--- /dev/null
+From 315bf82e295dd2095c4209f7f191ac5f755379df Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 18 Dec 2020 15:16:11 +0800
+Subject: mmc: mediatek: fix race condition between msdc_request_timeout and
+ irq
+
+From: Chaotian Jing <chaotian.jing@mediatek.com>
+
+[ Upstream commit 0354ca6edd464a2cf332f390581977b8699ed081 ]
+
+when get request SW timeout, if CMD/DAT xfer done irq coming right now,
+then there is race between the msdc_request_timeout work and irq handler,
+and the host->cmd and host->data may set to NULL in irq handler. also,
+current flow ensure that only one path can go to msdc_request_done(), so
+no need check the return value of cancel_delayed_work().
+
+Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
+Link: https://lore.kernel.org/r/20201218071611.12276-1-chaotian.jing@mediatek.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/host/mtk-sd.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c
+index 7fc6ce381142..125c06a10455 100644
+--- a/drivers/mmc/host/mtk-sd.c
++++ b/drivers/mmc/host/mtk-sd.c
+@@ -741,13 +741,13 @@ static void msdc_track_cmd_data(struct msdc_host *host,
+ static void msdc_request_done(struct msdc_host *host, struct mmc_request *mrq)
+ {
+ unsigned long flags;
+- bool ret;
+
+- ret = cancel_delayed_work(&host->req_timeout);
+- if (!ret) {
+- /* delay work already running */
+- return;
+- }
++ /*
++ * No need check the return value of cancel_delayed_work, as only ONE
++ * path will go here!
++ */
++ cancel_delayed_work(&host->req_timeout);
++
+ spin_lock_irqsave(&host->lock, flags);
+ host->mrq = NULL;
+ spin_unlock_irqrestore(&host->lock, flags);
+@@ -765,7 +765,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
+ bool done = false;
+ bool sbc_error;
+ unsigned long flags;
+- u32 *rsp = cmd->resp;
++ u32 *rsp;
+
+ if (mrq->sbc && cmd == mrq->cmd &&
+ (events & (MSDC_INT_ACMDRDY | MSDC_INT_ACMDCRCERR
+@@ -786,6 +786,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events,
+
+ if (done)
+ return true;
++ rsp = cmd->resp;
+
+ sdr_clr_bits(host->base + MSDC_INTEN, cmd_ints_mask);
+
+@@ -968,7 +969,7 @@ static void msdc_data_xfer_next(struct msdc_host *host,
+ static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
+ struct mmc_request *mrq, struct mmc_data *data)
+ {
+- struct mmc_command *stop = data->stop;
++ struct mmc_command *stop;
+ unsigned long flags;
+ bool done;
+ unsigned int check_data = events &
+@@ -984,6 +985,7 @@ static bool msdc_data_xfer_done(struct msdc_host *host, u32 events,
+
+ if (done)
+ return true;
++ stop = data->stop;
+
+ if (check_data || (stop && stop->error)) {
+ dev_dbg(host->dev, "DMA status: 0x%8X\n",
+--
+2.30.1
+
--- /dev/null
+From 5ecf56b59a5df94bc9b2ecac06a8057901446d5e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Dec 2020 21:35:27 +0100
+Subject: mmc: mxs-mmc: Fix a resource leak in an error handling path in
+ 'mxs_mmc_probe()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit 0bb7e560f821c7770973a94e346654c4bdccd42c ]
+
+If 'mmc_of_parse()' fails, we must undo the previous 'dma_request_chan()'
+call.
+
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Link: https://lore.kernel.org/r/20201208203527.49262-1-christophe.jaillet@wanadoo.fr
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/host/mxs-mmc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mmc/host/mxs-mmc.c b/drivers/mmc/host/mxs-mmc.c
+index c8b8ac66ff7e..687fd68fbbcd 100644
+--- a/drivers/mmc/host/mxs-mmc.c
++++ b/drivers/mmc/host/mxs-mmc.c
+@@ -651,7 +651,7 @@ static int mxs_mmc_probe(struct platform_device *pdev)
+
+ ret = mmc_of_parse(mmc);
+ if (ret)
+- goto out_clk_disable;
++ goto out_free_dma;
+
+ mmc->ocr_avail = MMC_VDD_32_33 | MMC_VDD_33_34;
+
+--
+2.30.1
+
--- /dev/null
+From 0a422af87364e125e51e5b7e8223035a55291054 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 15 Jan 2021 22:24:35 +0100
+Subject: PCI: xgene-msi: Fix race in installing chained irq handler
+
+From: Martin Kaiser <martin@kaiser.cx>
+
+[ Upstream commit a93c00e5f975f23592895b7e83f35de2d36b7633 ]
+
+Fix a race where a pending interrupt could be received and the handler
+called before the handler's data has been setup, by converting to
+irq_set_chained_handler_and_data().
+
+See also 2cf5a03cb29d ("PCI/keystone: Fix race in installing chained IRQ
+handler").
+
+Based on the mail discussion, it seems ok to drop the error handling.
+
+Link: https://lore.kernel.org/r/20210115212435.19940-3-martin@kaiser.cx
+Signed-off-by: Martin Kaiser <martin@kaiser.cx>
+Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pci/host/pci-xgene-msi.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/pci/host/pci-xgene-msi.c b/drivers/pci/host/pci-xgene-msi.c
+index a6456b578269..b6a099371ad2 100644
+--- a/drivers/pci/host/pci-xgene-msi.c
++++ b/drivers/pci/host/pci-xgene-msi.c
+@@ -393,13 +393,9 @@ static int xgene_msi_hwirq_alloc(unsigned int cpu)
+ if (!msi_group->gic_irq)
+ continue;
+
+- irq_set_chained_handler(msi_group->gic_irq,
+- xgene_msi_isr);
+- err = irq_set_handler_data(msi_group->gic_irq, msi_group);
+- if (err) {
+- pr_err("failed to register GIC IRQ handler\n");
+- return -EINVAL;
+- }
++ irq_set_chained_handler_and_data(msi_group->gic_irq,
++ xgene_msi_isr, msi_group);
++
+ /*
+ * Statically allocate MSI GIC IRQs to each CPU core.
+ * With 8-core X-Gene v1, 2 MSI GIC IRQs are allocated
+--
+2.30.1
+
--- /dev/null
+From 76c0c04f945d356977a2bc56790ae91e88364508 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 5 Feb 2021 04:14:52 -0500
+Subject: powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
+
+From: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
+
+[ Upstream commit d137845c973147a22622cc76c7b0bc16f6206323 ]
+
+While sampling for marked events, currently we record the sample only
+if the SIAR valid bit of Sampled Instruction Event Register (SIER) is
+set. SIAR_VALID bit is used for fetching the instruction address from
+Sampled Instruction Address Register(SIAR). But there are some
+usecases, where the user is interested only in the PMU stats at each
+counter overflow and the exact IP of the overflow event is not
+required. Dropping SIAR invalid samples will fail to record some of
+the counter overflows in such cases.
+
+Example of such usecase is dumping the PMU stats (event counts) after
+some regular amount of instructions/events from the userspace (ex: via
+ptrace). Here counter overflow is indicated to userspace via signal
+handler, and captured by monitoring and enabling I/O signaling on the
+event file descriptor. In these cases, we expect to get
+sample/overflow indication after each specified sample_period.
+
+Perf event attribute will not have PERF_SAMPLE_IP set in the
+sample_type if exact IP of the overflow event is not requested. So
+while profiling if SAMPLE_IP is not set, just record the counter
+overflow irrespective of SIAR_VALID check.
+
+Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
+[mpe: Reflow comment and if formatting]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/1612516492-1428-1-git-send-email-atrajeev@linux.vnet.ibm.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/perf/core-book3s.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
+index 1f1ac446ace9..f2d8f35c181f 100644
+--- a/arch/powerpc/perf/core-book3s.c
++++ b/arch/powerpc/perf/core-book3s.c
+@@ -2010,7 +2010,17 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
+ left += period;
+ if (left <= 0)
+ left = period;
+- record = siar_valid(regs);
++
++ /*
++ * If address is not requested in the sample via
++ * PERF_SAMPLE_IP, just record that sample irrespective
++ * of SIAR valid check.
++ */
++ if (event->attr.sample_type & PERF_SAMPLE_IP)
++ record = siar_valid(regs);
++ else
++ record = 1;
++
+ event->hw.last_period = event->hw.sample_period;
+ }
+ if (left < 0x80000000LL)
+@@ -2028,9 +2038,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
+ * MMCR2. Check attr.exclude_kernel and address to drop the sample in
+ * these cases.
+ */
+- if (event->attr.exclude_kernel && record)
+- if (is_kernel_addr(mfspr(SPRN_SIAR)))
+- record = 0;
++ if (event->attr.exclude_kernel &&
++ (event->attr.sample_type & PERF_SAMPLE_IP) &&
++ is_kernel_addr(mfspr(SPRN_SIAR)))
++ record = 0;
+
+ /*
+ * Finally record data if requested.
+--
+2.30.1
+
--- /dev/null
+From 309029564c48e9cbed6c6e67daa18649a2881aa9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 17 Feb 2021 07:13:02 +0100
+Subject: s390/smp: __smp_rescan_cpus() - move cpumask away from stack
+
+From: Heiko Carstens <hca@linux.ibm.com>
+
+[ Upstream commit 62c8dca9e194326802b43c60763f856d782b225c ]
+
+Avoid a potentially large stack frame and overflow by making
+"cpumask_t avail" a static variable. There is no concurrent
+access due to the existing locking.
+
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/s390/kernel/smp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c
+index cba8e56cd63d..54eb8fe95212 100644
+--- a/arch/s390/kernel/smp.c
++++ b/arch/s390/kernel/smp.c
+@@ -727,7 +727,7 @@ static int smp_add_core(struct sclp_core_entry *core, cpumask_t *avail,
+ static int __smp_rescan_cpus(struct sclp_core_info *info, bool early)
+ {
+ struct sclp_core_entry *core;
+- cpumask_t avail;
++ static cpumask_t avail;
+ bool configured;
+ u16 core_id;
+ int nr, i;
+--
+2.30.1
+
--- /dev/null
+From a61d03cebc1d73f9ac4addf7d842f1e139c42864 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 6 Feb 2021 22:46:00 -0600
+Subject: scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
+
+From: Mike Christie <michael.christie@oracle.com>
+
+[ Upstream commit d28d48c699779973ab9a3bd0e5acfa112bd4fdef ]
+
+If iscsi_prep_scsi_cmd_pdu() fails we try to add it back to the cmdqueue,
+but we leave it partially setup. We don't have functions that can undo the
+pdu and init task setup. We only have cleanup_task which can clean up both
+parts. So this has us just fail the cmd and go through the standard cleanup
+routine and then have the SCSI midlayer retry it like is done when it fails
+in the queuecommand path.
+
+Link: https://lore.kernel.org/r/20210207044608.27585-2-michael.christie@oracle.com
+Reviewed-by: Lee Duncan <lduncan@suse.com>
+Signed-off-by: Mike Christie <michael.christie@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/libiscsi.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
+index b9c924bb6e3d..50e2943c3337 100644
+--- a/drivers/scsi/libiscsi.c
++++ b/drivers/scsi/libiscsi.c
+@@ -1568,14 +1568,9 @@ static int iscsi_data_xmit(struct iscsi_conn *conn)
+ }
+ rc = iscsi_prep_scsi_cmd_pdu(conn->task);
+ if (rc) {
+- if (rc == -ENOMEM || rc == -EACCES) {
+- spin_lock_bh(&conn->taskqueuelock);
+- list_add_tail(&conn->task->running,
+- &conn->cmdqueue);
+- conn->task = NULL;
+- spin_unlock_bh(&conn->taskqueuelock);
+- goto done;
+- } else
++ if (rc == -ENOMEM || rc == -EACCES)
++ fail_scsi_task(conn->task, DID_IMM_RETRY);
++ else
+ fail_scsi_task(conn->task, DID_ABORT);
+ spin_lock_bh(&conn->taskqueuelock);
+ continue;
+--
+2.30.1
+
net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch
net-davicom-fix-regulator-not-turned-off-on-driver-removal.patch
media-usbtv-fix-deadlock-on-suspend.patch
+udf-fix-silent-aed-taglocation-corruption.patch
+mmc-mxs-mmc-fix-a-resource-leak-in-an-error-handling.patch
+mmc-mediatek-fix-race-condition-between-msdc_request.patch
+powerpc-perf-record-counter-overflow-always-if-sampl.patch
+pci-xgene-msi-fix-race-in-installing-chained-irq-han.patch
+s390-smp-__smp_rescan_cpus-move-cpumask-away-from-st.patch
+scsi-libiscsi-fix-iscsi_prep_scsi_cmd_pdu-error-hand.patch
--- /dev/null
+From 731970a532d3bcf2d3b6c52ed4f5e57cf0b48271 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 7 Jan 2021 17:41:16 -0600
+Subject: udf: fix silent AED tagLocation corruption
+
+From: Steven J. Magnani <magnani@ieee.org>
+
+[ Upstream commit 63c9e47a1642fc817654a1bc18a6ec4bbcc0f056 ]
+
+When extending a file, udf_do_extend_file() may enter following empty
+indirect extent. At the end of udf_do_extend_file() we revert prev_epos
+to point to the last written extent. However if we end up not adding any
+further extent in udf_do_extend_file(), the reverting points prev_epos
+into the header area of the AED and following updates of the extents
+(in udf_update_extents()) will corrupt the header.
+
+Make sure that we do not follow indirect extent if we are not going to
+add any more extents so that returning back to the last written extent
+works correctly.
+
+Link: https://lore.kernel.org/r/20210107234116.6190-2-magnani@ieee.org
+Signed-off-by: Steven J. Magnani <magnani@ieee.org>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/udf/inode.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/fs/udf/inode.c b/fs/udf/inode.c
+index 149baf5f3d19..50607673a6a9 100644
+--- a/fs/udf/inode.c
++++ b/fs/udf/inode.c
+@@ -548,11 +548,14 @@ static int udf_do_extend_file(struct inode *inode,
+
+ udf_write_aext(inode, last_pos, &last_ext->extLocation,
+ last_ext->extLength, 1);
++
+ /*
+- * We've rewritten the last extent but there may be empty
+- * indirect extent after it - enter it.
++ * We've rewritten the last extent. If we are going to add
++ * more extents, we may need to enter possible following
++ * empty indirect extent.
+ */
+- udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
++ if (new_block_bytes || prealloc_len)
++ udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
+ }
+
+ /* Managed to do everything necessary? */
+--
+2.30.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
