--- /dev/null
+From 12eb53e79a81ac6fe0d299e5a3a466f8ba424134 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Sep 2019 17:42:28 +0100
+Subject: Btrfs: fix missing error return if writeback for extent buffer never
+ started
+
+From: Filipe Manana <fdmanana@suse.com>
+
+[ Upstream commit 0607eb1d452d45c5ac4c745a9e9e0d95152ea9d0 ]
+
+If lock_extent_buffer_for_io() fails, it returns a negative value, but its
+caller btree_write_cache_pages() ignores such error. This means that a
+call to flush_write_bio(), from lock_extent_buffer_for_io(), might have
+failed. We should make btree_write_cache_pages() notice such error values
+and stop immediatelly, making sure filemap_fdatawrite_range() returns an
+error to the transaction commit path. A failure from flush_write_bio()
+should also result in the endio callback end_bio_extent_buffer_writepage()
+being invoked, which sets the BTRFS_FS_*_ERR bits appropriately, so that
+there's no risk a transaction or log commit doesn't catch a writeback
+failure.
+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/extent_io.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
+index d6c827a9ebc56..5c2f4f58da8ff 100644
+--- a/fs/btrfs/extent_io.c
++++ b/fs/btrfs/extent_io.c
+@@ -3879,6 +3879,10 @@ int btree_write_cache_pages(struct address_space *mapping,
+ if (!ret) {
+ free_extent_buffer(eb);
+ continue;
++ } else if (ret < 0) {
++ done = 1;
++ free_extent_buffer(eb);
++ break;
+ }
+
+ ret = write_one_eb(eb, fs_info, wbc, &epd);
+--
+2.27.0
+
--- /dev/null
+From 3e73b340f1ca560f2558f80536048e5c9a3a911f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 16 Sep 2020 05:19:35 -0400
+Subject: geneve: add transport ports in route lookup for geneve
+
+From: Mark Gray <mark.d.gray@redhat.com>
+
+commit 34beb21594519ce64a55a498c2fe7d567bc1ca20 upstream.
+
+This patch adds transport ports information for route lookup so that
+IPsec can select Geneve tunnel traffic to do encryption. This is
+needed for OVS/OVN IPsec with encrypted Geneve tunnels.
+
+This can be tested by configuring a host-host VPN using an IKE
+daemon and specifying port numbers. For example, for an
+Openswan-type configuration, the following parameters should be
+configured on both hosts and IPsec set up as-per normal:
+
+$ cat /etc/ipsec.conf
+
+conn in
+...
+left=$IP1
+right=$IP2
+...
+leftprotoport=udp/6081
+rightprotoport=udp
+...
+conn out
+...
+left=$IP1
+right=$IP2
+...
+leftprotoport=udp
+rightprotoport=udp/6081
+...
+
+The tunnel can then be setup using "ip" on both hosts (but
+changing the relevant IP addresses):
+
+$ ip link add tun type geneve id 1000 remote $IP2
+$ ip addr add 192.168.0.1/24 dev tun
+$ ip link set tun up
+
+This can then be tested by pinging from $IP1:
+
+$ ping 192.168.0.2
+
+Without this patch the traffic is unencrypted on the wire.
+
+Fixes: 2d07dc79fe04 ("geneve: add initial netdev driver for GENEVE tunnels")
+Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
+Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
+Reviewed-by: Greg Rose <gvrose8192@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+[bwh: Backported to 4.9:
+ - Use geneve->dst_port instead of geneve->cfg.info.key.tp_dst
+ - Adjust context]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/geneve.c | 36 ++++++++++++++++++++++++++----------
+ 1 file changed, 26 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
+index 35d8c636de123..d89995f4bd433 100644
+--- a/drivers/net/geneve.c
++++ b/drivers/net/geneve.c
+@@ -732,7 +732,8 @@ static int geneve6_build_skb(struct dst_entry *dst, struct sk_buff *skb,
+ static struct rtable *geneve_get_v4_rt(struct sk_buff *skb,
+ struct net_device *dev,
+ struct flowi4 *fl4,
+- struct ip_tunnel_info *info)
++ struct ip_tunnel_info *info,
++ __be16 dport, __be16 sport)
+ {
+ bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
+ struct geneve_dev *geneve = netdev_priv(dev);
+@@ -746,6 +747,8 @@ static struct rtable *geneve_get_v4_rt(struct sk_buff *skb,
+ memset(fl4, 0, sizeof(*fl4));
+ fl4->flowi4_mark = skb->mark;
+ fl4->flowi4_proto = IPPROTO_UDP;
++ fl4->fl4_dport = dport;
++ fl4->fl4_sport = sport;
+
+ if (info) {
+ fl4->daddr = info->key.u.ipv4.dst;
+@@ -791,7 +794,8 @@ static struct rtable *geneve_get_v4_rt(struct sk_buff *skb,
+ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
+ struct net_device *dev,
+ struct flowi6 *fl6,
+- struct ip_tunnel_info *info)
++ struct ip_tunnel_info *info,
++ __be16 dport, __be16 sport)
+ {
+ bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
+ struct geneve_dev *geneve = netdev_priv(dev);
+@@ -807,6 +811,8 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
+ memset(fl6, 0, sizeof(*fl6));
+ fl6->flowi6_mark = skb->mark;
+ fl6->flowi6_proto = IPPROTO_UDP;
++ fl6->fl6_dport = dport;
++ fl6->fl6_sport = sport;
+
+ if (info) {
+ fl6->daddr = info->key.u.ipv6.dst;
+@@ -894,13 +900,14 @@ static netdev_tx_t geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev,
+ goto tx_error;
+ }
+
+- rt = geneve_get_v4_rt(skb, dev, &fl4, info);
++ sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
++ rt = geneve_get_v4_rt(skb, dev, &fl4, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(rt)) {
+ err = PTR_ERR(rt);
+ goto tx_error;
+ }
+
+- sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
+ skb_reset_mac_header(skb);
+
+ if (info) {
+@@ -983,13 +990,14 @@ static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev,
+ }
+ }
+
+- dst = geneve_get_v6_dst(skb, dev, &fl6, info);
++ sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
++ dst = geneve_get_v6_dst(skb, dev, &fl6, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(dst)) {
+ err = PTR_ERR(dst);
+ goto tx_error;
+ }
+
+- sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
+ skb_reset_mac_header(skb);
+
+ if (info) {
+@@ -1114,9 +1122,14 @@ static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ struct dst_entry *dst;
+ struct flowi6 fl6;
+ #endif
++ __be16 sport;
+
+ if (ip_tunnel_info_af(info) == AF_INET) {
+- rt = geneve_get_v4_rt(skb, dev, &fl4, info);
++ sport = udp_flow_src_port(geneve->net, skb,
++ 1, USHRT_MAX, true);
++
++ rt = geneve_get_v4_rt(skb, dev, &fl4, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(rt))
+ return PTR_ERR(rt);
+
+@@ -1124,7 +1137,11 @@ static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ info->key.u.ipv4.src = fl4.saddr;
+ #if IS_ENABLED(CONFIG_IPV6)
+ } else if (ip_tunnel_info_af(info) == AF_INET6) {
+- dst = geneve_get_v6_dst(skb, dev, &fl6, info);
++ sport = udp_flow_src_port(geneve->net, skb,
++ 1, USHRT_MAX, true);
++
++ dst = geneve_get_v6_dst(skb, dev, &fl6, info,
++ geneve->dst_port, sport);
+ if (IS_ERR(dst))
+ return PTR_ERR(dst);
+
+@@ -1135,8 +1152,7 @@ static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ return -EINVAL;
+ }
+
+- info->key.tp_src = udp_flow_src_port(geneve->net, skb,
+- 1, USHRT_MAX, true);
++ info->key.tp_src = sport;
+ info->key.tp_dst = geneve->dst_port;
+ return 0;
+ }
+--
+2.27.0
+
--- /dev/null
+From 665bdd95eacbdf4c136ae7ae6f31de5c6a9caa57 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 29 Mar 2019 15:08:36 -0700
+Subject: i40e: add num_vectors checker in iwarp handler
+
+From: Sergey Nemov <sergey.nemov@intel.com>
+
+commit 7015ca3df965378bcef072cca9cd63ed098665b5 upstream.
+
+Field num_vectors from struct virtchnl_iwarp_qvlist_info should not be
+larger than num_msix_vectors_vf in the hw struct. The iwarp uses the
+same set of vectors as the LAN VF driver.
+
+Signed-off-by: Sergey Nemov <sergey.nemov@intel.com>
+Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+[bwh: Backported to 4.9: adjust context]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index 0f54269ffc463..0ac09c9e4aaac 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -418,6 +418,16 @@ static int i40e_config_iwarp_qvlist(struct i40e_vf *vf,
+ u32 next_q_idx, next_q_type;
+ u32 msix_vf, size;
+
++ msix_vf = pf->hw.func_caps.num_msix_vectors_vf;
++
++ if (qvlist_info->num_vectors > msix_vf) {
++ dev_warn(&pf->pdev->dev,
++ "Incorrect number of iwarp vectors %u. Maximum %u allowed.\n",
++ qvlist_info->num_vectors,
++ msix_vf);
++ goto err;
++ }
++
+ size = sizeof(struct i40e_virtchnl_iwarp_qvlist_info) +
+ (sizeof(struct i40e_virtchnl_iwarp_qv_info) *
+ (qvlist_info->num_vectors - 1));
+--
+2.27.0
+
--- /dev/null
+From 21bf4d296979dbd71d4c16a1523c2513af7635b1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 6 Aug 2017 23:37:01 +0200
+Subject: i40e: Fix a potential NULL pointer dereference
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 54902349ee95045b67e2f0c39b75f5418540064b upstream.
+
+If 'kzalloc()' fails, a NULL pointer will be dereferenced.
+Return an error code (-ENOMEM) instead.
+
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index 7484ad3c955db..0f54269ffc463 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -422,6 +422,9 @@ static int i40e_config_iwarp_qvlist(struct i40e_vf *vf,
+ (sizeof(struct i40e_virtchnl_iwarp_qv_info) *
+ (qvlist_info->num_vectors - 1));
+ vf->qvlist_info = kzalloc(size, GFP_KERNEL);
++ if (!vf->qvlist_info)
++ return -ENOMEM;
++
+ vf->qvlist_info->num_vectors = qvlist_info->num_vectors;
+
+ msix_vf = pf->hw.func_caps.num_msix_vectors_vf;
+--
+2.27.0
+
--- /dev/null
+From 06f9c973dbaf4f79a6ef6606efea0b47e9376a1d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 15 Apr 2019 14:43:07 -0700
+Subject: i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
+
+From: Martyna Szapar <martyna.szapar@intel.com>
+
+commit 24474f2709af6729b9b1da1c5e160ab62e25e3a4 upstream.
+
+Fixed possible memory leak in i40e_vc_add_cloud_filter function:
+cfilter is being allocated and in some error conditions
+the function returns without freeing the memory.
+
+Fix of integer truncation from u16 (type of queue_id value) to u8
+when calling i40e_vc_isvalid_queue_id function.
+
+Signed-off-by: Martyna Szapar <martyna.szapar@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+[bwh: Backported to 4.9: i40e_vc_add_cloud_filter() does not exist
+ but the integer truncation is still possible]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index 8499fe7cff3bb..e6798b0d1cae0 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -188,7 +188,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct i40e_vf *vf, u16 vsi_id)
+ * check for the valid queue id
+ **/
+ static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id,
+- u8 qid)
++ u16 qid)
+ {
+ struct i40e_pf *pf = vf->pf;
+ struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id);
+--
+2.27.0
+
--- /dev/null
+From 9b02f10d9f67c97455c1360ab4a03daf9f32d73d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Apr 2019 13:31:53 -0700
+Subject: i40e: Memory leak in i40e_config_iwarp_qvlist
+
+From: Martyna Szapar <martyna.szapar@intel.com>
+
+commit 0b63644602cfcbac849f7ea49272a39e90fa95eb upstream.
+
+Added freeing the old allocation of vf->qvlist_info in function
+i40e_config_iwarp_qvlist before overwriting it with
+the new allocation.
+
+Signed-off-by: Martyna Szapar <martyna.szapar@intel.com>
+Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+[bwh: Backported to 4.9: adjust context]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../ethernet/intel/i40e/i40e_virtchnl_pf.c | 23 ++++++++++++-------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index e6798b0d1cae0..e3e02ec8f1498 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -417,6 +417,7 @@ static int i40e_config_iwarp_qvlist(struct i40e_vf *vf,
+ u32 v_idx, i, reg_idx, reg;
+ u32 next_q_idx, next_q_type;
+ u32 msix_vf, size;
++ int ret = 0;
+
+ msix_vf = pf->hw.func_caps.num_msix_vectors_vf;
+
+@@ -425,16 +426,19 @@ static int i40e_config_iwarp_qvlist(struct i40e_vf *vf,
+ "Incorrect number of iwarp vectors %u. Maximum %u allowed.\n",
+ qvlist_info->num_vectors,
+ msix_vf);
+- goto err;
++ ret = -EINVAL;
++ goto err_out;
+ }
+
+ size = sizeof(struct i40e_virtchnl_iwarp_qvlist_info) +
+ (sizeof(struct i40e_virtchnl_iwarp_qv_info) *
+ (qvlist_info->num_vectors - 1));
++ kfree(vf->qvlist_info);
+ vf->qvlist_info = kzalloc(size, GFP_KERNEL);
+- if (!vf->qvlist_info)
+- return -ENOMEM;
+-
++ if (!vf->qvlist_info) {
++ ret = -ENOMEM;
++ goto err_out;
++ }
+ vf->qvlist_info->num_vectors = qvlist_info->num_vectors;
+
+ msix_vf = pf->hw.func_caps.num_msix_vectors_vf;
+@@ -445,8 +449,10 @@ static int i40e_config_iwarp_qvlist(struct i40e_vf *vf,
+ v_idx = qv_info->v_idx;
+
+ /* Validate vector id belongs to this vf */
+- if (!i40e_vc_isvalid_vector_id(vf, v_idx))
+- goto err;
++ if (!i40e_vc_isvalid_vector_id(vf, v_idx)) {
++ ret = -EINVAL;
++ goto err_free;
++ }
+
+ vf->qvlist_info->qv_info[i] = *qv_info;
+
+@@ -488,10 +494,11 @@ static int i40e_config_iwarp_qvlist(struct i40e_vf *vf,
+ }
+
+ return 0;
+-err:
++err_free:
+ kfree(vf->qvlist_info);
+ vf->qvlist_info = NULL;
+- return -EINVAL;
++err_out:
++ return ret;
+ }
+
+ /**
+--
+2.27.0
+
--- /dev/null
+From 9dd737f4af50ba3c0562ac923be41dbf519c1a8d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 29 Mar 2019 15:08:37 -0700
+Subject: i40e: Wrong truncation from u16 to u8
+
+From: Grzegorz Siwik <grzegorz.siwik@intel.com>
+
+commit c004804dceee9ca384d97d9857ea2e2795c2651d upstream.
+
+In this patch fixed wrong truncation method from u16 to u8 during
+validation.
+
+It was changed by changing u8 to u32 parameter in method declaration
+and arguments were changed to u32.
+
+Signed-off-by: Grzegorz Siwik <grzegorz.siwik@intel.com>
+Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index 0ac09c9e4aaac..8499fe7cff3bb 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -203,7 +203,7 @@ static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id,
+ *
+ * check for the valid vector id
+ **/
+-static inline bool i40e_vc_isvalid_vector_id(struct i40e_vf *vf, u8 vector_id)
++static inline bool i40e_vc_isvalid_vector_id(struct i40e_vf *vf, u32 vector_id)
+ {
+ struct i40e_pf *pf = vf->pf;
+
+--
+2.27.0
+
--- /dev/null
+From cd52824282095ff7c6aeb867fe82ab33872b5661 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 2 Oct 2019 13:42:06 +0100
+Subject: pinctrl: devicetree: Avoid taking direct reference to device name
+ string
+
+From: Will Deacon <will@kernel.org>
+
+commit be4c60b563edee3712d392aaeb0943a768df7023 upstream.
+
+When populating the pinctrl mapping table entries for a device, the
+'dev_name' field for each entry is initialised to point directly at the
+string returned by 'dev_name()' for the device and subsequently used by
+'create_pinctrl()' when looking up the mappings for the device being
+probed.
+
+This is unreliable in the presence of calls to 'dev_set_name()', which may
+reallocate the device name string leaving the pinctrl mappings with a
+dangling reference. This then leads to a use-after-free every time the
+name is dereferenced by a device probe:
+
+ | BUG: KASAN: invalid-access in strcmp+0x20/0x64
+ | Read of size 1 at addr 13ffffc153494b00 by task modprobe/590
+ | Pointer tag: [13], memory tag: [fe]
+ |
+ | Call trace:
+ | __kasan_report+0x16c/0x1dc
+ | kasan_report+0x10/0x18
+ | check_memory_region
+ | __hwasan_load1_noabort+0x4c/0x54
+ | strcmp+0x20/0x64
+ | create_pinctrl+0x18c/0x7f4
+ | pinctrl_get+0x90/0x114
+ | devm_pinctrl_get+0x44/0x98
+ | pinctrl_bind_pins+0x5c/0x450
+ | really_probe+0x1c8/0x9a4
+ | driver_probe_device+0x120/0x1d8
+
+Follow the example of sysfs, and duplicate the device name string before
+stashing it away in the pinctrl mapping entries.
+
+Cc: Linus Walleij <linus.walleij@linaro.org>
+Reported-by: Elena Petrova <lenaptr@google.com>
+Tested-by: Elena Petrova <lenaptr@google.com>
+Signed-off-by: Will Deacon <will@kernel.org>
+Link: https://lore.kernel.org/r/20191002124206.22928-1-will@kernel.org
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+[bwh: Backported to 4.9: adjust context]
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/devicetree.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/pinctrl/devicetree.c b/drivers/pinctrl/devicetree.c
+index 54dad89fc9bfe..d32aedfc6dd03 100644
+--- a/drivers/pinctrl/devicetree.c
++++ b/drivers/pinctrl/devicetree.c
+@@ -40,6 +40,13 @@ struct pinctrl_dt_map {
+ static void dt_free_map(struct pinctrl_dev *pctldev,
+ struct pinctrl_map *map, unsigned num_maps)
+ {
++ int i;
++
++ for (i = 0; i < num_maps; ++i) {
++ kfree_const(map[i].dev_name);
++ map[i].dev_name = NULL;
++ }
++
+ if (pctldev) {
+ const struct pinctrl_ops *ops = pctldev->desc->pctlops;
+ ops->dt_free_map(pctldev, map, num_maps);
+@@ -73,7 +80,13 @@ static int dt_remember_or_free_map(struct pinctrl *p, const char *statename,
+
+ /* Initialize common mapping table entry fields */
+ for (i = 0; i < num_maps; i++) {
+- map[i].dev_name = dev_name(p->dev);
++ const char *devname;
++
++ devname = kstrdup_const(dev_name(p->dev), GFP_KERNEL);
++ if (!devname)
++ goto err_free_map;
++
++ map[i].dev_name = devname;
+ map[i].name = statename;
+ if (pctldev)
+ map[i].ctrl_dev_name = dev_name(pctldev->dev);
+@@ -81,11 +94,8 @@ static int dt_remember_or_free_map(struct pinctrl *p, const char *statename,
+
+ /* Remember the converted mapping table entries */
+ dt_map = kzalloc(sizeof(*dt_map), GFP_KERNEL);
+- if (!dt_map) {
+- dev_err(p->dev, "failed to alloc struct pinctrl_dt_map\n");
+- dt_free_map(pctldev, map, num_maps);
+- return -ENOMEM;
+- }
++ if (!dt_map)
++ goto err_free_map;
+
+ dt_map->pctldev = pctldev;
+ dt_map->map = map;
+@@ -93,6 +103,10 @@ static int dt_remember_or_free_map(struct pinctrl *p, const char *statename,
+ list_add_tail(&dt_map->node, &p->dt_maps);
+
+ return pinctrl_register_map(map, num_maps, false);
++
++err_free_map:
++ dt_free_map(pctldev, map, num_maps);
++ return -ENOMEM;
+ }
+
+ struct pinctrl_dev *of_pinctrl_get(struct device_node *np)
+--
+2.27.0
+
can-peak_usb-add-range-checking-in-decode-operations.patch
can-peak_usb-peak_usb_get_ts_time-fix-timestamp-wrap.patch
xfs-flush-new-eof-page-on-truncate-to-avoid-post-eof.patch
+btrfs-fix-missing-error-return-if-writeback-for-exte.patch
+pinctrl-devicetree-avoid-taking-direct-reference-to-.patch
+i40e-fix-a-potential-null-pointer-dereference.patch
+i40e-add-num_vectors-checker-in-iwarp-handler.patch
+i40e-wrong-truncation-from-u16-to-u8.patch
+i40e-fix-of-memory-leak-and-integer-truncation-in-i4.patch
+i40e-memory-leak-in-i40e_config_iwarp_qvlist.patch
+geneve-add-transport-ports-in-route-lookup-for-genev.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
