From 48a75cc6fff77579c2314eacc7fb4ab9c39ae6e2 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 30 Mar 2021 17:59:22 -0400 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...dac-and-adc-vol-tlv-values-being-off.patch | 54 +++++++++++ ...dac-and-adc-vol-tlv-values-being-off.patch | 54 +++++++++++ ...t-dap_avc_ctrl-register-to-correct-d.patch | 72 +++++++++++++++ ...-inode-under-running-transaction-in-.patch | 91 +++++++++++++++++++ ...ext4-fix-bh-ref-count-on-error-paths.patch | 43 +++++++++ ...-null-dereference-on-kmalloc-failure.patch | 64 +++++++++++++ ...i-qla2xxx-fix-broken-endif-placement.patch | 44 +++++++++ ...i-st-fix-a-use-after-free-in-st_open.patch | 42 +++++++++ queue-4.4/series | 10 ++ ...omedi-cb_pcidas-fix-request_irq-warn.patch | 49 ++++++++++ ...edi-cb_pcidas64-fix-request_irq-warn.patch | 49 ++++++++++ 11 files changed, 572 insertions(+) create mode 100644 queue-4.4/asoc-rt5640-fix-dac-and-adc-vol-tlv-values-being-off.patch create mode 100644 queue-4.4/asoc-rt5651-fix-dac-and-adc-vol-tlv-values-being-off.patch create mode 100644 queue-4.4/asoc-sgtl5000-set-dap_avc_ctrl-register-to-correct-d.patch create mode 100644 queue-4.4/ext4-do-not-iput-inode-under-running-transaction-in-.patch create mode 100644 queue-4.4/ext4-fix-bh-ref-count-on-error-paths.patch create mode 100644 queue-4.4/rpc-fix-null-dereference-on-kmalloc-failure.patch create mode 100644 queue-4.4/scsi-qla2xxx-fix-broken-endif-placement.patch create mode 100644 queue-4.4/scsi-st-fix-a-use-after-free-in-st_open.patch create mode 100644 queue-4.4/staging-comedi-cb_pcidas-fix-request_irq-warn.patch create mode 100644 queue-4.4/staging-comedi-cb_pcidas64-fix-request_irq-warn.patch diff --git a/queue-4.4/asoc-rt5640-fix-dac-and-adc-vol-tlv-values-being-off.patch b/queue-4.4/asoc-rt5640-fix-dac-and-adc-vol-tlv-values-being-off.patch new file mode 100644 index 00000000000..7a35add8504 --- /dev/null +++ b/queue-4.4/asoc-rt5640-fix-dac-and-adc-vol-tlv-values-being-off.patch @@ -0,0 +1,54 @@ +From a1a25a223d27d6d4c758e610839a4286c28110be Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Feb 2021 15:38:13 +0100 +Subject: ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor + of 10 + +From: Hans de Goede + +[ Upstream commit cfa26ed1f9f885c2fd8f53ca492989d1e16d0199 ] + +The adc_vol_tlv volume-control has a range from -17.625 dB to +30 dB, +not -176.25 dB to + 300 dB. This wrong scale is esp. a problem in userspace +apps which translate the dB scale to a linear scale. With the logarithmic +dB scale being of by a factor of 10 we loose all precision in the lower +area of the range when apps translate things to a linear scale. + +E.g. the 0 dB default, which corresponds with a value of 47 of the +0 - 127 range for the control, would be shown as 0/100 in alsa-mixer. + +Since the centi-dB values used in the TLV struct cannot represent the +0.375 dB step size used by these controls, change the TLV definition +for them to specify a min and max value instead of min + stepsize. + +Note this mirrors commit 3f31f7d9b540 ("ASoC: rt5670: Fix dac- and adc- +vol-tlv values being off by a factor of 10") which made the exact same +change to the rt5670 codec driver. + +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210226143817.84287-2-hdegoede@redhat.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5640.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/rt5640.c b/sound/soc/codecs/rt5640.c +index b1c8bb39cdf1..db7734e45dd1 100644 +--- a/sound/soc/codecs/rt5640.c ++++ b/sound/soc/codecs/rt5640.c +@@ -341,9 +341,9 @@ static bool rt5640_readable_register(struct device *dev, unsigned int reg) + } + + static const DECLARE_TLV_DB_SCALE(out_vol_tlv, -4650, 150, 0); +-static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0); ++static const DECLARE_TLV_DB_MINMAX(dac_vol_tlv, -6562, 0); + static const DECLARE_TLV_DB_SCALE(in_vol_tlv, -3450, 150, 0); +-static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0); ++static const DECLARE_TLV_DB_MINMAX(adc_vol_tlv, -1762, 3000); + static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0); + + /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */ +-- +2.30.1 + diff --git a/queue-4.4/asoc-rt5651-fix-dac-and-adc-vol-tlv-values-being-off.patch b/queue-4.4/asoc-rt5651-fix-dac-and-adc-vol-tlv-values-being-off.patch new file mode 100644 index 00000000000..3ca92a7ad8a --- /dev/null +++ b/queue-4.4/asoc-rt5651-fix-dac-and-adc-vol-tlv-values-being-off.patch @@ -0,0 +1,54 @@ +From 6fca3dbe795c4ddeff7cf6b15b79121abb3fbb8b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Feb 2021 15:38:14 +0100 +Subject: ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor + of 10 + +From: Hans de Goede + +[ Upstream commit eee51df776bd6cac10a76b2779a9fdee3f622b2b ] + +The adc_vol_tlv volume-control has a range from -17.625 dB to +30 dB, +not -176.25 dB to + 300 dB. This wrong scale is esp. a problem in userspace +apps which translate the dB scale to a linear scale. With the logarithmic +dB scale being of by a factor of 10 we loose all precision in the lower +area of the range when apps translate things to a linear scale. + +E.g. the 0 dB default, which corresponds with a value of 47 of the +0 - 127 range for the control, would be shown as 0/100 in alsa-mixer. + +Since the centi-dB values used in the TLV struct cannot represent the +0.375 dB step size used by these controls, change the TLV definition +for them to specify a min and max value instead of min + stepsize. + +Note this mirrors commit 3f31f7d9b540 ("ASoC: rt5670: Fix dac- and adc- +vol-tlv values being off by a factor of 10") which made the exact same +change to the rt5670 codec driver. + +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210226143817.84287-3-hdegoede@redhat.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5651.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/rt5651.c b/sound/soc/codecs/rt5651.c +index 1d4031818966..883b93f0bd38 100644 +--- a/sound/soc/codecs/rt5651.c ++++ b/sound/soc/codecs/rt5651.c +@@ -286,9 +286,9 @@ static bool rt5651_readable_register(struct device *dev, unsigned int reg) + } + + static const DECLARE_TLV_DB_SCALE(out_vol_tlv, -4650, 150, 0); +-static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0); ++static const DECLARE_TLV_DB_MINMAX(dac_vol_tlv, -6562, 0); + static const DECLARE_TLV_DB_SCALE(in_vol_tlv, -3450, 150, 0); +-static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0); ++static const DECLARE_TLV_DB_MINMAX(adc_vol_tlv, -1762, 3000); + static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0); + + /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */ +-- +2.30.1 + diff --git a/queue-4.4/asoc-sgtl5000-set-dap_avc_ctrl-register-to-correct-d.patch b/queue-4.4/asoc-sgtl5000-set-dap_avc_ctrl-register-to-correct-d.patch new file mode 100644 index 00000000000..94fc7fc80b8 --- /dev/null +++ b/queue-4.4/asoc-sgtl5000-set-dap_avc_ctrl-register-to-correct-d.patch @@ -0,0 +1,72 @@ +From 94e511ea71fd1499c5fc4d8023879831af0d446c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Feb 2021 13:33:08 -0500 +Subject: ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on + probe + +From: Benjamin Rood + +[ Upstream commit f86f58e3594fb0ab1993d833d3b9a2496f3c928c ] + +According to the SGTL5000 datasheet [1], the DAP_AVC_CTRL register has +the following bit field definitions: + +| BITS | FIELD | RW | RESET | DEFINITION | +| 15 | RSVD | RO | 0x0 | Reserved | +| 14 | RSVD | RW | 0x1 | Reserved | +| 13:12 | MAX_GAIN | RW | 0x1 | Max Gain of AVC in expander mode | +| 11:10 | RSVD | RO | 0x0 | Reserved | +| 9:8 | LBI_RESP | RW | 0x1 | Integrator Response | +| 7:6 | RSVD | RO | 0x0 | Reserved | +| 5 | HARD_LMT_EN | RW | 0x0 | Enable hard limiter mode | +| 4:1 | RSVD | RO | 0x0 | Reserved | +| 0 | EN | RW | 0x0 | Enable/Disable AVC | + +The original default value written to the DAP_AVC_CTRL register during +sgtl5000_i2c_probe() was 0x0510. This would incorrectly write values to +bits 4 and 10, which are defined as RESERVED. It would also not set +bits 12 and 14 to their correct RESET values of 0x1, and instead set +them to 0x0. While the DAP_AVC module is effectively disabled because +the EN bit is 0, this default value is still writing invalid values to +registers that are marked as read-only and RESERVED as well as not +setting bits 12 and 14 to their correct default values as defined by the +datasheet. + +The correct value that should be written to the DAP_AVC_CTRL register is +0x5100, which configures the register bits to the default values defined +by the datasheet, and prevents any writes to bits defined as +'read-only'. Generally speaking, it is best practice to NOT attempt to +write values to registers/bits defined as RESERVED, as it generally +produces unwanted/undefined behavior, or errors. + +Also, all credit for this patch should go to my colleague Dan MacDonald + for finding this error in the first +place. + +[1] https://www.nxp.com/docs/en/data-sheet/SGTL5000.pdf + +Signed-off-by: Benjamin Rood +Reviewed-by: Fabio Estevam +Link: https://lore.kernel.org/r/20210219183308.GA2117@ubuntu-dev +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/sgtl5000.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c +index a3dd7030f629..321b1ac52bfd 100644 +--- a/sound/soc/codecs/sgtl5000.c ++++ b/sound/soc/codecs/sgtl5000.c +@@ -78,7 +78,7 @@ static const struct reg_default sgtl5000_reg_defaults[] = { + { SGTL5000_DAP_EQ_BASS_BAND4, 0x002f }, + { SGTL5000_DAP_MAIN_CHAN, 0x8000 }, + { SGTL5000_DAP_MIX_CHAN, 0x0000 }, +- { SGTL5000_DAP_AVC_CTRL, 0x0510 }, ++ { SGTL5000_DAP_AVC_CTRL, 0x5100 }, + { SGTL5000_DAP_AVC_THRESHOLD, 0x1473 }, + { SGTL5000_DAP_AVC_ATTACK, 0x0028 }, + { SGTL5000_DAP_AVC_DECAY, 0x0050 }, +-- +2.30.1 + diff --git a/queue-4.4/ext4-do-not-iput-inode-under-running-transaction-in-.patch b/queue-4.4/ext4-do-not-iput-inode-under-running-transaction-in-.patch new file mode 100644 index 00000000000..61abd5e5a7f --- /dev/null +++ b/queue-4.4/ext4-do-not-iput-inode-under-running-transaction-in-.patch @@ -0,0 +1,91 @@ +From 894390f9c01926de8a73805913fba5bd4f06de97 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 3 Mar 2021 21:17:03 +0800 +Subject: ext4: do not iput inode under running transaction in ext4_rename() + +From: zhangyi (F) + +[ Upstream commit 5dccdc5a1916d4266edd251f20bbbb113a5c495f ] + +In ext4_rename(), when RENAME_WHITEOUT failed to add new entry into +directory, it ends up dropping new created whiteout inode under the +running transaction. After commit <9b88f9fb0d2> ("ext4: Do not iput inode +under running transaction"), we follow the assumptions that evict() does +not get called from a transaction context but in ext4_rename() it breaks +this suggestion. Although it's not a real problem, better to obey it, so +this patch add inode to orphan list and stop transaction before final +iput(). + +Signed-off-by: zhangyi (F) +Link: https://lore.kernel.org/r/20210303131703.330415-2-yi.zhang@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/namei.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c +index 6168bcdadeba..f22fcb393684 100644 +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -3554,7 +3554,7 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, + */ + retval = -ENOENT; + if (!old.bh || le32_to_cpu(old.de->inode) != old.inode->i_ino) +- goto end_rename; ++ goto release_bh; + + if ((old.dir != new.dir) && + ext4_encrypted_inode(new.dir) && +@@ -3569,7 +3569,7 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, + if (IS_ERR(new.bh)) { + retval = PTR_ERR(new.bh); + new.bh = NULL; +- goto end_rename; ++ goto release_bh; + } + if (new.bh) { + if (!new.inode) { +@@ -3586,15 +3586,13 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, + handle = ext4_journal_start(old.dir, EXT4_HT_DIR, credits); + if (IS_ERR(handle)) { + retval = PTR_ERR(handle); +- handle = NULL; +- goto end_rename; ++ goto release_bh; + } + } else { + whiteout = ext4_whiteout_for_rename(&old, credits, &handle); + if (IS_ERR(whiteout)) { + retval = PTR_ERR(whiteout); +- whiteout = NULL; +- goto end_rename; ++ goto release_bh; + } + } + +@@ -3702,16 +3700,18 @@ end_rename: + ext4_resetent(handle, &old, + old.inode->i_ino, old_file_type); + drop_nlink(whiteout); ++ ext4_orphan_add(handle, whiteout); + } + unlock_new_inode(whiteout); ++ ext4_journal_stop(handle); + iput(whiteout); +- ++ } else { ++ ext4_journal_stop(handle); + } ++release_bh: + brelse(old.dir_bh); + brelse(old.bh); + brelse(new.bh); +- if (handle) +- ext4_journal_stop(handle); + return retval; + } + +-- +2.30.1 + diff --git a/queue-4.4/ext4-fix-bh-ref-count-on-error-paths.patch b/queue-4.4/ext4-fix-bh-ref-count-on-error-paths.patch new file mode 100644 index 00000000000..db44dfd3624 --- /dev/null +++ b/queue-4.4/ext4-fix-bh-ref-count-on-error-paths.patch @@ -0,0 +1,43 @@ +From e454ac629fbadb84dc9e9b9cf1fb6e23e476227f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Mar 2021 17:42:31 +0800 +Subject: ext4: fix bh ref count on error paths + +From: Zhaolong Zhang + +[ Upstream commit c915fb80eaa6194fa9bd0a4487705cd5b0dda2f1 ] + +__ext4_journalled_writepage should drop bhs' ref count on error paths + +Signed-off-by: Zhaolong Zhang +Link: https://lore.kernel.org/r/1614678151-70481-1-git-send-email-zhangzl2013@126.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/inode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 4c32a484f8bc..6551f08e89a7 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -1824,13 +1824,13 @@ static int __ext4_journalled_writepage(struct page *page, + if (!ret) + ret = err; + +- if (!ext4_has_inline_data(inode)) +- ext4_walk_page_buffers(NULL, page_bufs, 0, len, +- NULL, bput_one); + ext4_set_inode_state(inode, EXT4_STATE_JDATA); + out: + unlock_page(page); + out_no_pagelock: ++ if (!inline_data && page_bufs) ++ ext4_walk_page_buffers(NULL, page_bufs, 0, len, ++ NULL, bput_one); + brelse(inode_bh); + return ret; + } +-- +2.30.1 + diff --git a/queue-4.4/rpc-fix-null-dereference-on-kmalloc-failure.patch b/queue-4.4/rpc-fix-null-dereference-on-kmalloc-failure.patch new file mode 100644 index 00000000000..45eb742e928 --- /dev/null +++ b/queue-4.4/rpc-fix-null-dereference-on-kmalloc-failure.patch @@ -0,0 +1,64 @@ +From 5b3f7f099ea8f2961ea317d50ec69ab8ffe54af9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Mar 2021 10:48:38 -0500 +Subject: rpc: fix NULL dereference on kmalloc failure + +From: J. Bruce Fields + +[ Upstream commit 0ddc942394013f08992fc379ca04cffacbbe3dae ] + +I think this is unlikely but possible: + +svc_authenticate sets rq_authop and calls svcauth_gss_accept. The +kmalloc(sizeof(*svcdata), GFP_KERNEL) fails, leaving rq_auth_data NULL, +and returning SVC_DENIED. + +This causes svc_process_common to go to err_bad_auth, and eventually +call svc_authorise. That calls ->release == svcauth_gss_release, which +tries to dereference rq_auth_data. + +Signed-off-by: J. Bruce Fields +Link: https://lore.kernel.org/linux-nfs/3F1B347F-B809-478F-A1E9-0BE98E22B0F0@oracle.com/T/#t +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + net/sunrpc/auth_gss/svcauth_gss.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c +index 91263d6a103b..bb8b0ef5de82 100644 +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -1697,11 +1697,14 @@ static int + svcauth_gss_release(struct svc_rqst *rqstp) + { + struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; +- struct rpc_gss_wire_cred *gc = &gsd->clcred; ++ struct rpc_gss_wire_cred *gc; + struct xdr_buf *resbuf = &rqstp->rq_res; + int stat = -EINVAL; + struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); + ++ if (!gsd) ++ goto out; ++ gc = &gsd->clcred; + if (gc->gc_proc != RPC_GSS_PROC_DATA) + goto out; + /* Release can be called twice, but we only wrap once. */ +@@ -1742,10 +1745,10 @@ out_err: + if (rqstp->rq_cred.cr_group_info) + put_group_info(rqstp->rq_cred.cr_group_info); + rqstp->rq_cred.cr_group_info = NULL; +- if (gsd->rsci) ++ if (gsd && gsd->rsci) { + cache_put(&gsd->rsci->h, sn->rsc_cache); +- gsd->rsci = NULL; +- ++ gsd->rsci = NULL; ++ } + return stat; + } + +-- +2.30.1 + diff --git a/queue-4.4/scsi-qla2xxx-fix-broken-endif-placement.patch b/queue-4.4/scsi-qla2xxx-fix-broken-endif-placement.patch new file mode 100644 index 00000000000..562af1b057b --- /dev/null +++ b/queue-4.4/scsi-qla2xxx-fix-broken-endif-placement.patch @@ -0,0 +1,44 @@ +From f256b4a05bdc2eb7956a0d16ae97615720f626af Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 14 Mar 2021 18:32:46 +0300 +Subject: scsi: qla2xxx: Fix broken #endif placement + +From: Alexey Dobriyan + +[ Upstream commit 5999b9e5b1f8a2f5417b755130919b3ac96f5550 ] + +Only half of the file is under include guard because terminating #endif +is placed too early. + +Link: https://lore.kernel.org/r/YE4snvoW1SuwcXAn@localhost.localdomain +Reviewed-by: Himanshu Madhani +Signed-off-by: Alexey Dobriyan +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/qla2xxx/qla_target.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/qla2xxx/qla_target.h b/drivers/scsi/qla2xxx/qla_target.h +index bca584ae45b7..7a6fafa8ba56 100644 +--- a/drivers/scsi/qla2xxx/qla_target.h ++++ b/drivers/scsi/qla2xxx/qla_target.h +@@ -112,7 +112,6 @@ + (min(1270, ((ql) > 0) ? (QLA_TGT_DATASEGS_PER_CMD_24XX + \ + QLA_TGT_DATASEGS_PER_CONT_24XX*((ql) - 1)) : 0)) + #endif +-#endif + + #define GET_TARGET_ID(ha, iocb) ((HAS_EXTENDED_IDS(ha)) \ + ? le16_to_cpu((iocb)->u.isp2x.target.extended) \ +@@ -323,6 +322,7 @@ struct ctio_to_2xxx { + #ifndef CTIO_RET_TYPE + #define CTIO_RET_TYPE 0x17 /* CTIO return entry */ + #define ATIO_TYPE7 0x06 /* Accept target I/O entry for 24xx */ ++#endif + + struct fcp_hdr { + uint8_t r_ctl; +-- +2.30.1 + diff --git a/queue-4.4/scsi-st-fix-a-use-after-free-in-st_open.patch b/queue-4.4/scsi-st-fix-a-use-after-free-in-st_open.patch new file mode 100644 index 00000000000..70636c9b7d6 --- /dev/null +++ b/queue-4.4/scsi-st-fix-a-use-after-free-in-st_open.patch @@ -0,0 +1,42 @@ +From db13da030627c20bd86506a98947c417056610aa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 22:46:36 -0800 +Subject: scsi: st: Fix a use after free in st_open() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lv Yunlong + +[ Upstream commit c8c165dea4c8f5ad67b1240861e4f6c5395fa4ac ] + +In st_open(), if STp->in_use is true, STp will be freed by +scsi_tape_put(). However, STp is still used by DEBC_printk() after. It is +better to DEBC_printk() before scsi_tape_put(). + +Link: https://lore.kernel.org/r/20210311064636.10522-1-lyl2019@mail.ustc.edu.cn +Acked-by: Kai Mäkisara +Signed-off-by: Lv Yunlong +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/st.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c +index 088a68ab4246..3a3876091a9d 100644 +--- a/drivers/scsi/st.c ++++ b/drivers/scsi/st.c +@@ -1267,8 +1267,8 @@ static int st_open(struct inode *inode, struct file *filp) + spin_lock(&st_use_lock); + if (STp->in_use) { + spin_unlock(&st_use_lock); +- scsi_tape_put(STp); + DEBC_printk(STp, "Device already in use.\n"); ++ scsi_tape_put(STp); + return (-EBUSY); + } + +-- +2.30.1 + diff --git a/queue-4.4/series b/queue-4.4/series index d63543cac89..37817f7baed 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1,2 +1,12 @@ selinux-vsock-set-sid-for-socket-returned-by-accept.patch ipv6-weaken-the-v4mapped-source-check.patch +ext4-fix-bh-ref-count-on-error-paths.patch +rpc-fix-null-dereference-on-kmalloc-failure.patch +asoc-rt5640-fix-dac-and-adc-vol-tlv-values-being-off.patch +asoc-rt5651-fix-dac-and-adc-vol-tlv-values-being-off.patch +asoc-sgtl5000-set-dap_avc_ctrl-register-to-correct-d.patch +scsi-st-fix-a-use-after-free-in-st_open.patch +scsi-qla2xxx-fix-broken-endif-placement.patch +staging-comedi-cb_pcidas-fix-request_irq-warn.patch +staging-comedi-cb_pcidas64-fix-request_irq-warn.patch +ext4-do-not-iput-inode-under-running-transaction-in-.patch diff --git a/queue-4.4/staging-comedi-cb_pcidas-fix-request_irq-warn.patch b/queue-4.4/staging-comedi-cb_pcidas-fix-request_irq-warn.patch new file mode 100644 index 00000000000..0853d5951ce --- /dev/null +++ b/queue-4.4/staging-comedi-cb_pcidas-fix-request_irq-warn.patch @@ -0,0 +1,49 @@ +From cee5aecd61a0a1ffc620c2ed6889d4185dea8b3e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Mar 2021 15:59:14 -0400 +Subject: staging: comedi: cb_pcidas: fix request_irq() warn + +From: Tong Zhang + +[ Upstream commit 2e5848a3d86f03024ae096478bdb892ab3d79131 ] + +request_irq() wont accept a name which contains slash so we need to +repalce it with something else -- otherwise it will trigger a warning +and the entry in /proc/irq/ will not be created +since the .name might be used by userspace and we don't want to break +userspace, so we are changing the parameters passed to request_irq() + +[ 1.630764] name 'pci-das1602/16' +[ 1.630950] WARNING: CPU: 0 PID: 181 at fs/proc/generic.c:180 __xlate_proc_name+0x93/0xb0 +[ 1.634009] RIP: 0010:__xlate_proc_name+0x93/0xb0 +[ 1.639441] Call Trace: +[ 1.639976] proc_mkdir+0x18/0x20 +[ 1.641946] request_threaded_irq+0xfe/0x160 +[ 1.642186] cb_pcidas_auto_attach+0xf4/0x610 [cb_pcidas] + +Suggested-by: Ian Abbott +Reviewed-by: Ian Abbott +Signed-off-by: Tong Zhang +Link: https://lore.kernel.org/r/20210315195914.4801-1-ztong0001@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/comedi/drivers/cb_pcidas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/staging/comedi/drivers/cb_pcidas.c b/drivers/staging/comedi/drivers/cb_pcidas.c +index 3ea15bb0e56e..15b9cc8531f0 100644 +--- a/drivers/staging/comedi/drivers/cb_pcidas.c ++++ b/drivers/staging/comedi/drivers/cb_pcidas.c +@@ -1290,7 +1290,7 @@ static int cb_pcidas_auto_attach(struct comedi_device *dev, + devpriv->amcc + AMCC_OP_REG_INTCSR); + + ret = request_irq(pcidev->irq, cb_pcidas_interrupt, IRQF_SHARED, +- dev->board_name, dev); ++ "cb_pcidas", dev); + if (ret) { + dev_dbg(dev->class_dev, "unable to allocate irq %d\n", + pcidev->irq); +-- +2.30.1 + diff --git a/queue-4.4/staging-comedi-cb_pcidas64-fix-request_irq-warn.patch b/queue-4.4/staging-comedi-cb_pcidas64-fix-request_irq-warn.patch new file mode 100644 index 00000000000..48ece7cc64f --- /dev/null +++ b/queue-4.4/staging-comedi-cb_pcidas64-fix-request_irq-warn.patch @@ -0,0 +1,49 @@ +From 181740241540ee925f278eeaa30545fba8c47b07 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Mar 2021 15:58:12 -0400 +Subject: staging: comedi: cb_pcidas64: fix request_irq() warn + +From: Tong Zhang + +[ Upstream commit d2d106fe3badfc3bf0dd3899d1c3f210c7203eab ] + +request_irq() wont accept a name which contains slash so we need to +repalce it with something else -- otherwise it will trigger a warning +and the entry in /proc/irq/ will not be created +since the .name might be used by userspace and we don't want to break +userspace, so we are changing the parameters passed to request_irq() + +[ 1.565966] name 'pci-das6402/16' +[ 1.566149] WARNING: CPU: 0 PID: 184 at fs/proc/generic.c:180 __xlate_proc_name+0x93/0xb0 +[ 1.568923] RIP: 0010:__xlate_proc_name+0x93/0xb0 +[ 1.574200] Call Trace: +[ 1.574722] proc_mkdir+0x18/0x20 +[ 1.576629] request_threaded_irq+0xfe/0x160 +[ 1.576859] auto_attach+0x60a/0xc40 [cb_pcidas64] + +Suggested-by: Ian Abbott +Reviewed-by: Ian Abbott +Signed-off-by: Tong Zhang +Link: https://lore.kernel.org/r/20210315195814.4692-1-ztong0001@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/comedi/drivers/cb_pcidas64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/staging/comedi/drivers/cb_pcidas64.c b/drivers/staging/comedi/drivers/cb_pcidas64.c +index d33b8fe872a7..93d8c0b06d55 100644 +--- a/drivers/staging/comedi/drivers/cb_pcidas64.c ++++ b/drivers/staging/comedi/drivers/cb_pcidas64.c +@@ -4040,7 +4040,7 @@ static int auto_attach(struct comedi_device *dev, + init_stc_registers(dev); + + retval = request_irq(pcidev->irq, handle_interrupt, IRQF_SHARED, +- dev->board_name, dev); ++ "cb_pcidas64", dev); + if (retval) { + dev_dbg(dev->class_dev, "unable to allocate irq %u\n", + pcidev->irq); +-- +2.30.1 + -- 2.47.3