--- /dev/null
+From 25faa4bd37c10f19e4b848b9032a17a3d44c6f09 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 13 Apr 2020 10:20:29 +0200
+Subject: ALSA: hda: Don't release card at firmware loading error
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 25faa4bd37c10f19e4b848b9032a17a3d44c6f09 upstream.
+
+At the error path of the firmware loading error, the driver tries to
+release the card object and set NULL to drvdata. This may be referred
+badly at the possible PM action, as the driver itself is still bound
+and the PM callbacks read the card object.
+
+Instead, we continue the probing as if it were no option set. This is
+often a better choice than the forced abort, too.
+
+Fixes: 5cb543dba986 ("ALSA: hda - Deferred probing with request_firmware_nowait()")
+BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207043
+Link: https://lore.kernel.org/r/20200413082034.25166-2-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/hda_intel.c | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -1839,24 +1839,15 @@ static void azx_firmware_cb(const struct
+ {
+ struct snd_card *card = context;
+ struct azx *chip = card->private_data;
+- struct pci_dev *pci = chip->pci;
+
+- if (!fw) {
+- dev_err(card->dev, "Cannot load firmware, aborting\n");
+- goto error;
+- }
+-
+- chip->fw = fw;
++ if (fw)
++ chip->fw = fw;
++ else
++ dev_err(card->dev, "Cannot load firmware, continue without patching\n");
+ if (!chip->disabled) {
+ /* continue probing */
+- if (azx_probe_continue(chip))
+- goto error;
++ azx_probe_continue(chip);
+ }
+- return; /* OK */
+-
+- error:
+- snd_card_free(card);
+- pci_set_drvdata(pci, NULL);
+ }
+ #endif
+
--- /dev/null
+From b3fb36ed694b05738d45218ea72cf7feb10ce2b1 Mon Sep 17 00:00:00 2001
+From: Frank Rowand <frank.rowand@sony.com>
+Date: Thu, 16 Apr 2020 16:42:46 -0500
+Subject: of: unittest: kmemleak on changeset destroy
+
+From: Frank Rowand <frank.rowand@sony.com>
+
+commit b3fb36ed694b05738d45218ea72cf7feb10ce2b1 upstream.
+
+kmemleak reports several memory leaks from devicetree unittest.
+This is the fix for problem 1 of 5.
+
+of_unittest_changeset() reaches deeply into the dynamic devicetree
+functions. Several nodes were left with an elevated reference
+count and thus were not properly cleaned up. Fix the reference
+counts so that the memory will be freed.
+
+Fixes: 201c910bd689 ("of: Transactional DT support.")
+Reported-by: Erhard F. <erhard_f@mailbox.org>
+Signed-off-by: Frank Rowand <frank.rowand@sony.com>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/of/unittest.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/of/unittest.c
++++ b/drivers/of/unittest.c
+@@ -544,6 +544,10 @@ static void __init of_unittest_changeset
+ mutex_unlock(&of_mutex);
+
+ of_changeset_destroy(&chgset);
++
++ of_node_put(n1);
++ of_node_put(n2);
++ of_node_put(n21);
+ #endif
+ }
+
--- /dev/null
+From 849f8583e955dbe3a1806e03ecacd5e71cce0a08 Mon Sep 17 00:00:00 2001
+From: Li Bin <huawei.libin@huawei.com>
+Date: Mon, 13 Apr 2020 19:29:21 +0800
+Subject: scsi: sg: add sg_remove_request in sg_common_write
+
+From: Li Bin <huawei.libin@huawei.com>
+
+commit 849f8583e955dbe3a1806e03ecacd5e71cce0a08 upstream.
+
+If the dxfer_len is greater than 256M then the request is invalid and we
+need to call sg_remove_request in sg_common_write.
+
+Link: https://lore.kernel.org/r/1586777361-17339-1-git-send-email-huawei.libin@huawei.com
+Fixes: f930c7043663 ("scsi: sg: only check for dxfer_len greater than 256M")
+Acked-by: Douglas Gilbert <dgilbert@interlog.com>
+Signed-off-by: Li Bin <huawei.libin@huawei.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/sg.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/sg.c
++++ b/drivers/scsi/sg.c
+@@ -820,8 +820,10 @@ sg_common_write(Sg_fd * sfp, Sg_request
+ "sg_common_write: scsi opcode=0x%02x, cmd_size=%d\n",
+ (int) cmnd[0], (int) hp->cmd_len));
+
+- if (hp->dxfer_len >= SZ_256M)
++ if (hp->dxfer_len >= SZ_256M) {
++ sg_remove_request(sfp, srp);
+ return -EINVAL;
++ }
+
+ k = sg_start_req(srp, cmnd);
+ if (k) {
ext4-do-not-zeroout-extents-beyond-i_disksize.patch
dm-flakey-check-for-null-arg_name-in-parse_features.patch
kvm-x86-host-feature-ssbd-doesn-t-imply-guest-featur.patch
+x86-mitigations-clear-cpu-buffers-on-the-syscall-fast-path.patch
+tracing-fix-the-race-between-registering-snapshot-event-trigger-and-triggering-snapshot-operation.patch
+scsi-sg-add-sg_remove_request-in-sg_common_write.patch
+alsa-hda-don-t-release-card-at-firmware-loading-error.patch
+of-unittest-kmemleak-on-changeset-destroy.patch
+video-fbdev-sis-remove-unnecessary-parentheses-and-commented-code.patch
--- /dev/null
+From 0bbe7f719985efd9adb3454679ecef0984cb6800 Mon Sep 17 00:00:00 2001
+From: Xiao Yang <yangx.jy@cn.fujitsu.com>
+Date: Tue, 14 Apr 2020 09:51:45 +0800
+Subject: tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
+
+From: Xiao Yang <yangx.jy@cn.fujitsu.com>
+
+commit 0bbe7f719985efd9adb3454679ecef0984cb6800 upstream.
+
+Traced event can trigger 'snapshot' operation(i.e. calls snapshot_trigger()
+or snapshot_count_trigger()) when register_snapshot_trigger() has completed
+registration but doesn't allocate buffer for 'snapshot' event trigger. In
+the rare case, 'snapshot' operation always detects the lack of allocated
+buffer so make register_snapshot_trigger() allocate buffer first.
+
+trigger-snapshot.tc in kselftest reproduces the issue on slow vm:
+-----------------------------------------------------------
+cat trace
+...
+ftracetest-3028 [002] .... 236.784290: sched_process_fork: comm=ftracetest pid=3028 child_comm=ftracetest child_pid=3036
+ <...>-2875 [003] .... 240.460335: tracing_snapshot_instance_cond: *** SNAPSHOT NOT ALLOCATED ***
+ <...>-2875 [003] .... 240.460338: tracing_snapshot_instance_cond: *** stopping trace here! ***
+-----------------------------------------------------------
+
+Link: http://lkml.kernel.org/r/20200414015145.66236-1-yangx.jy@cn.fujitsu.com
+
+Cc: stable@vger.kernel.org
+Fixes: 93e31ffbf417a ("tracing: Add 'snapshot' event trigger command")
+Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_events_trigger.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+--- a/kernel/trace/trace_events_trigger.c
++++ b/kernel/trace/trace_events_trigger.c
+@@ -910,14 +910,10 @@ register_snapshot_trigger(char *glob, st
+ struct event_trigger_data *data,
+ struct trace_event_file *file)
+ {
+- int ret = register_trigger(glob, ops, data, file);
++ if (tracing_alloc_snapshot() != 0)
++ return 0;
+
+- if (ret > 0 && tracing_alloc_snapshot() != 0) {
+- unregister_trigger(glob, ops, data, file);
+- ret = 0;
+- }
+-
+- return ret;
++ return register_trigger(glob, ops, data, file);
+ }
+
+ static int
--- /dev/null
+From 864eb1afc60cb43e7df879b97f8ca0d719bbb735 Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <natechancellor@gmail.com>
+Date: Mon, 8 Oct 2018 12:57:36 +0200
+Subject: video: fbdev: sis: Remove unnecessary parentheses and commented code
+
+From: Nathan Chancellor <natechancellor@gmail.com>
+
+commit 864eb1afc60cb43e7df879b97f8ca0d719bbb735 upstream.
+
+Clang warns when multiple pairs of parentheses are used for a single
+conditional statement.
+
+drivers/video/fbdev/sis/init301.c:851:42: warning: equality comparison
+with extraneous parentheses [-Wparentheses-equality]
+ } else if((SiS_Pr->SiS_IF_DEF_LVDS == 1) /* ||
+ ~~~~~~~~~~~~~~~~~~~~~~~~^~~~
+drivers/video/fbdev/sis/init301.c:851:42: note: remove extraneous
+parentheses around the comparison to silence this warning
+ } else if((SiS_Pr->SiS_IF_DEF_LVDS == 1) /* ||
+ ~ ^ ~
+drivers/video/fbdev/sis/init301.c:851:42: note: use '=' to turn this
+equality comparison into an assignment
+ } else if((SiS_Pr->SiS_IF_DEF_LVDS == 1) /* ||
+ ^~
+ =
+1 warning generated.
+
+Remove the parentheses and while we're at it, clean up the commented
+code, which has been here since the beginning of git history.
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/118
+Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
+Cc: Thomas Winischhofer <thomas@winischhofer.net>
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/video/fbdev/sis/init301.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/video/fbdev/sis/init301.c
++++ b/drivers/video/fbdev/sis/init301.c
+@@ -522,9 +522,7 @@ SiS_PanelDelay(struct SiS_Private *SiS_P
+ SiS_DDC2Delay(SiS_Pr, 0x4000);
+ }
+
+- } else if((SiS_Pr->SiS_IF_DEF_LVDS == 1) /* ||
+- (SiS_Pr->SiS_CustomT == CUT_COMPAQ1280) ||
+- (SiS_Pr->SiS_CustomT == CUT_CLEVO1400) */ ) { /* 315 series, LVDS; Special */
++ } else if (SiS_Pr->SiS_IF_DEF_LVDS == 1) { /* 315 series, LVDS; Special */
+
+ if(SiS_Pr->SiS_IF_DEF_CH70xx == 0) {
+ PanelID = SiS_GetReg(SiS_Pr->SiS_P3d4,0x36);
--- /dev/null
+From: Borislav Petkov <bp@suse.de>
+Date: Sun, 19 Apr 2020 09:59:03 +0200
+Subject: x86/mitigations: Clear CPU buffers on the SYSCALL fast path
+
+From: Borislav Petkov <bp@suse.de>
+
+The fast SYSCALL exit path returns with SYSRET to userspace after
+verifying that there's no pending work. MDS mitigation mandates that CPU
+buffers must be cleared on transition from kernel to userspace so do
+that here too.
+
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/entry/entry_64.S | 2 ++
+ arch/x86/include/asm/spec-ctrl.h | 2 ++
+ arch/x86/kernel/cpu/bugs.c | 5 +++++
+ 3 files changed, 9 insertions(+)
+
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -218,6 +218,8 @@ entry_SYSCALL_64_fastpath:
+ testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
+ jnz int_ret_from_sys_call_irqs_off /* Go to the slow path */
+
++ call mds_user_clear_buffers
++
+ movq RIP(%rsp), %rcx
+ movq EFLAGS(%rsp), %r11
+ RESTORE_C_REGS_EXCEPT_RCX_R11
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -85,4 +85,6 @@ static inline void speculative_store_byp
+ extern void speculation_ctrl_update(unsigned long tif);
+ extern void speculation_ctrl_update_current(void);
+
++extern void mds_user_clear_buffers(void);
++
+ #endif
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -263,6 +263,11 @@ static int __init mds_cmdline(char *str)
+ }
+ early_param("mds", mds_cmdline);
+
++void mds_user_clear_buffers(void)
++{
++ mds_user_clear_cpu_buffers();
++}
++
+ #undef pr_fmt
+ #define pr_fmt(fmt) "TAA: " fmt
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
