_empty(&b->issued));
+ list_for_each_entry_safe (w, tmp, &b->queued, list) {
+ list_del(&w->list);
+- kmem_cache_free(b->work_cache, w);
++ kmem_cache_free(btracker_work_cache, w);
+ }
+
+- kmem_cache_destroy(b->work_cache);
+ kfree(b);
+ }
+ EXPORT_SYMBOL_GPL(btracker_destroy);
+@@ -180,7 +167,7 @@ static struct bt_work *alloc_work(struct
+ if (max_work_reached(b))
+ return NULL;
+
+- return kmem_cache_alloc(b->work_cache, GFP_NOWAIT);
++ return kmem_cache_alloc(btracker_work_cache, GFP_NOWAIT);
+ }
+
+ int btracker_queue(struct background_tracker *b,
+@@ -203,7 +190,7 @@ int btracker_queue(struct background_tra
+ * There was a race, we'll just ignore this second
+ * bit of work for the same oblock.
+ */
+- kmem_cache_free(b->work_cache, w);
++ kmem_cache_free(btracker_work_cache, w);
+ return -EINVAL;
+ }
+
+@@ -244,7 +231,7 @@ void btracker_complete(struct background
+ update_stats(b, &w->work, -1);
+ rb_erase(&w->node, &b->pending);
+ list_del(&w->list);
+- kmem_cache_free(b->work_cache, w);
++ kmem_cache_free(btracker_work_cache, w);
+ }
+ EXPORT_SYMBOL_GPL(btracker_complete);
+
+--- a/drivers/md/dm-cache-background-tracker.h
++++ b/drivers/md/dm-cache-background-tracker.h
+@@ -26,6 +26,14 @@
+ * protected with a spinlock.
+ */
+
++struct bt_work {
++ struct list_head list;
++ struct rb_node node;
++ struct policy_work work;
++};
++
++extern struct kmem_cache *btracker_work_cache;
++
+ struct background_work;
+ struct background_tracker;
+
+--- a/drivers/md/dm-cache-target.c
++++ b/drivers/md/dm-cache-target.c
+@@ -10,6 +10,7 @@
+ #include "dm-bio-record.h"
+ #include "dm-cache-metadata.h"
+ #include "dm-io-tracker.h"
++#include "dm-cache-background-tracker.h"
+
+ #include <linux/dm-io.h>
+ #include <linux/dm-kcopyd.h>
+@@ -2263,7 +2264,7 @@ static int parse_cache_args(struct cache
+
+ /*----------------------------------------------------------------*/
+
+-static struct kmem_cache *migration_cache;
++static struct kmem_cache *migration_cache = NULL;
+
+ #define NOT_CORE_OPTION 1
+
+@@ -3449,22 +3450,36 @@ static int __init dm_cache_init(void)
+ int r;
+
+ migration_cache = KMEM_CACHE(dm_cache_migration, 0);
+- if (!migration_cache)
+- return -ENOMEM;
++ if (!migration_cache) {
++ r = -ENOMEM;
++ goto err;
++ }
++
++ btracker_work_cache = kmem_cache_create("dm_cache_bt_work",
++ sizeof(struct bt_work), __alignof__(struct bt_work), 0, NULL);
++ if (!btracker_work_cache) {
++ r = -ENOMEM;
++ goto err;
++ }
+
+ r = dm_register_target(&cache_target);
+ if (r) {
+- kmem_cache_destroy(migration_cache);
+- return r;
++ goto err;
+ }
+
+ return 0;
++
++err:
++ kmem_cache_destroy(migration_cache);
++ kmem_cache_destroy(btracker_work_cache);
++ return r;
+ }
+
+ static void __exit dm_cache_exit(void)
+ {
+ dm_unregister_target(&cache_target);
+ kmem_cache_destroy(migration_cache);
++ kmem_cache_destroy(btracker_work_cache);
+ }
+
+ module_init(dm_cache_init);
asoc-mediatek-check-num_codecs-is-not-zero-to-avoid-.patch
s390-pci-fix-potential-double-remove-of-hotplug-slot.patch
net_sched-sch_fq-don-t-follow-the-fast-path-if-tx-is-behind-now.patch
+xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch
+alsa-usb-audio-fix-potential-out-of-bound-accesses-for-extigy-and-mbox-devices.patch
+alsa-usb-audio-fix-out-of-bounds-reads-when-finding-clock-sources.patch
+usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch
+usb-typec-ucsi-glink-fix-off-by-one-in-connector_status.patch
+dm-cache-fix-warnings-about-duplicate-slab-caches.patch
--- /dev/null
+From 40c974826734836402abfd44efbf04f63a2cc1c1 Mon Sep 17 00:00:00 2001
+From: Vitalii Mordan <mordan@ispras.ru>
+Date: Fri, 15 Nov 2024 02:03:10 +0300
+Subject: usb: ehci-spear: fix call balance of sehci clk handling routines
+
+From: Vitalii Mordan <mordan@ispras.ru>
+
+commit 40c974826734836402abfd44efbf04f63a2cc1c1 upstream.
+
+If the clock sehci->clk was not enabled in spear_ehci_hcd_drv_probe,
+it should not be disabled in any path.
+
+Conversely, if it was enabled in spear_ehci_hcd_drv_probe, it must be disabled
+in all error paths to ensure proper cleanup.
+
+Found by Linux Verification Center (linuxtesting.org) with Klever.
+
+Fixes: 7675d6ba436f ("USB: EHCI: make ehci-spear a separate driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+Link: https://lore.kernel.org/r/20241114230310.432213-1-mordan@ispras.ru
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/host/ehci-spear.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/host/ehci-spear.c
++++ b/drivers/usb/host/ehci-spear.c
+@@ -105,7 +105,9 @@ static int spear_ehci_hcd_drv_probe(stru
+ /* registers start at offset 0x0 */
+ hcd_to_ehci(hcd)->caps = hcd->regs;
+
+- clk_prepare_enable(sehci->clk);
++ retval = clk_prepare_enable(sehci->clk);
++ if (retval)
++ goto err_put_hcd;
+ retval = usb_add_hcd(hcd, irq, IRQF_SHARED);
+ if (retval)
+ goto err_stop_ehci;
+@@ -130,8 +132,7 @@ static void spear_ehci_hcd_drv_remove(st
+
+ usb_remove_hcd(hcd);
+
+- if (sehci->clk)
+- clk_disable_unprepare(sehci->clk);
++ clk_disable_unprepare(sehci->clk);
+ usb_put_hcd(hcd);
+ }
+
--- /dev/null
+From 4a22918810980897393fa1776ea3877e4baf8cca Mon Sep 17 00:00:00 2001
+From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Date: Sat, 9 Nov 2024 02:04:14 +0200
+Subject: usb: typec: ucsi: glink: fix off-by-one in connector_status
+
+From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+
+commit 4a22918810980897393fa1776ea3877e4baf8cca upstream.
+
+UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS.
+Correct the condition in the pmic_glink_ucsi_connector_status()
+callback, fixing Type-C orientation reporting for the third USB-C
+connector.
+
+Fixes: 76716fd5bf09 ("usb: typec: ucsi: glink: move GPIO reading into connector_status callback")
+Cc: stable@vger.kernel.org
+Reported-by: Abel Vesa <abel.vesa@linaro.org>
+Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
+Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
+Tested-by: Johan Hovold <johan+linaro@kernel.org>
+Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Link: https://lore.kernel.org/r/20241109-ucsi-glue-fixes-v2-1-8b21ff4f9fbe@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/typec/ucsi/ucsi_glink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c
+index 3e4d88ab338e..2e12758000a7 100644
+--- a/drivers/usb/typec/ucsi/ucsi_glink.c
++++ b/drivers/usb/typec/ucsi/ucsi_glink.c
+@@ -185,7 +185,7 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con)
+ struct pmic_glink_ucsi *ucsi = ucsi_get_drvdata(con->ucsi);
+ int orientation;
+
+- if (con->num >= PMIC_GLINK_MAX_PORTS ||
++ if (con->num > PMIC_GLINK_MAX_PORTS ||
+ !ucsi->port_orientation[con->num - 1])
+ return;
+
+--
+2.47.1
+
--- /dev/null
+From afc545da381ba0c651b2658966ac737032676f01 Mon Sep 17 00:00:00 2001
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+Date: Tue, 5 Nov 2024 21:09:19 +0800
+Subject: xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
+
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+
+commit afc545da381ba0c651b2658966ac737032676f01 upstream.
+
+This patch fixes an issue in the function xenbus_dev_probe(). In the
+xenbus_dev_probe() function, within the if (err) branch at line 313, the
+program incorrectly returns err directly without releasing the resources
+allocated by err = drv->probe(dev, id). As the return value is non-zero,
+the upper layers assume the processing logic has failed. However, the probe
+operation was performed earlier without a corresponding remove operation.
+Since the probe actually allocates resources, failing to perform the remove
+operation could lead to problems.
+
+To fix this issue, we followed the resource release logic of the
+xenbus_dev_remove() function by adding a new block fail_remove before the
+fail_put block. After entering the branch if (err) at line 313, the
+function will use a goto statement to jump to the fail_remove block,
+ensuring that the previously acquired resources are correctly released,
+thus preventing the reference count leak.
+
+This bug was identified by an experimental static analysis tool developed
+by our team. The tool specializes in analyzing reference count operations
+and detecting potential issues where resources are not properly managed.
+In this case, the tool flagged the missing release operation as a
+potential problem, which led to the development of this patch.
+
+Fixes: 4bac07c993d0 ("xen: add the Xenbus sysfs and virtual device hotplug driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Message-ID: <20241105130919.4621-1-chenqiuji666@gmail.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/xen/xenbus/xenbus_probe.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/xen/xenbus/xenbus_probe.c
++++ b/drivers/xen/xenbus/xenbus_probe.c
+@@ -313,7 +313,7 @@ int xenbus_dev_probe(struct device *_dev
+ if (err) {
+ dev_warn(&dev->dev, "watch_otherend on %s failed.\n",
+ dev->nodename);
+- return err;
++ goto fail_remove;
+ }
+
+ dev->spurious_threshold = 1;
+@@ -322,6 +322,12 @@ int xenbus_dev_probe(struct device *_dev
+ dev->nodename);
+
+ return 0;
++fail_remove:
++ if (drv->remove) {
++ down(&dev->reclaim_sem);
++ drv->remove(dev);
++ up(&dev->reclaim_sem);
++ }
+ fail_put:
+ module_put(drv->driver.owner);
+ fail:
projects / thirdparty / kernel / stable-queue.git / commitdiff
