From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 23 Sep 2021 14:23:11 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.285~48
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8fcfec0362aeceebd7be0eeb2fe2bd481bdaa787;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	staging-android-ion-fix-page-is-null.patch
---

diff --git a/queue-4.9/series b/queue-4.9/series
index ad7768d3725..79afb71734d 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -5,3 +5,4 @@ arm-9077-1-plt-move-struct-plt_entries-definition-to-header.patch
 arm-9078-1-add-warn-suppress-parameter-to-arm_gen_branch_link.patch
 arm-9079-1-ftrace-add-module_plts-support.patch
 arm-9098-1-ftrace-module_plt-fix-build-problem-without-dynamic_ftrace.patch
+staging-android-ion-fix-page-is-null.patch
diff --git a/queue-4.9/staging-android-ion-fix-page-is-null.patch b/queue-4.9/staging-android-ion-fix-page-is-null.patch
new file mode 100644
index 00000000000..2024a42e952
--- /dev/null
+++ b/queue-4.9/staging-android-ion-fix-page-is-null.patch
@@ -0,0 +1,65 @@
+From cs.os.kernel@gmail.com  Thu Sep 23 16:22:16 2021
+From: Cheng Chao <cs.os.kernel@gmail.com>
+Date: Thu, 23 Sep 2021 22:18:14 +0800
+Subject: staging: android: ion: fix page is NULL
+To: labbott@redhat.com, sumit.semwal@linaro.org, gregkh@linuxfoundation.org, arve@android.com, riandrews@android.com, devel@driverdev.osuosl.org
+Cc: stable@vger.kernel.org, Cheng Chao <cs.os.kernel@gmail.com>
+Message-ID: <20210923141814.1109472-1-cs.os.kernel@gmail.com>
+
+From: Cheng Chao <cs.os.kernel@gmail.com>
+
+Fixes: commit e7f63771b60e ("ION: Sys_heap: Add cached pool to spead up cached buffer alloc")
+the commit e7f63771b60e introduced the bug which didn't test page which maybe NULL.
+and previous logic was right.
+
+the e7f63771b60e has been merged in v4.8-rc3, only longterm 4.9.x has this bug,
+and other longterm/stable version have not.
+
+kernel panic is here when page is NULL:
+
+Unable to handle kernel paging request at virtual address b0380000
+pgd = d9d94000
+[b0380000] *pgd=00000000
+Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
+...
+task: daa2dd00 task.stack: da194000
+PC is at v7_dma_clean_range+0x1c/0x34
+LR is at arm_dma_sync_single_for_device+0x44/0x58
+pc : [<c011aa0c>]    lr : [<c011645c>]    psr: 200f0013
+sp : da195da0  ip : dc1f9000  fp : c1043dc4
+r10: 00000000  r9 : c16f1f58  r8 : 00000001
+r7 : c1621f94  r6 : c0116418  r5 : 00000000  r4 : c011aa58
+r3 : 0000003f  r2 : 00000040  r1 : b0480000  r0 : b0380000
+Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
+Control: 10c5383d  Table: 19d9406a  DAC: 00000051
+...
+[<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
+[<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
+[<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
+[<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
+[<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
+[<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
+[<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
+[<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
+[<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
+Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
+---[ end trace 89278304932c0e87 ]---
+Kernel panic - not syncing: Fatal exception
+
+Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/android/ion/ion_system_heap.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/android/ion/ion_system_heap.c
++++ b/drivers/staging/android/ion/ion_system_heap.c
+@@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(st
+ 
+ 	page = ion_page_pool_alloc(pool);
+ 
+-	if (cached)
++	if (page && cached)
+ 		ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
+ 					  DMA_BIDIRECTIONAL);
+ 	return page;