--- /dev/null
+From 18127429a854e7607b859484880b8e26cee9ddab Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Mon, 15 Oct 2018 15:43:06 +0200
+Subject: bitops: protect variables in set_mask_bits() macro
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 18127429a854e7607b859484880b8e26cee9ddab upstream.
+
+Unprotected naming of local variables within the set_mask_bits() can easily
+lead to using the wrong scope.
+
+Noticed this when "set_mask_bits(&foo->bar, 0, mask)" behaved as no-op.
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: 00a1a053ebe5 ("ext4: atomically set inode->i_flags in ext4_set_inode_flags()")
+Cc: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/bitops.h | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/include/linux/bitops.h
++++ b/include/linux/bitops.h
+@@ -236,17 +236,17 @@ static __always_inline void __assign_bit
+ #ifdef __KERNEL__
+
+ #ifndef set_mask_bits
+-#define set_mask_bits(ptr, _mask, _bits) \
++#define set_mask_bits(ptr, mask, bits) \
+ ({ \
+- const typeof(*ptr) mask = (_mask), bits = (_bits); \
+- typeof(*ptr) old, new; \
++ const typeof(*(ptr)) mask__ = (mask), bits__ = (bits); \
++ typeof(*(ptr)) old__, new__; \
+ \
+ do { \
+- old = READ_ONCE(*ptr); \
+- new = (old & ~mask) | bits; \
+- } while (cmpxchg(ptr, old, new) != old); \
++ old__ = READ_ONCE(*(ptr)); \
++ new__ = (old__ & ~mask__) | bits__; \
++ } while (cmpxchg(ptr, old__, new__) != old__); \
+ \
+- new; \
++ new__; \
+ })
+ #endif
+
--- /dev/null
+From 94e297c50b529f5d01cfd1dbc808d61e95180ab7 Mon Sep 17 00:00:00 2001
+From: Sam Protsenko <semen.protsenko@linaro.org>
+Date: Fri, 2 Nov 2018 15:47:53 -0700
+Subject: include/linux/notifier.h: SRCU: fix ctags
+
+From: Sam Protsenko <semen.protsenko@linaro.org>
+
+commit 94e297c50b529f5d01cfd1dbc808d61e95180ab7 upstream.
+
+ctags indexing ("make tags" command) throws this warning:
+
+ ctags: Warning: include/linux/notifier.h:125:
+ null expansion of name pattern "\1"
+
+This is the result of DEFINE_PER_CPU() macro expansion. Fix that by
+getting rid of line break.
+
+Similar fix was already done in commit 25528213fe9f ("tags: Fix
+DEFINE_PER_CPU expansions"), but this one probably wasn't noticed.
+
+Link: http://lkml.kernel.org/r/20181030202808.28027-1-semen.protsenko@linaro.org
+Fixes: 9c80172b902d ("kernel/SRCU: provide a static initializer")
+Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/notifier.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/include/linux/notifier.h
++++ b/include/linux/notifier.h
+@@ -122,8 +122,7 @@ extern void srcu_init_notifier_head(stru
+
+ #ifdef CONFIG_TREE_SRCU
+ #define _SRCU_NOTIFIER_HEAD(name, mod) \
+- static DEFINE_PER_CPU(struct srcu_data, \
+- name##_head_srcu_data); \
++ static DEFINE_PER_CPU(struct srcu_data, name##_head_srcu_data); \
+ mod struct srcu_notifier_head name = \
+ SRCU_NOTIFIER_INIT(name, name##_head_srcu_data)
+
--- /dev/null
+From aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Wed, 1 Apr 2020 21:10:58 -0700
+Subject: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd upstream.
+
+Using an empty (malformed) nodelist that is not caught during mount option
+parsing leads to a stack-out-of-bounds access.
+
+The option string that was used was: "mpol=prefer:,". However,
+MPOL_PREFERRED requires a single node number, which is not being provided
+here.
+
+Add a check that 'nodes' is not empty after parsing for MPOL_PREFERRED's
+nodeid.
+
+Fixes: 095f1fc4ebf3 ("mempolicy: rework shmem mpol parsing and display")
+Reported-by: Entropy Moe <3ntr0py1337@gmail.com>
+Reported-by: syzbot+b055b1a6b2b958707a21@syzkaller.appspotmail.com
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Tested-by: syzbot+b055b1a6b2b958707a21@syzkaller.appspotmail.com
+Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
+Link: http://lkml.kernel.org/r/89526377-7eb6-b662-e1d8-4430928abde9@infradead.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mempolicy.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -2832,7 +2832,9 @@ int mpol_parse_str(char *str, struct mem
+ switch (mode) {
+ case MPOL_PREFERRED:
+ /*
+- * Insist on a nodelist of one node only
++ * Insist on a nodelist of one node only, although later
++ * we use first_node(nodes) to grab a single node, so here
++ * nodelist (or nodes) cannot be empty.
+ */
+ if (nodelist) {
+ char *rest = nodelist;
+@@ -2840,6 +2842,8 @@ int mpol_parse_str(char *str, struct mem
+ rest++;
+ if (*rest)
+ goto out;
++ if (nodes_empty(nodes))
++ goto out;
+ }
+ break;
+ case MPOL_INTERLEAVE:
--- /dev/null
+From f6aa5beb45be27968a4df90176ca36dfc4363d37 Mon Sep 17 00:00:00 2001
+From: Marek Vasut <marex@denx.de>
+Date: Mon, 3 Sep 2018 02:44:52 +0200
+Subject: serial: 8250: Fix clearing FIFOs in RS485 mode again
+
+From: Marek Vasut <marex@denx.de>
+
+commit f6aa5beb45be27968a4df90176ca36dfc4363d37 upstream.
+
+The 8250 FIFOs indeed need to be cleared after stopping transmission in
+RS485 mode without SER_RS485_RX_DURING_TX flag set. But there are two
+problems with the approach taken by the previous patch from Fixes tag.
+
+First, serial8250_clear_fifos() should clear fifos, but what it really
+does is it enables the FIFOs unconditionally if present, clears them
+and then sets the FCR register to zero, which effectively disables the
+FIFOs. In case the FIFO is disabled, enabling it and clearing it makes
+no sense and in fact can trigger misbehavior of the 8250 core. Moreover,
+the FCR register may contain other FIFO configuration bits which may not
+be writable unconditionally and writing them incorrectly can trigger
+misbehavior of the 8250 core too. (ie. AM335x UART swallows the first
+byte and retransmits the last byte twice because of this FCR write).
+
+Second, serial8250_clear_and_reinit_fifos() completely reloads the FCR,
+but what really has to happen at the end of the RS485 transmission is
+clearing of the FIFOs and nothing else.
+
+This patch repairs serial8250_clear_fifos() so that it really only
+clears the FIFOs by operating on FCR[2:1] bits and leaves all the
+other bits alone. It also undoes serial8250_clear_and_reinit_fifos()
+from __do_stop_tx_rs485() as serial8250_clear_fifos() is sufficient.
+
+Signed-off-by: Marek Vasut <marex@denx.de>
+Fixes: 2bed8a8e7072 ("Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break")
+Cc: Daniel Jedrychowski <avistel@gmail.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: stable <stable@vger.kernel.org> # let it bake a bit before merging
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/8250/8250_port.c | 29 ++++++++++++++++++++++++-----
+ 1 file changed, 24 insertions(+), 5 deletions(-)
+
+--- a/drivers/tty/serial/8250/8250_port.c
++++ b/drivers/tty/serial/8250/8250_port.c
+@@ -552,11 +552,30 @@ static unsigned int serial_icr_read(stru
+ */
+ static void serial8250_clear_fifos(struct uart_8250_port *p)
+ {
++ unsigned char fcr;
++ unsigned char clr_mask = UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT;
++
+ if (p->capabilities & UART_CAP_FIFO) {
+- serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO);
+- serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO |
+- UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT);
+- serial_out(p, UART_FCR, 0);
++ /*
++ * Make sure to avoid changing FCR[7:3] and ENABLE_FIFO bits.
++ * In case ENABLE_FIFO is not set, there is nothing to flush
++ * so just return. Furthermore, on certain implementations of
++ * the 8250 core, the FCR[7:3] bits may only be changed under
++ * specific conditions and changing them if those conditions
++ * are not met can have nasty side effects. One such core is
++ * the 8250-omap present in TI AM335x.
++ */
++ fcr = serial_in(p, UART_FCR);
++
++ /* FIFO is not enabled, there's nothing to clear. */
++ if (!(fcr & UART_FCR_ENABLE_FIFO))
++ return;
++
++ fcr |= clr_mask;
++ serial_out(p, UART_FCR, fcr);
++
++ fcr &= ~clr_mask;
++ serial_out(p, UART_FCR, fcr);
+ }
+ }
+
+@@ -1448,7 +1467,7 @@ static void __do_stop_tx_rs485(struct ua
+ * Enable previously disabled RX interrupts.
+ */
+ if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) {
+- serial8250_clear_and_reinit_fifos(p);
++ serial8250_clear_fifos(p);
+
+ p->ier |= UART_IER_RLSI | UART_IER_RDI;
+ serial_port_out(&p->port, UART_IER, p->ier);
rxrpc-fix-sendmsg-msg_waitall-handling.patch
net-fix-tx-hash-bound-checking.patch
padata-always-acquire-cpu_hotplug_lock-before-pinst-lock.patch
+bitops-protect-variables-in-set_mask_bits-macro.patch
+serial-8250-fix-clearing-fifos-in-rs485-mode-again.patch
+include-linux-notifier.h-srcu-fix-ctags.patch
+mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
