Merge tag 'char-misc-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

}

static void binder_transaction_buffer_release(struct binder_proc *proc,

					      struct binder_thread *thread,

					      struct binder_buffer *buffer,

					      binder_size_t failed_at,

					      bool is_failure)

						&proc->alloc, &fd, buffer,

						offset, sizeof(fd));

				WARN_ON(err);

				if (!err)

				if (!err) {

					binder_deferred_fd_close(fd);

					/*

					 * Need to make sure the thread goes

					 * back to userspace to complete the

					 * deferred close

					 */

					if (thread)

						thread->looper_need_return = true;

				}

			}

		} break;

		default:

	if (reply) {

		binder_enqueue_thread_work(thread, tcomplete);

		binder_inner_proc_lock(target_proc);

		if (target_thread->is_dead || target_proc->is_frozen) {

			return_error = target_thread->is_dead ?

				BR_DEAD_REPLY : BR_FROZEN_REPLY;

		if (target_thread->is_dead) {

			return_error = BR_DEAD_REPLY;

			binder_inner_proc_unlock(target_proc);

			goto err_dead_proc_or_thread;

		}

err_copy_data_failed:

	binder_free_txn_fixups(t);

	trace_binder_transaction_failed_buffer_release(t->buffer);

	binder_transaction_buffer_release(target_proc, t->buffer,

	binder_transaction_buffer_release(target_proc, NULL, t->buffer,

					  buffer_offset, true);

	if (target_node)

		binder_dec_node_tmpref(target_node);

 * Cleanup buffer and free it.

 */

static void

binder_free_buf(struct binder_proc *proc, struct binder_buffer *buffer)

binder_free_buf(struct binder_proc *proc,

		struct binder_thread *thread,

		struct binder_buffer *buffer)

{

	binder_inner_proc_lock(proc);

	if (buffer->transaction) {

		binder_node_inner_unlock(buf_node);

	}

	trace_binder_transaction_buffer_release(buffer);

	binder_transaction_buffer_release(proc, buffer, 0, false);

	binder_transaction_buffer_release(proc, thread, buffer, 0, false);

	binder_alloc_free_buf(&proc->alloc, buffer);

}

				     proc->pid, thread->pid, (u64)data_ptr,

				     buffer->debug_id,

				     buffer->transaction ? "active" : "finished");

			binder_free_buf(proc, buffer);

			binder_free_buf(proc, thread, buffer);

			break;

		}

			buffer->transaction = NULL;

			binder_cleanup_transaction(t, "fd fixups failed",

						   BR_FAILED_REPLY);

			binder_free_buf(proc, buffer);

			binder_free_buf(proc, thread, buffer);

			binder_debug(BINDER_DEBUG_FAILED_TRANSACTION,

				     "%d:%d %stransaction %d fd fixups failed %d/%d, line %d\n",

				     proc->pid, thread->pid,

	return 0;

}

static bool binder_txns_pending_ilocked(struct binder_proc *proc)

{

	struct rb_node *n;

	struct binder_thread *thread;

	if (proc->outstanding_txns > 0)

		return true;

	for (n = rb_first(&proc->threads); n; n = rb_next(n)) {

		thread = rb_entry(n, struct binder_thread, rb_node);

		if (thread->transaction_stack)

			return true;

	}

	return false;

}

static int binder_ioctl_freeze(struct binder_freeze_info *info,

			       struct binder_proc *target_proc)

{

			(!target_proc->outstanding_txns),

			msecs_to_jiffies(info->timeout_ms));

	if (!ret && target_proc->outstanding_txns)

	/* Check pending transactions that wait for reply */

	if (ret >= 0) {

		binder_inner_proc_lock(target_proc);

		if (binder_txns_pending_ilocked(target_proc))

			ret = -EAGAIN;

		binder_inner_proc_unlock(target_proc);

	}

	if (ret < 0) {

		binder_inner_proc_lock(target_proc);

{

	struct binder_proc *target_proc;

	bool found = false;

	__u32 txns_pending;

	info->sync_recv = 0;

	info->async_recv = 0;

		if (target_proc->pid == info->pid) {

			found = true;

			binder_inner_proc_lock(target_proc);

			info->sync_recv |= target_proc->sync_recv;

			txns_pending = binder_txns_pending_ilocked(target_proc);

			info->sync_recv |= target_proc->sync_recv |

					(txns_pending << 1);

			info->async_recv |= target_proc->async_recv;

			binder_inner_proc_unlock(target_proc);

		}

 *                        binder transactions

 *                        (protected by @inner_lock)

 * @sync_recv:            process received sync transactions since last frozen

 *                        bit 0: received sync transaction after being frozen

 *                        bit 1: new pending sync transaction during freezing

 *                        (protected by @inner_lock)

 * @async_recv:           process received async transactions since last frozen

 *                        (protected by @inner_lock)

	mutex_lock(&dev->mutex);

	rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file);

	mutex_unlock(&dev->mutex);

	kfree(insns);

	return rc;

}

{

	unsigned int irq_base, nr_irqs;

	struct dfl_feature_info *finfo;

	u8 revision = 0;

	int ret;

	u8 revision;

	u64 v;

	if (fid != FEATURE_ID_AFU) {

		v = readq(binfo->ioaddr + ofst);

		revision = FIELD_GET(DFH_REVISION, v);

		/* read feature size and id if inputs are invalid */

		size = size ? size : feature_size(v);

		fid = fid ? fid : feature_id(v);

	}

	if (binfo->len - ofst < size)

		return -EINVAL;

		goto fail;

	get_status(spi, &status);

	if (test_bit(FAIL, &status))

	if (test_bit(FAIL, &status)) {

		ret = -EINVAL;

		goto fail;

	}

	dump_status_reg(&status);

	spi_message_init(&msg);

	dump_status_reg(&status);

	if (!test_bit(DONE, &status)) {

		machxo2_cleanup(mgr);

		ret = -EINVAL;

		goto fail;

	}

			break;

		if (++refreshloop == MACHXO2_MAX_REFRESH_LOOP) {

			machxo2_cleanup(mgr);

			ret = -EINVAL;

			goto fail;

		}

	} while (1);